Instalacija web panela/setup servera

NKOTB · prosinac 2024 11:41 6

Nisam neki stručnjak ali pokušavam sam sebi olakšati neke stvari prilikom postavke novog servera.

Ako bi svako dodao po neki “tip”, na ovaj post, olakšali bi jedni drugima.

Koristim HestiaCP Web Panel.

Skriptica (pokrenuti kao root korisnik) bash setup.sh :

Instalira “sudo”,
Kreira novog korisnika/dodaje u sudo “grupu”,
Mijenja konfiguraciju SSH

Port 5521 (Promijeniti po želji)
PermitRootLogin no
PermitEmptyPasswords no
PasswordAuthentication no
PrintLastLog no
(Restartuje SSH)

Dodaj alias “update” na novokreiranog korisnika, kad kucate samo “update”, pokrenuti će se “sudo apt-get clean && sudo apt update && sudo apt upgrade && sudo apt-get dist-upgrade && sudo apt-get full-upgrade && sudo apt autoremove --purge -y”
Mijenja vremensku zonu u Europe/Sarajevo.
Poslije toga pokreće klasičnu instalaciju za HestiaCP Web Panel.

Poslije instalacije HestiaCP Web Panela, može se kreirati SSH Key u Web Panelu, na linku https://ip:port/list/key/. Prije toga kreirati key:

ssh-keygen -t rsa -b 4096 -f ~/.ssh/key

#!/bin/bash

if ! which sudo > /dev/null 2>&1; then
    echo "Instaliram sudo..."
    apt-get update && apt-get install -y sudo
    if [ $? -ne 0 ]; then
		echo "################################################"
        echo "##### Greska: SUDO instalacija nije uspjela ####"
		echo "################################################"
        exit 1
    fi
else
	echo "################################################"
    echo "############## Sudo instaliran #################"
	echo "################################################"
fi

if [ $(id -u) -eq 0 ]; then
	echo "################################################"
    echo "########## Unesite korisnicko ime ##############"
	echo "################################################"
    read -p "Korisnicko ime : " username
	echo "################################################"
    echo "############### Unesi lozinku ##################"
	echo "################################################"
    read -s -p "Lozinka : " password
    egrep "^$username" /etc/passwd >/dev/null
    if [ $? -eq 0 ]; then
		echo "################################################"
        echo "########### $username vec postoji! #############"
		echo "################################################"
        exit 1
    else
        useradd -m "$username"
        echo "$username:$password" | chpasswd
        if [ $? -eq 0 ]; then
			echo "################################################"
            echo "############## Korisnik kreiran! ###############"
			echo "################################################"
        else
			echo "################################################"
            echo "########### Korisnik nije kreiran! #############"
			echo "################################################"
        fi
    fi

    usermod -s /bin/bash "$username"

    chown -R "$username":"$username" /home/"$username"
    chmod 700 /home/"$username"
    chmod 644 /home/"$username"/.bashrc /home/"$username"/.profile
	
    grep -qE '^(sudo):' /etc/group
    SUDO=$?     
    if [ "${SUDO}" -eq 0 ] ; then
        usermod -aG sudo "$username" &>/dev/null
		echo "###################################################"
        echo "# Korisnik $username uspjesno dodat u sudo grupu. #"
		echo "###################################################"
    fi
else
	echo "######################################################"
    echo "### Samo root korisnik moze dodati novog korisnika ###"
	echo "######################################################"
    exit 2
fi

file="$1"
param1="Port"
param2="PermitRootLogin"
param3="PermitEmptyPasswords"
param4="PasswordAuthentication"
param5="PrintLastLog"

usage(){
  cat << EOF
    usage: $0 ARG1
EOF
}

backup_sshd_config(){
  if [ -f ${file} ]
  then
    /usr/bin/cp ${file} ${file}.1
  else
    /usr/bin/echo "Datoteka ${file} nije pronadena."
    exit 1
  fi
}

edit_sshd_config(){
  for PARAM in "$param1" "$param2" "$param3" "$param4" "$param5"
  do
    /usr/bin/sed -i '/^'"${PARAM}"'/d' ${file}
  done
  /usr/bin/echo "${param1} 5521" >> ${file}
  /usr/bin/echo "'${param1} 5521' SSH Port je sada 5521 ${file}."
  /usr/bin/echo "${param2} no" >> ${file}
  /usr/bin/echo "'${param2} no' nove postavke u datoteci ${file}."
  /usr/bin/echo "${param3} no" >> ${file}
  /usr/bin/echo "'${param3} no' nove postavke u datoteci ${file}."
  /usr/bin/echo "${param4} no" >> ${file}  # Enable password authentication
  /usr/bin/echo "'${param4} no' nove postavke u datoteci ${file}"
  /usr/bin/echo "${param5} no" >> ${file}
  /usr/bin/echo "'${param5} no' nove postavke u datoteci ${file}"
}

reload_sshd(){
  /usr/bin/systemctl reload sshd.service
  /usr/bin/echo "Restartujem '/usr/bin/systemctl reload sshd.service'...Oki doki.."
}

while getopts .h. OPTION
do
  case $OPTION in
    h)
    usage
    exit;;
    ?)
    usage
    exit;;
  esac
done

if [ -z "${file}" ]
then
    file="/etc/ssh/sshd_config"
fi
backup_sshd_config
edit_sshd_config
reload_sshd

touch "/home/$username/.hushlogin"

echo "################################################################################## LINUX UPDATE ALIAS #############################################################################################"
echo "alias update='sudo apt-get clean && sudo apt update && sudo apt upgrade && sudo apt-get dist-upgrade && sudo apt-get full-upgrade && sudo apt autoremove --purge -y'" >> "/home/$username/.bashrc"
echo "Alias 'update' dodat u .bashrc datotetku korisnika $username. Poslije prijave korisnika kucajte update za nadogradnju sistema."

echo "####################### VREMENSKA ZONA ##########################"
echo "export TZ='Europe/Sarajevo'" >> "/home/$username/.bashrc"
echo "Odabrana vremenska zona: Europe/Sarajevo za korisnika $username."


# Jesam li root korisnik?
if [ "x$(id -u)" != 'x0' ]; then
	echo 'Greska: Pokrenuti skriptu kao root korisnik'
	exit 1
fi

# Provjeri "admin" korisnika
if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ -z "$1" ]; then
	echo "Greska: korisnik admin vec postoji"
	echo
	echo 'Izbrisite admin korisnika prije pokretanja skripte.'
	echo 'Ako zelite automatsku instalaciju koristite -f opciju:'
	echo "Primjer: bash $0 --force"
	exit 1
fi

# Provjeri "admin" grupu
if [ ! -z "$(grep ^admin: /etc/group)" ] && [ -z "$1" ]; then
	echo "Greska: grupa admin vec postoji"
	echo
	echo 'Izbrisite admin grupu prije nego nastavite instalaciju.'
	echo 'Ako zelite automatsku instalaciju koristite -f opciju:'
	echo "Primjer: bash $0 --force"
	exit 1
fi

# Detektuj sistem
if [ -e "/etc/os-release" ] && [ ! -e "/etc/redhat-release" ]; then
	type=$(grep "^ID=" /etc/os-release | cut -f 2 -d '=')
	if [ "$type" = "ubuntu" ]; then
		# Check if lsb_release is installed
		if [ -e '/usr/bin/lsb_release' ]; then
			release="$(lsb_release -s -r)"
			VERSION='ubuntu'
		else
			echo "lsb_release nije instaliran:"
			echo "apt-get update && apt-get install lsb-release"
			exit 1
		fi
	elif [ "$type" = "debian" ]; then
		release=$(cat /etc/debian_version | grep -o "[0-9]\{1,2\}" | head -n1)
		VERSION='debian'
	fi
elif [ -e "/etc/os-release" ] && [ -e "/etc/redhat-release" ]; then
	type=$(grep "^ID=" /etc/os-release | cut -f 2 -d '"')
	if [ "$type" = "rhel" ]; then
		release=$(cat /etc/redhat-release | cut -f 1 -d '.' | awk '{print $3}')
		VERSION='rhel'
	elif [ "$type" = "almalinux" ]; then
		release=$(cat /etc/redhat-release | cut -f 1 -d '.' | awk '{print $3}')
		VERSION='almalinux'
	elif [ "$type" = "eurolinux" ]; then
		release=$(cat /etc/redhat-release | cut -f 1 -d '.' | awk '{print $3}')
		VERSION='eurolinux'
	elif [ "$type" = "rocky" ]; then
		release=$(cat /etc/redhat-release | cut -f 1 -d '.' | awk '{print $3}')
		VERSION='rockylinux'
	fi
else
	type="NoSupport"
fi

no_support_message() {
	echo "****************************************************"
	echo "     Sistem koji koristite (OS) nije podrzan        "
	echo "   Hestia Control Panel podrzava sljedece sistem:   "
	echo "****************************************************"
	echo "                   Debian 10, 11                    "
	echo "             Ubuntu 20.04, 22.04 LTS                "
	echo "****************************************************"
	exit 1
}

if [ "$type" = "NoSupport" ]; then
	no_support_message
fi

check_wget_curl() {
	# Provjer wget
	if [ -e '/usr/bin/wget' ]; then
		if [ -e '/etc/redhat-release' ]; then
			wget -q https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install-rhel.sh -O hst-install-rhel.sh
			if [ "$?" -eq '0' ]; then
				bash hst-install-rhel.sh $*
				exit
			else
				echo "Greska: hst-install-rhel.sh download failed."
				exit 1
			fi
		else
			wget -q https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install-$type.sh -O hst-install-$type.sh
			if [ "$?" -eq '0' ]; then
				bash hst-install-$type.sh $*
				exit
			else
				echo "Greska: hst-install-$type.sh download nije uspio."
				exit 1
			fi
		fi
	fi

	# Provjeri curl
	if [ -e '/usr/bin/curl' ]; then
		if [ -e '/etc/redhat-release' ]; then
			curl -s -O https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install-rhel.sh
			if [ "$?" -eq '0' ]; then
				bash hst-install-rhel.sh $*
				exit
			else
				echo "Greska: hst-install-rhel.sh download nije uspio."
				exit 1
			fi
		else
			curl -s -O https://raw.githubusercontent.com/hestiacp/hestiacp/release/install/hst-install-$type.sh
			if [ "$?" -eq '0' ]; then
				bash hst-install-$type.sh $*
				exit
			else
				echo "Greska: hst-install-$type.sh download nije uspio."
				exit 1
			fi
		fi
	fi
}

# Provjer sistem prije pokretanja instalacije i prikazi gresku ako nije podrzan sistem
if [[ "$release" =~ ^(10|11|12|20.04|22.04)$ ]]; then
	check_wget_curl $*
elif [[ -e "/etc/redhat-release" ]] && [[ "$release" =~ ^(8|9)$ ]]; then
	check_wget_curl $*
else
	no_support_message
fi

exit

Promjena izgleda HestiaCP Web Panela (Tailwindcss)

bash <(curl -sL https://raw.githubusercontent.com/maxizamorano/maxtheme/main/install.sh)

Kreiranje SSH Key:

ssh-keygen -t rsa -b 4096 -f ~/.ssh/key
Na windowsu ćete pronaći key u: C:/users/(korisnik)/.ssh/

U tom folderu kreirati i “config” fajl

Host Server
    HostName 123.12.123.12 
    Port 5521
    User korisnik
    IdentityFile ~/.ssh/key

NKOTB · prosinac 2024 12:06 6

##################### HTTP3 ###########################

“Što je HTTP/3? HTTP/3 je velika revizija protokola za prijenos hyperteksta (HTTP). Poboljšat će brzinu, sigurnost i pouzdanost.” Jedna od najznačajnijih promjena u HTTP/3 je usvajanje transportnog protokola QUIC. QUIC je kratica za “Quick UDP Internet Connections.” Prethodne HTTP verzije oslanjaju se na Transmission Control Protocol (TCP). Nasuprot tome, HTTP/3 koristi protokol korisničkog datagrama (UDP) kao temeljni transportni protokol. QUIC kombinira značajke TCP-a, kao što su pouzdanost i kontrola zagušenja. Također koristi brzinu i fleksibilnost UDP-a. Korištenjem QUIC-a, HTTP/3 može uspostaviti veze do 33% brže u usporedbi s HTTP/2.

Kako koristiti na HestiaCP Web Panelu.

sudo nano /etc/nginx/conf.d/domains/domena.ssl.conf

Dodati ili promijeniti (zavisi kako je vec postavljeno)
listen 443 quic reuseport default_server;
listen IP:443 ssl;
http2 on;
http3 on;
http3_hq on;
quic_retry on;
ssl_early_data on;
ssl_protocols TLSv1.2 TLSv1.3;

pronaci location / i dodati

location / {
  add_header alt-svc 'h3=":$server_port"; ma=1800';
  add_header x-quic 'h3';
}

Na HestiaCP Web Panelu treba dodati Firewall rule:

https://IP:PORT/list/firewall/

Action : Accept;
Protocol: UDP;
Port: 443;
IP Address: 0.0.0.0/0
Comment: QUIC/HTTP3

Amadex · prosinac 2024 21:12 6

Aj zalijepi ovu skriptu i na moj forum www.hostingforums.net

LoliPop · prosinac 2024 04:36 9

Predzi na aapanel-

Tvoj ?

UNOGamer · prosinac 2024 15:45 9

aaPanel je nabacan svime i svačime, previše nebitnih stvari. Hestia ima ono što meni odgovara, osnovno. Lahko je podesiti bilo šta, izmijeniti, dodati… Takođe dobar community.