open a website after logging in perl script
Sat, 31 Jul 2010 02:50:52 -0400
SugarCRM version 6 was released early this month, and it looks pretty nice. The problem is that the new user interface is reserved for the Professional and Enterprise Editions of SugarCRM. This seems to be part of a trend with many open source projects: give the community a taste of the product but the really good features are to be reserved for the versions that you pay for. I understand why an open source company would decide to go down this route and it’s not a bad business model really. But, when you charge $360/year/user, that’s when I begin to lose interest. So for a Sales company of 50 Sales reps to use the Professional Edition of SugarCRM, they would need to shell out $18,000 per year. That’s pre-hardware cost. I have nothing against SugarCRM (actually I like it as a product). However, the cost is just too high to justify when comparable alternatives exist.
After SugarCRM, the next open source CRM that everyone talks about is vTiger. vTiger actually advertises with the tag line of “Tired of kinda, sorta Open Source?”. After all of the positive recommendations, I decided that it’s time to give it a serious try. In the past, everytime I’ve tried getting vTiger to work using the precompiled .bin file, it didn’t work right for me. So I decided to take a crack at it from source, which turned out to be pretty easy. Below is a step-by-step howto for install vTiger on Ubuntu v10.04 from source. NOTE: This is simply a tutorial for getting vTiger CRM up and running. Make sure to read vTiger’s User Documentation on how to properly set the permissions to the files to appropriately lock it down prior to deployment
1.) Download the vTiger source
wget http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.2.0%20VB2/vtigercrm-5.2.0-vb2.tar.gz/download
2.) Install all the required libraries, MySQL, and PHP via APT
sudo apt-get install binutils cpp flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev gcc libpng12-dev libjpeg62-dev libfreetype6-dev libssl-dev libxml2-dev libxml2 apache2 php5-mysql libapache2-mod-php5 mysql-server php5-gd php5-imap
3.) Configure Apache: /etc/apache2/sites-available/default (this is just a basic Apache, you can customize for your own purposes)
<VirtualHost *:80>
ServerName tiger.mydomain.com
DocumentRoot /var/www
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
ServerSignature Off
</VirtualHost>
4.) Give the access to these files: sudo chmod -R a+rw
sudo chmod -R a+rw config.inc.php
sudo chmod -R a+rw tabdata.php
sudo chmod -R a+rw install.php
sudo chmod -R a+rw parent_tabdata.php
sudo chmod -R a+rw cache
sudo chmod -R a+rw cache/images/
sudo chmod -R a+rw cache/import/
sudo chmod -R a+rw storage/
sudo chmod -R a+rw install/
sudo chmod -R a+rw user_privileges/
sudo chmod -R a+rw Smarty/cache/
sudo chmod -R a+rw Smarty/templates_c/
sudo chmod -R a+rw modules/Emails/templates/
sudo chmod -R a+rw modules/
sudo chmod -R a+rw cron/modules/
sudo chmod -R a+rw test/vtlib/
sudo chmod -R a+rw backup/
sudo chmod -R a+rw Smarty/templates/modules/
sudo chmod -R a+rw test/wordtemplatedownload/
sudo chmod -R a+rw test/product/
sudo chmod -R a+rw test/user/
sudo chmod -R a+rw test/contact/
sudo chmod -R a+rw test/logo/
sudo chmod -R a+rw logs/
sudo chmod -R a+rw modules/Webmails/tmp/
5.) Open a browser and go to the vTiger URL: http://vtiger.mydomain.com
Start the Installation process by going to the new vtiger URL that you created.
6.) Update /etc/php5/apache2/php.ini (make appropriate modifications, restart apache, check again)
When you open the a browser and begin the install process, it will tell you the recommended settings for PHP (this forum post has many of the changes that need to be made). After modifying the php.ini file, restart apache and click “Check again”. Everything should show up as ready.
If preinstall items still show up as missing, restart apache. If the database will be on the same machine as vTiger, you can set the database host as localhost and maker sure to create a new db user:
# mysql -u root -p
mysql> CREATE DATABASE vtiger_db DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
mysql> GRANT ALL ON vtiger_db.* TO ‘vtigeruser’@'localhost’ IDENTIFIED BY ‘SET_PASSWORD_HERE’;
Installing the Customer Portal Plugin to vTiger
So, after trying out vTiger for a bit, I wanted to test drive the customer portal plugin. This looked like a very simple install according to the vTiger Customer Portal User Guide, and it would have been had I disabled Deprecated warnings from PHP. It’s 3 simple steps:
From the Wiki:
1. Download the vtiger_Customer_Portal_4_2.zip file from the http://prdownloads.sourceforge.net/vtigercrm/vtiger_Customer_Portal_4_2.zip?download
2.Extract the vtiger_Customer_Portal_4_2.zip file to an appropriate location in your Web site. After extracting the file structure will be <Web Site>/vtigerCRM/customerportal/<Portal related Files>. You can also modify the directory structure as per your Web site file conventions.
3. Modify the PortalConfig.php file present under vtigerCRM/customerportal/ as given below:
Server_Path: Specify the absolute path (URL) of the vtiger CRM server. For example, if your vtiger CRM server is running at http://vtigercrm.com/demo means you need to specify the Server_Path as given below:
$Server_Path = "http://vtigercrm.com/demo";Authenticate_Path: Specify the absolute path (URL) of the vtiger Customer Portal directory in your Web site. For example, if you have extracted the vtiger Customer Portal related files in to your Web site at http://vtiger.com/demo/portal means you need to specify the value for Authenticate_Path parameter as given below:
$Authenticate_Path = "http://vtiger.com/demo/portal";Now save the PortalConfig.php file.
Now, at this point, everything should be ready. I created a test customer portal account without any issue, but when attempting to login, I received this error: “Could not connect to server. Please contact the administrator.” After spending some time on the forums and trying out different things (here and here, and various others), I started looking directly at the code. Specifically, /customerportal/CustomerAuthenticate.php, which has a nice little block of code commented out with the following comment above the code block:
//Uncomment the following lines to get the error message in login screen itself.
Excellent. I uncomment the block and see this error: XML error parsing SOAP payload on line 2: Not well-formed (invalid token). After some more forum searching, I finally just opened the URL in a browser and found that the error was being thrown because Apache was returning Deprecated warning messages for some of the functions in the PHP libraries. Then it was just a matter of updating /etc/php5/apache2/php.ini:
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED
Restart Apache and everything should be all set! NOTE: If you were following along exactly, make sure to re-comment out that block of code in /customerportal/CustomerAuthenticate.php that returned the error.
I still haven’t decided if I am settling with vTiger or if I will be going with something else. However, I went through the trouble of getting it up and running on Ubuntu and didn’t see any good tutorials on how to do this (except one good forum post), so I thought I’d share the howto. I hope this helps!
References:
- Slashdot: SugarCRM 6 Released, But Is It Open Source?
- vTiger 510 Installation on Linux
- vTiger Installation on Ubuntu v9.04
- vTiger CRM Installation Manual
- How to disable PHP 5.3 Deprecated errors
# OpenSUSE 11.3 Perfect Server ISPConfig script by George Yohng (georgesc#oss3d.com)
# Script Version 1.3
# Do zypper update and reboot before running this script
# Also better change host name (file HOSTNAME) manually before running this script, though looks like it's not necessary
# This script requires two manual actions.
# First - when mysql_secure_install is running. One should type a new mysql password, the same as here
# Second - for ISPConfig3 update. One should type 'svn' when the update type is asked
# For both of scripts, all other options are default, one can just press ENTER.
# Also, please change MYSQLROOTPASS below, and be sure to enter it verbatim
# during the installation of mysql_secure_install.
# Important: When setting an MX entry, point it to mail.yourdomain.com rather than
# just to yourdomain.com, and create a CNAME entry for mail. Otherwise it doesn't
# seem to work somehow.
THIS_PLATFORM=x86_64
MYSQLROOTPASS=87h4eq2jr2
# Change this to your server name. By default it's configured to server1.mydomain.com
# If your web site hosts a complete domain, such as domain.com, still leave
# something for MY_HOSTNAME. 'server1' or 'host' is a good name.
MY_HOSTNAME=server1
MY_DOMAIN=mydomain.com
# Packages may have been updated, therefore also check the RPM and TARGZ locations below,
# and preferably use the latest versions of everything.
GETMAIL_RPM=http://download.opensuse.org/repositories/server:/mail/openSUSE_11.3/noarch/getmail-4.20.0-1.1.noarch.rpm
MAILDROP_RPM=http://download.opensuse.org/repositories/server:/mail/openSUSE_11.3/$THIS_PLATFORM/maildrop-2.4.0-1.1.$THIS_PLATFORM.rpm
PAM_MYSQL_TARGZ=http://heanet.dl.sourceforge.net/sourceforge/pam-mysql/pam_mysql-0.7RC1.tar.gz
SUPHP_RPM=http://download.opensuse.org/repositories/server:/php/openSUSE_11.3/$THIS_PLATFORM/suphp-0.7.1-3.1.$THIS_PLATFORM.rpm
AWSTATS_RPM=http://download.opensuse.org/repositories/network:/utilities/openSUSE_11.3/noarch/awstats-6.95-3.1.noarch.rpm
SQUIRRELMAIL_RPM=http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_11.3/noarch/squirrelmail-1.4.20-1.1.noarch.rpm
JAILKIT_TARGZ=http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz
PHPMYADMIN_RPM=http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_11.3/noarch/phpMyAdmin-3.3.4-1.1.noarch.rpm
MYDNS_RPM=http://mydns.bboy.net/download/mydns-mysql-1.1.0-1.i386.rpm
VLOGGER_TARGZ=http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
RDIFF_BACKUP_TARGZ=http://savannah.nongnu.org/download/rdiff-backup/rdiff-backup-1.2.8.tar.gz
EACCELERATOR_TARGZ=http://bart.eaccelerator.net/source/0.9.6.1/eaccelerator-0.9.6.1.tar.bz2
ISPCONFIG_TAR_GZ=http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.2.2.tar.gz?use_mirror=
MY_FULLHOSTNAME=$MY_HOSTNAME.$MY_DOMAIN
# Disable apparmor
/etc/init.d/boot.apparmor stop
chkconfig -d boot.apparmor
# Allow ports through firewall
SuSEfirewall2 open EXT TCP 21 80 8080 25 143 465 585 993 30000:30500
SuSEfirewall2
# Switch off X login (check!)
chkconfig --del xdm
rcxdm stop
# Quota
yast2 -i quota
touch /aquota.user /aquota.group
chmod 600 /aquota.*
touch /srv/aquota.user /srv/aquota.group
chmod 600 /srv/aquota.*
# TODO: change fstab here
mount -o remount /
mount -o remount /srv
mount -o remount /home
quotacheck -avugm
quotaon -avug
# Basic packages
yast2 -i mc
yast2 -i findutils readline libgcc glibc-devel findutils-locate gcc flex lynx compat-readline4 db-devel wget gcc-c++ subversion make vim telnet cron iptables iputils man man-pages nano pico
# Host name
echo $MY_FULLHOSTNAME > /etc/HOSTNAME
echo 127.0.0.2 $MY_FULLHOSTNAME $MY_HOSTNAME >> /etc/hosts
echo 69.46.236.210 mydns.bboy.net >> /etc/hosts
export HOST=$MY_FULLHOSTNAME
export HOSTNAME=$MY_FULLHOSTNAME
SuSEconfig
# Postfix, Courier, Saslauthd, MySQL
yast2 -i postfix postfix-mysql mysql-community-server mysql-community-server-client mysql-community-server-tools
yast2 -i courier-imap courier-authlib courier-authlib-mysql python cron cyrus-sasl cyrus-sasl-crammd5
yast2 -i cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-otp cyrus-sasl-plain cyrus-sasl-saslauthd libmysqlclient-devel pwgen
chkconfig --add mysql
chkconfig --add postfix
chkconfig --add saslauthd
chkconfig --add fam
chkconfig --add courier-authdaemon
chkconfig --add courier-pop
chkconfig --add courier-imap
chkconfig --add courier-pop-ssl
chkconfig --add courier-imap-ssl
/etc/init.d/mysql start
/etc/init.d/postfix start
/etc/init.d/saslauthd start
/etc/init.d/courier-pop start
/etc/init.d/courier-imap start
/etc/init.d/courier-pop-ssl start
/etc/init.d/courier-imap-ssl start
# getmail
cd /tmp
rpm -i $GETMAIL_RPM
rpm --force -i $MAILDROP_RPM
# pam
yast2 -i pam-devel pam-32bit pam-devel-32bit pam-modules-32bit
# pam_mysql
cd /tmp
wget -c $PAM_MYSQL_TARGZ
tar xvfz pam_mysql-*.tar.gz
rm -rf pam_mysql-*.tar.gz
cd pam_mysql-*
./configure
make
make install
cd /tmp
rm -rf /tmp/pam_mysql-*
test -d /lib64 && cp /lib/security/pam_mysql* /lib64/security
# mysql_secure_installation
mysql_secure_installation
#(echo Y; echo $MYSQLROOTPASS; echo $MYSQLROOTPASS; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; )
# amavis, spam asassin, etc
yast2 -i spamassassin amavisd-new clamav clamav-db zoo unzip unrar bzip2 unarj perl-DBD-mysql
sa-update
# TODO: change /etc/amavisd.conf
#$mydomain = "$MY_DOMAIN"; # a convenient default for other settings
#$myhostname = "$MY_HOSTNAME";
sed -i 's/\$mydomain = '\''example.com'\'';/\$mydomain='\'$MY_DOMAIN\'';\n\$myhostname='\'$MY_FULLHOSTNAME\'';/g' /etc/amavisd.conf
# Correct a path to clamd socket
sed -i 's,/var/run/clamav/clamd,/var/lib/clamav/clamd-socket,g' /etc/amavisd.conf
chkconfig --add amavis
chkconfig --add clamd
/etc/init.d/amavis start
/etc/init.d/clamd start
# Courier IMAP, listen on external ports
sed -i 's/^ADDRESS=127.0.0.1/ADDRESS=0/g' /etc/courier/imapd
# Apache2
yast2 -i apache2 apache2-mod_fcgid
yast2 -i php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dom php5-ftp php5-gd php5-gettext php5-gmp php5-iconv php5-imap php5-ldap php5-mbstring php5-mcrypt php5-mysql php5-odbc php5-openssl php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp php5-soap php5-sockets php5-sqlite php5-sysvsem php5-tokenizer php5-wddx php5-xmlrpc php5-xsl php5-zlib php5-exif php5-fastcgi php5-pear php5-sysvmsg php5-sysvshm ImageMagick curl apache2-mod_php5
rpm -i $SUPHP_RPM
a2enmod suexec
a2enmod rewrite
a2enmod ssl
a2enmod actions
a2enmod suphp
a2enmod fcgid
chown root:www /usr/sbin/suexec2
chmod 4755 /usr/sbin/suexec2
chkconfig --add apache2
/etc/init.d/apache2 start
# PhpMyAdmin
rpm -i $PHPMYADMIN_RPM
# FTP
yast2 -i pure-ftpd quota
sed -i 's/NoRename.*yes/NoRename no/g' /etc/pure-ftpd/pure-ftpd.conf
sed -i 's/AutoRename.*yes/AutoRename no/g' /etc/pure-ftpd/pure-ftpd.conf
sed -i 's/# PassivePortRange.*30000 50000/PassivePortRange 30000 30500/g' /etc/pure-ftpd/pure-ftpd.conf
sed -i 's/^Umask\ *177\:077$/Umask 137:037/' /etc/pure-ftpd/pure-ftpd.conf
chkconfig --add pure-ftpd
/etc/init.d/pure-ftpd start
# MyDNS
rpm -ivh --force $MYDNS_RPM
# MyDNS script
cat > /etc/init.d/mydns <<EOFMARKER
#! /bin/sh
# Copyright (c) 1995-2004 SUSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Kurt Garloff
# Please send feedback to http://www.suse.de/feedback/
#
# /etc/init.d/mydns
# and its symbolic link
# /(usr/)sbin/rcmydns
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Template system startup script for some example service/daemon mydns
#
# LSB compatible service control script; see http://www.linuxbase.org/spec/
#
# Note: This template uses functions rc_XXX defined in /etc/rc.status on
# UnitedLinux (UL) based Linux distributions. If you want to base your
# script on this template and ensure that it works on non UL based LSB
# compliant Linux distributions, you either have to provide the rc.status
# functions from UL or change the script to work without them.
#
### BEGIN INIT INFO
# Provides: mydns
# Required-Start: \$syslog \$remote_fs mysql
# Should-Start: \$time ypbind sendmail
# Required-Stop: \$syslog \$remote_fs
# Should-Stop: \$time ypbind sendmail
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: mydns XYZ daemon providing ZYX
# Description: Start mydns to allow XY and provide YZ
# continued on second line by '#<TAB>'
# should contain enough info for the runlevel editor
# to give admin some idea what this service does and
# what it's needed for ...
# (The Short-Description should already be a good hint.)
### END INIT INFO
#
# Any extensions to the keywords given above should be preceeded by
# X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB.
#
# Notes on Required-Start/Should-Start:
# * There are two different issues that are solved by Required-Start
# and Should-Start
# (a) Hard dependencies: This is used by the runlevel editor to determine
# which services absolutely need to be started to make the start of
# this service make sense. Example: nfsserver should have
# Required-Start: \$portmap
# Also, required services are started before the dependent ones.
# The runlevel editor will warn about such missing hard dependencies
# and suggest enabling. During system startup, you may expect an error,
# if the dependency is not fulfilled.
# (b) Specifying the init script ordering, not real (hard) dependencies.
# This is needed by insserv to determine which service should be
# started first (and at a later stage what services can be started
# in parallel). The tag Should-Start: is used for this.
# It tells, that if a service is available, it should be started
# before. If not, never mind.
# * When specifying hard dependencies or ordering requirements, you can
# use names of services (contents of their Provides: section)
# or pseudo names starting with a \$. The following ones are available
# according to LSB (1.1):
# \$local_fs all local file systems are mounted
# (most services should need this!)
# \$remote_fs all remote file systems are mounted
# (note that /usr may be remote, so
# many services should Require this!)
# \$syslog system logging facility up
# \$network low level networking (eth card, ...)
# \$named hostname resolution available
# \$netdaemons all network daemons are running
# The \$netdaemons pseudo service has been removed in LSB 1.2.
# For now, we still offer it for backward compatibility.
# These are new (LSB 1.2):
# \$time the system time has been set correctly
# \$portmap SunRPC portmapping service available
# UnitedLinux extensions:
# \$ALL indicates that a script should be inserted
# at the end
# * The services specified in the stop tags
# (Required-Stop/Should-Stop)
# specify which services need to be still running when this service
# is shut down. Often the entries there are just copies or a subset
# from the respective start tag.
# * Should-Start/Stop are now part of LSB as of 2.0,
# formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop.
# insserv does support both variants.
# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time
# (%fillup_and_insserv macro in %post of many RPMs) to specify whether
# a startup script should default to be enabled after installation.
# It's not used by insserv.
#
# Note on runlevels:
# 0 - halt/poweroff 6 - reboot
# 1 - single user 2 - multiuser without network exported
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
#
# Note on script names:
# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
# A registry has been set up to manage the init script namespace.
# http://www.lanana.org/
# Please use the names already registered or register one or use a
# vendor prefix.
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
MYDNS_BIN=/usr/sbin/mydns
test -x \$MYDNS_BIN || { echo "\$mydns_BIN not installed";
if [ "\$1" = "stop" ]; then exit 0;
else exit 5; fi; }
# Check for existence of needed config file and read it
#MYDNS_CONFIG=/etc/sysconfig/mydns
#test -r \$MYDNS_CONFIG || { echo "\$mydns_CONFIG not existing";
# if [ "\$1" = "stop" ]; then exit 0;
# else exit 6; fi; }
# Read config
#. \$MYDNS_CONFIG
# Source LSB init functions
# providing start_daemon, killproc, pidofproc,
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
. /etc/rc.status
# Reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - user had insufficient privileges
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.
case "\$1" in
start)
echo -n "Starting mydns "
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
startproc \$MYDNS_BIN
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down mydns "
## Stop daemon with killproc(8) and if this fails
## killproc sets the return value according to LSB.
killproc -TERM \$MYDNS_BIN
# Remember status and be verbose
rc_status -v
;;
try-restart|condrestart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
if test "\$1" = "condrestart"; then
echo "\${attn} Use try-restart \${done}(LSB)\${attn} rather than condrestart \${warn}(RH)\${norm}"
fi
\$0 status
if test \$? = 0; then
\$0 restart
else
rc_reset # Not running is not a failure.
fi
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
\$0 stop
\$0 start
# Remember status and be quiet
rc_status
;;
force-reload)
## Signal the daemon to reload its config. Most daemons
## do this on signal 1 (SIGHUP).
## If it does not support it, restart.
echo -n "Reload service mydns "
## if it supports it:
killproc -HUP \$MYDNS_BIN
#touch /var/run/mydns.pid
rc_status -v
## Otherwise:
#\$0 try-restart
#rc_status
;;
reload)
## Like force-reload, but if daemon does not support
## signaling, do nothing (!)
# If it supports signaling:
echo -n "Reload service mydns "
killproc -HUP \$MYDNS_BIN
#touch /var/run/mydns.pid
rc_status -v
## Otherwise if it does not support reload:
#rc_failed 3
#rc_status -v
;;
status)
echo -n "Checking for service mydns "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
checkproc \$MYDNS_BIN
# NOTE: rc_status knows that we called this init script with
# "status" option and adapts its messages accordingly.
rc_status -v
;;
probe)
## Optional: Probe for the necessity of a reload, print out the
## argument to this init script which is required for a reload.
## Note: probe is not (yet) part of LSB (as of 1.9)
test /etc/mydns/mydns.conf -nt /var/run/mydns.pid && echo reload
;;
*)
echo "Usage: \$0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit
EOFMARKER
chmod 755 /etc/init.d/mydns
chkconfig --add mydns
# VLOGGER, WEBALIZER
cd /tmp
wget -c $VLOGGER_TARGZ
tar xvfz vlogger-*.tar.gz
rm -f vlogger-*.tar.gz
mv vlogger-*/vlogger /usr/sbin/
rm -rf vlogger*
yast2 -i webalizer perl-DateManip
# Fail2ban
yast2 -i fail2ban
chkconfig --add fail2ban
service fail2ban start
# Jailkit
cd /tmp
wget -c $JAILKIT_TARGZ
tar xvfz jailkit-*.tar.gz
rm -f jailkit-*.tar.gz
cd jailkit-*
./configure
make
make install
cd /tmp
rm -rf jailkit-*
# Synchronize system clock
yast2 -i xntp
chkconfig --add ntp
/etc/init.d/ntp start
# ISPCONFIG
cd /tmp
wget -c $ISPCONFIG_TAR_GZ
tar xvfz ISPConfig-*.tar.gz
cd ispconfig3_install/install/
(echo; echo; echo $MY_FULLHOSTNAME; echo; echo; echo $MYSQLROOTPASS; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; echo; ) | php -q install.php
cd /tmp
rm -rf /tmp/ispconfig3_install
rm -f /tmp/ISPConfig-*.tar.gz
# Squirrelmail
rpm -i $SQUIRRELMAIL_RPM
ln -s /srv/www/htdocs/squirrelmail /usr/local/ispconfig/interface/web/webmail
# Symlink
ln -s /srv/www/htdocs/phpMyAdmin /usr/local/ispconfig/interface/web/phpmyadmin
sed -i 's/\"en_US\.UTF-8/\"en_US\.ISO-8859-1/g' /etc/sysconfig/language
sed -i 's/x\-httpd\-php\=\"php\:\/usr\/bin\/php\-cgi5\"/x-httpd-php="php:\/usr\/bin\/php-cgi5"\nx-httpd-suphp="php:\/usr\/bin\/php-cgi5"/g' /etc/suphp.conf
SuSEconfig
/usr/local/bin/ispconfig_update_from_svn.sh
openssl genrsa -passout pass:0passphrase$MYSQLROOTPASS -des3 -out /etc/apache2/ssl.key/server.key 4096
(echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;) | openssl req -passin pass:0passphrase$MYSQLROOTPASS -new -key /etc/apache2/ssl.key/server.key -out /etc/apache2/ssl.csr/server.csr
openssl x509 -passin pass:0passphrase$MYSQLROOTPASS -req -days 3650 -in /etc/apache2/ssl.csr/server.csr -signkey /etc/apache2/ssl.key/server.key -out /etc/apache2/ssl.crt/server.crt
openssl rsa -passin pass:0passphrase$MYSQLROOTPASS -in /etc/apache2/ssl.key/server.key -out /etc/apache2/ssl.key/server.key.insecure
mv /etc/apache2/ssl.key/server.key /etc/apache2/ssl.key/server.key.secure
mv /etc/apache2/ssl.key/server.key.insecure /etc/apache2/ssl.key/server.key
a2enmod ssl
sed -i 's/.VirtualHost _default_\:8080./\<VirtualHost _default_\:8080\>\nSSLEngine On\nSSLCertificateFile \/etc\/apache2\/ssl.crt\/server.crt\nSSLCertificateKeyFile \/etc\/apache2\/ssl.key\/server.key/g' /etc/apache2/sites-available/ispconfig.vhost
sed -i 's/DirectoryIndex index.html index.html.var/DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php5 index.php4 index.php3 index.pl index.html.var index.aspx default.aspx/g' /etc/apache2/httpd.conf
# enable named hosts
sed -i 's/^#NameVirtualHost \*\:80$/NameVirtualHost *:80/g' /etc/apache2/listen.conf
sed -i 's,^Alias /error/,#Alias /error/,' /etc/apache2/errors.conf
sed -i 's/max_execution_time = 30/max_execution_time = 120/' /etc/php5/apache2/php.ini
sed -i 's/max_execution_time = 30/max_execution_time = 120/' /etc/php5/cli/php.ini
sed -i 's/max_execution_time = 30/max_execution_time = 120/' /etc/php5/fastcgi/php.ini
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 32M/' /etc/php5/apache2/php.ini
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 32M/' /etc/php5/cli/php.ini
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 32M/' /etc/php5/fastcgi/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 32M/' /etc/php5/apache2/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 32M/' /etc/php5/cli/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 32M/' /etc/php5/fastcgi/php.ini
rcapache2 restart
# postfix certificate
(echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;echo;) | openssl req -new -key /etc/postfix/smtpd.key -out /etc/postfix/smtpd.csr
openssl x509 -req -days 3650 -in /etc/postfix/smtpd.csr -signkey /etc/postfix/smtpd.key -out /etc/postfix/smtpd.cert
chmod o-rwx /etc/postfix/smtpd.csr
chmod o-rwx /etc/postfix/smtpd.cert
# rdiff-backup
yast2 -i python-devel librsync
cd tmp
wget -c $RDIFF_BACKUP_TARGZ
wget -c http://savannah.nongnu.org/download/rdiff-backup/rdiff-backup-1.2.8.tar.gz
tar xfz rdiff-backup-*.tar.gz
rm -f rdiff-backup-*.tar.gz
cd rdiff-backup-*
./setup.py install
cd /tmp
rm -rf rdiff-backup-*
yast2 -i iptraf iftop
# create backup script
mkdir /backup
chown root:root /backup
mkdir /srvbackup_do
chown root:root /srvbackup_do
chmod og-rwx /srvbackup_do
cat > /srvbackup_do/dobackup.sh <<EOFMARKER2
#!/bin/bash
cd /srvbackup_do
sync
mysqladmin -p$MYSQLROOTPASS refresh
mysqlcheck -p$MYSQLROOTPASS -A --auto-repair
mysqldump -p$MYSQLROOTPASS --all-databases >mysqldump.sql
chmod og-rw mysqldump.sql
/usr/local/bin/rdiff-backup --preserve-numerical-ids --exclude /tmp --exclude /backup --exclude /mnt --exclude /proc --exclude /dev --exclude /sys --exclude /var/lib/ntp/proc --exclude /media --exclude /var/tmp / /backup/$MY_FULLHOSTNAME
EOFMARKER2
chown root:root /srvbackup_do/dobackup.sh
chmod og-rwx /srvbackup_do/dobackup.sh
chmod u+x /srvbackup_do/dobackup.sh
echo '51 3 * * * /srvbackup_do/dobackup.sh >> /var/log/backuplog 2>&1' >>/var/spool/cron/tabs/root
# Fail2ban config
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.def
cat > /etc/fail2ban/jail.conf <<EOFMARKER3
# Fail2Ban configuration file
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1
# "bantime" is the number of seconds that a host is banned.
bantime = 600
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
# "backend" specifies the backend used to get files modification. Available
# options are "gamin", "polling" and "auto". This option can be overridden in
# each jail too (use "gamin" for a jail and "polling" for another).
#
# gamin: requires Gamin (a file alteration monitor) to be installed. If Gamin
# is not installed, Fail2ban will use polling.
# polling: uses a polling algorithm which does not require external libraries.
# auto: will choose Gamin if available and polling otherwise.
backend = auto
# This jail corresponds to the standard configuration in Fail2ban 0.6.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/messages
maxretry = 5
[ssh-ddos-iptables]
enabled = true
filter = sshd-ddos
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/messages
maxretry = 5
[proftpd-iptables]
enabled = true
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
logpath = /var/log/messages
maxretry = 6
[pure-ftpd-iptables]
enabled = true
filter = pure-ftpd
action = iptables[name=PureFTPD, port=ftp, protocol=tcp]
logpath = /var/log/messages
maxretry = 6
[courier-imap-iptables]
enabled = true
filter = courierlogin
action = iptables[name=CourierIMAP, port=ftp, protocol=tcp]
logpath = /var/log/messages
maxretry = 6
# This jail forces the backend to "polling".
[sasl-iptables]
enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
logpath = /var/log/mail
# Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
# used to avoid banning the user "myuser".
[ssh-tcpwrapper]
enabled = true
filter = sshd
action = hostsdeny
ignoreregex = for myuser from
logpath = /var/log/messages
[ssh-ddos-tcpwrapper]
enabled = true
filter = sshd-ddos
action = hostsdeny
ignoreregex = for myuser from
logpath = /var/log/messages
# This jail demonstrates the use of wildcards in "logpath".
# Moreover, it is possible to give other files on a new line.
[apache-tcpwrapper]
enabled = true
filter = apache-auth
action = hostsdeny
logpath = /var/log/apache2/error_log
maxretry = 6
# The hosts.deny path can be defined with the "file" argument if it is
# not in /etc.
[postfix-tcpwrapper]
enabled = true
filter = postfix
action = hostsdeny
logpath = /var/log/mail
bantime = 300
# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
[apache-badbots]
enabled = true
filter = apache-badbots
action = iptables[name=BadBots1, port=http, protocol=tcp]
iptables[name=BadBots2, port=https, protocol=tcp]
logpath = /var/log/apache2/access_log
bantime = 172800
maxretry = 1
[php-url-fopen]
enabled = false
port = http,https
filter = php-url-fopen
logpath = /var/log/apache2/access_log
maxretry = 1
EOFMARKER3
# Ensure fail2ban recreates a socket file
# Because otherwise after a server crash, fail2ban won't restart
sed -i 's/-q start/-x -q start/' /etc/init.d/fail2ban
# Fix pure-ftpd regexp
sed -i 's/[)][?]: [(][.][+][?]@<HOST>[)] \\\[/)\?: \\(.+?@<HOST>\\) \\[/' /etc/fail2ban/filter.d/pure-ftpd.conf
service fail2ban restart
# Fix getmail user to allow running from cron
sed -i 's/getmail:[!]:/getmail:*:/' /etc/shadow
# Install AWSTATS
rpm -ivh $AWSTATS_RPM
cp /etc/awstats/awstats.web.conf /etc/awstats/awstats.conf
sed -i 's,^<IfDefine,#<IfDefine,' /etc/apache2/conf.d/awstats.conf
sed -i 's,^</IfDefine,#</IfDefine,' /etc/apache2/conf.d/awstats.conf
rcapache2 restart
mysqladmin -p$MYSQLROOTPASS refresh
mysqldump -u root -p$MYSQLROOTPASS dbispconfig server >/tmp/server.sql
sed -i 's,\\nawstats_data_dir=[^\\]*\\n,\\nawstats_data_dir=/var/cache/awstats\\n,' /tmp/server.sql
sed -i 's,\\nawstats_pl=[^\\]*\\n,\\nawstats_pl=/srv/www/cgi-bin/awstats.pl\\n,' /tmp/server.sql
sed -i 's,\\nawstats_buildstaticpages_pl=[^\\]*\\n,\\nawstats_buildstaticpages_pl=/usr/share/doc/packages/awstats/examples/awstats_buildstaticpages.pl\\n,' /tmp/server.sql
mysql -u root -p$MYSQLROOTPASS dbispconfig </tmp/server.sql
rm -rf /tmp/server.sql
#sed -i 's,^#LoadPlugin=\"geoipfree\",LoadPlugin=\"geoipfree\",' /etc/awstats/awstats.conf
sed -i 's,^Max\([^=]*\)= 10$,Max\1= 25,' /etc/awstats/awstats.conf
sed -i 's,^StyleSheet=\"[^\"]*\",StyleSheet=\"\",' /etc/awstats/awstats.conf
# Install eAccelerator
yast2 -i php5-devel
cd /tmp
wget $EACCELERATOR_TGZ
tar xvfj eaccelerator-*.bz2
rm -rf eaccelerator-*.bz2
cd eaccelerator-*
phpize
# the flag is specified to prevent openbasedir limitations with ispconfig
./configure --without-eaccelerator-use-inode
make
make install
cd ..
rm -rf eaccelerator-*
cat > /etc/php5/conf.d/eaccelerator.ini <<EOFMARKER4
extension="eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/var/cache/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
EOFMARKER4
mkdir -p /var/cache/eaccelerator
chmod 0777 /var/cache/eaccelerator
rcapache2 restart
