Compare commits
9 Commits
0c673483c8
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
d320b3319d
|
|||
|
9c22642a4b
|
|||
|
708e0a798b
|
|||
|
f66f8faba4
|
|||
|
85fc40ac85
|
|||
|
6c20f5fb3a
|
|||
|
9039e5b282
|
|||
| c8ff688804 | |||
| 08de8bfbca |
@ -2,6 +2,7 @@ General Information:
|
||||
--------------------
|
||||
|
||||
This is a setup for a Tor based shared hosting server. It is provided as is and before putting it into production you should make changes according to your needs. This is a work in progress and you should carefully check the commit history for changes before updating.
|
||||
For a production server, at least 1TB of SSD disk space, 32GB RAM and 8 CPU cores is recommended. For a small testing/personal server, 4GB RAM and 1 CPU core is enough.
|
||||
|
||||
Translation:
|
||||
--------------------------
|
||||
@ -31,7 +32,7 @@ rm /etc/resolv.conf && echo "nameserver 1.1.1.1" > /etc/resolv.conf
|
||||
|
||||
Add additional repositories:
|
||||
```
|
||||
apt update && apt install git
|
||||
apt update && apt install git apt-transport-tor curl
|
||||
curl -sSL https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc > /etc/apt/trusted.gpg.d/torproject.gpg
|
||||
curl -sSL https://packages.sury.org/nginx/apt.gpg > /etc/apt/trusted.gpg.d/sury.gpg
|
||||
echo "deb tor://apow7mjfryruh65chtdydfmqfpj5btws7nbocgtaovhvezgccyjazpqd.onion/torproject.org/ `lsb_release -cs` main" >> /etc/apt/sources.list
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
#!/bin/sh
|
||||
# Run this script whenever nginx doesn't start up due to stale sockets
|
||||
rm -f /home/*/var/run/mysqld/mysqld.sock /home/*/var/run/mail.sock /run/nginx.sock /run/nginx/* /var/www/var/run/mysqld/mysqld.sock /var/www/var/run/mail.sock /var/spool/postfix/var/run/mysqld/mysqld.sock
|
||||
rm -f /home/*/run/mysqld/mysqld.sock /home/*/run/mail.sock /run/nginx.sock /run/nginx/* /var/www/run/mysqld/mysqld.sock /var/www/run/mail.sock /var/spool/postfix/var/run/mysqld/mysqld.sock
|
||||
|
||||
175
etc/jailkit/jk_init.ini
Normal file
175
etc/jailkit/jk_init.ini
Normal file
@ -0,0 +1,175 @@
|
||||
[uidbasics]
|
||||
# this section probably needs adjustment on 64bit systems
|
||||
# or non-Linux systems
|
||||
comment = common files for all jails that need user/group information
|
||||
paths = /lib/libnsl.so.*, /lib64/libnsl.so.*, /lib/libnss*.so.2, /lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.*, /lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.*, /lib/x86_64-linux-gnu/libnss*.so.2, /lib/arm-linux-gnueabihf/libnss*.so.2, /lib/arm-linux-gnueabihf/libnsl*.so.*, /etc/nsswitch.conf, /etc/ld.so.conf
|
||||
# Solaris needs
|
||||
# paths = /etc/default/nss, /lib/libnsl.so.1, /usr/lib/nss_*.so.1, /etc/nsswitch.conf
|
||||
|
||||
[netbasics]
|
||||
comment = common files for all jails that need any internet connectivity
|
||||
paths = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, /lib/libnss_mdns*.so.2, /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols, /etc/services
|
||||
# on Solaris devices /dev/udp and /dev/tcp might be needed too, not sure
|
||||
|
||||
[logbasics]
|
||||
comment = timezone information and log sockets
|
||||
paths = /etc/localtime
|
||||
need_logsocket = 1
|
||||
# Solaris does not need logsocket
|
||||
# but needs
|
||||
# devices = /dev/log, /dev/conslog
|
||||
|
||||
[jk_lsh]
|
||||
comment = Jailkit limited shell
|
||||
paths = /usr/sbin/jk_lsh, /etc/jailkit/jk_lsh.ini
|
||||
users = root
|
||||
groups = root
|
||||
includesections = uidbasics, logbasics
|
||||
|
||||
[limitedshell]
|
||||
comment = alias for jk_lsh
|
||||
includesections = jk_lsh
|
||||
|
||||
[cvs]
|
||||
comment = Concurrent Versions System
|
||||
paths = cvs
|
||||
devices = /dev/null
|
||||
|
||||
[git]
|
||||
comment = Fast Version Control System
|
||||
paths = /usr/bin/git*, /usr/lib/git-core, /usr/share/git-core, /usr/bin/basename, /bin/uname, /usr/bin/pager
|
||||
includesections = editors, perl
|
||||
|
||||
[scp]
|
||||
comment = ssh secure copy
|
||||
paths = scp
|
||||
includesections = netbasics, uidbasics
|
||||
devices = /dev/urandom, /dev/null
|
||||
|
||||
[sftp]
|
||||
comment = ssh secure ftp
|
||||
paths = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server, /usr/lib/openssh/sftp-server
|
||||
includesections = netbasics, uidbasics
|
||||
devices = /dev/urandom, /dev/null
|
||||
# on solaris
|
||||
#paths = /usr/lib/ssh/sftp-server
|
||||
|
||||
[ssh]
|
||||
comment = ssh secure shell
|
||||
paths = ssh
|
||||
includesections = netbasics, uidbasics
|
||||
devices = /dev/urandom, /dev/tty, /dev/null
|
||||
|
||||
[rsync]
|
||||
paths = rsync
|
||||
includesections = netbasics, uidbasics
|
||||
|
||||
[procmail]
|
||||
comment = procmail mail delivery
|
||||
paths = procmail, /bin/sh
|
||||
devices = /dev/null
|
||||
|
||||
[basicshell]
|
||||
comment = bash based shell with several basic utilities
|
||||
paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, false, fgrep, grep, gunzip, gzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, zcat, /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, /usr/lib/locale/en_US.utf8
|
||||
users = root
|
||||
groups = root
|
||||
includesections = uidbasics
|
||||
|
||||
[interactiveshell]
|
||||
comment = for ssh access to a full shell
|
||||
includesections = uidbasics, basicshell, terminfo, editors, extendedshell
|
||||
|
||||
[midnightcommander]
|
||||
comment = Midnight Commander
|
||||
paths = mc, mcedit, mcview, /usr/share/mc
|
||||
includesections = basicshell, terminfo
|
||||
|
||||
[extendedshell]
|
||||
comment = bash shell including things like awk, bzip, tail, less
|
||||
paths = awk, bzip2, bunzip2, ldd, less, clear, cut, du, find, head, less, md5sum, nice, sort, tac, tail, tr, sort, wc, watch, whoami
|
||||
includesections = basicshell, midnightcommander, editors
|
||||
|
||||
[terminfo]
|
||||
comment = terminfo databases, required for example for ncurses or vim
|
||||
paths = /etc/terminfo, /usr/share/terminfo, /lib/terminfo
|
||||
|
||||
[editors]
|
||||
comment = vim, joe and nano
|
||||
includesections = terminfo
|
||||
paths = joe, nano, vi, vim, /etc/vimrc, /etc/joe, /usr/share/vim
|
||||
|
||||
[netutils]
|
||||
comment = several internet utilities like wget, ftp, rsync, scp, ssh
|
||||
paths = wget, lynx, ftp, host, rsync, smbclient
|
||||
includesections = netbasics, ssh, sftp, scp
|
||||
|
||||
[apacheutils]
|
||||
comment = htpasswd utility
|
||||
paths = htpasswd
|
||||
|
||||
[extshellplusnet]
|
||||
comment = alias for extendedshell + netutils + apacheutils
|
||||
includesections = extendedshell, netutils, apacheutils
|
||||
|
||||
[openvpn]
|
||||
comment = jail for the openvpn daemon
|
||||
paths = /usr/sbin/openvpn
|
||||
users = root,nobody
|
||||
groups = root,nogroup
|
||||
#includesections = netbasics
|
||||
devices = /dev/urandom, /dev/random, /dev/net/tun
|
||||
includesections = netbasics, uidbasics
|
||||
need_logsocket = 1
|
||||
|
||||
[apache]
|
||||
comment = the apache webserver, very basic setup, probably too limited for you
|
||||
paths = /usr/sbin/apache
|
||||
users = root, www-data
|
||||
groups = root, www-data
|
||||
includesections = netbasics, uidbasics
|
||||
|
||||
[perl]
|
||||
comment = the perl interpreter and libraries
|
||||
paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5
|
||||
|
||||
[xauth]
|
||||
comment = getting X authentication to work
|
||||
paths = /usr/bin/X11/xauth, /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf
|
||||
|
||||
[xclients]
|
||||
comment = minimal files for X clients
|
||||
paths = /usr/X11R6/lib/X11/rgb.txt
|
||||
includesections = xauth
|
||||
|
||||
[vncserver]
|
||||
comment = the VNC server program
|
||||
paths = Xvnc, Xrealvnc, /usr/X11R6/lib/X11/fonts/
|
||||
includesections = xclients
|
||||
|
||||
[ping]
|
||||
comment = Ping program
|
||||
paths_w_setuid = /bin/ping
|
||||
|
||||
#[xterm]
|
||||
#comment = xterm
|
||||
#paths = /usr/bin/X11/xterm, /usr/share/terminfo, /etc/terminfo
|
||||
#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4
|
||||
|
||||
[php]
|
||||
comment = the php interpreter and libraries
|
||||
paths = /usr/bin/php*, composer, /usr/bin/phar*, env, /usr/lib/php, /usr/share/php, /usr/share/php*, /usr/share/zoneinfo, /usr/share/ca-certificates, /etc/ssl/certs, /usr/lib/ssl/certs, /etc/localtime
|
||||
includesections = netbasics
|
||||
|
||||
[locales]
|
||||
comment = all translations
|
||||
paths = /usr/lib/locale, /usr/share/i18n, /etc/default/locale, /etc/locale.alias
|
||||
|
||||
[custom_hosting]
|
||||
comment = custom giftGRÜN configuration
|
||||
includesections = php, git, netutils, interactiveshell, locales
|
||||
devices = /dev/zero, /dev/random
|
||||
paths = base32, base64, basenc, brotli, cksum, comm, csplit, curl, dirname, dir, expand, expr, factor, fmt, fold, gpg, id, install, join, link, mysql, mysqldump, mysqlcheck, nl, nohup, numfmt, od, openssl, paste, pr, printenv, printf, ptx, readlink, realpath, seq, sha1sum, sha224sum, sha256sum, sha384sum, sha512sum, shred, shuf, split, stat, stdbuf, sum, test, tee, timeout, tput, truncate, tsort, unexpand, uniq, unlink, unxz, unzip, vdir, which, xargs, xz, zip, zopfli, nologin, /etc/bash_completion, /etc/bash_completion.d, /usr/share/bash-completion, /etc/profile.d, /etc/ld.so.conf.d, /etc/hostname
|
||||
emptydirs = /run/mysqld, /tmp
|
||||
users = root, www-data
|
||||
groups = root, www-data
|
||||
@ -23,7 +23,7 @@ ip6tables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
#allow tor traffic
|
||||
for tor in bind debian-tor _tor-a _tor-b _tor-c _tor-d _tor-e _tor-f _tor-g _tor-h _tor-i _tor-j _tor-k _tor-l _tor-m _tor-n _tor-o _tor-p _tor-q _tor-r _tor-s; do(
|
||||
for tor in bind debian-tor _tor-a; do(
|
||||
iptables -t nat -A OUTPUT -m owner --uid-owner $tor -j RETURN
|
||||
ip6tables -t nat -A OUTPUT -m owner --uid-owner $tor -j RETURN
|
||||
iptables -A OUTPUT -m owner --uid-owner $tor -j ACCEPT
|
||||
|
||||
@ -24,7 +24,7 @@ LockPersonality=true
|
||||
SystemCallArchitectures=native
|
||||
ReadWritePaths=-/var/log/nginx/
|
||||
ReadWritePaths=-/var/lib/nginx/
|
||||
ReadWritePaths=-/var/www/var/run/
|
||||
ReadWritePaths=-/var/www/run/
|
||||
ReadWritePaths=-/var/spool/postfix/
|
||||
ReadWritePaths=-/run/
|
||||
InaccessiblePaths=-/root/
|
||||
|
||||
@ -6,18 +6,18 @@ export LANG=C.UTF-8
|
||||
export PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"
|
||||
# install all required packages
|
||||
DEBIAN_FRONTEND=noninteractive apt-get update
|
||||
DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y apt-transport-tor bash-completion bind9 brotli bzip2 ca-certificates clamav-daemon clamav-freshclam curl dovecot-imapd dovecot-lmtpd dovecot-pop3d git hardlink haveged iptables libio-socket-ip-perl libnginx-mod-http-brotli libnginx-mod-stream libsasl2-modules locales locales-all logrotate lsb-release mariadb-server nano nginx postfix postfix-mysql quota quotatool redis rspamd rsync ssh tor unzip util-linux vim wget xz-utils zip zopfli
|
||||
DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y apt-transport-tor bash-completion bind9 brotli bzip2 ca-certificates clamav-daemon clamav-freshclam curl dovecot-imapd dovecot-lmtpd dovecot-pop3d git hardlink haveged iptables jailkit libio-socket-ip-perl libnginx-mod-http-brotli libnginx-mod-stream libsasl2-modules locales locales-all logrotate lsb-release mariadb-server nano nginx postfix postfix-mysql quota quotatool redis rspamd rsync ssh tor unzip util-linux vim wget xz-utils zip zopfli
|
||||
# build dependencies
|
||||
DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y autoconf automake bison g++ gcc ghostscript gnupg libaom-dev `apt-cache search --names-only 'libargon2(-0)?-dev' | awk '{print $1;}' | head -n1` binutils-dev libbrotli-dev libbz2-dev libc-client2007e-dev libcurl4-openssl-dev libdjvulibre-dev libedit-dev `apt-cache search --names-only 'libenchant(-2)?-dev' | awk '{print $1;}' | head -n1` libffi-dev `apt-cache search --names-only libfreetype6?-dev | awk '{print $1;}' | head -n1` libfftw3-dev libfribidi-dev libgd-dev libgmp-dev libgpg-error-dev libgpgme-dev libgraphviz-dev libgs-dev libharfbuzz-dev libheif-dev libjbig-dev libjbig2dec0-dev libjxl-dev libkrb5-dev libldap2-dev liblmdb-dev liblqr-1-0-dev libmariadb-dev libonig-dev libopenexr-dev libopenjp2-7-dev libpango1.0-dev libpng-dev libpspell-dev libqdbm-dev libraqm-dev libraw-dev libreadline-dev librsvg2-dev libsasl2-dev libsodium-dev libssh2-1-dev libssl-dev libsqlite3-dev libsystemd-dev libtidy-dev libtool libwebp-dev libwmf-dev libxml2-dev libxpm-dev libxslt1-dev libzip-dev libzstd-dev make poppler-utils re2c zlib1g-dev
|
||||
DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y autoconf automake bison g++ gcc ghostscript gnupg libaom-dev $(apt-cache search --names-only 'libargon2(-0)?-dev' | awk '{print $1;}' | head -n1) binutils-dev libbrotli-dev libbz2-dev libc-client2007e-dev libcurl4-openssl-dev libdjvulibre-dev libedit-dev $(apt-cache search --names-only 'libenchant(-2)?-dev' | awk '{print $1;}' | head -n1) libffi-dev $(apt-cache search --names-only libfreetype6?-dev | awk '{print $1;}' | head -n1) libfftw3-dev libfribidi-dev libgd-dev libgmp-dev libgpg-error-dev libgpgme-dev libgraphviz-dev libgs-dev libharfbuzz-dev libheif-dev libjbig-dev libjbig2dec0-dev libjxl-dev libkrb5-dev libldap2-dev liblmdb-dev liblqr-1-0-dev libmariadb-dev libonig-dev libopenexr-dev libopenjp2-7-dev libpango1.0-dev libpng-dev libpspell-dev libqdbm-dev libraqm-dev libraw-dev libreadline-dev librsvg2-dev libsasl2-dev libsodium-dev libssh2-1-dev libssl-dev libsqlite3-dev libsystemd-dev libtidy-dev libtool libwebp-dev libwmf-dev libxml2-dev libxpm-dev libxslt1-dev libzip-dev libzstd-dev make poppler-utils re2c zlib1g-dev
|
||||
|
||||
# install nvm
|
||||
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
|
||||
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
|
||||
export NVM_DIR="$HOME/.nvm"
|
||||
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
|
||||
|
||||
# install nodejs
|
||||
nvm install node --latest-npm --default
|
||||
for old_version in `nvm ls --no-alias --no-colors | grep -v '\->' | awk '{print $1;}'`; do nvm uninstall $old_version; done
|
||||
for old_version in $(nvm ls --no-alias --no-colors | grep -v '\->' | awk '{print $1;}'); do nvm uninstall "$old_version"; done
|
||||
nvm cache clear
|
||||
|
||||
#install yarn
|
||||
@ -54,11 +54,11 @@ if [ ! -e msgpack-php ]; then
|
||||
fi
|
||||
cd ../..
|
||||
|
||||
export PROC_LIMIT=`free -g | grep Mem | awk -v nproc=$(nproc) '{print (($2 + 1) < nproc) ? ($2 + 1) : nproc;}'`
|
||||
export PROC_LIMIT=$(free -g | grep Mem | awk -v nproc=$(nproc) '{print (($2 + 1) < nproc) ? ($2 + 1) : nproc;}')
|
||||
#start build
|
||||
cd ImageMagick
|
||||
git fetch --all
|
||||
git checkout 7.1.1-36
|
||||
git checkout 7.1.1-39
|
||||
CXXFLAGS='-O3 -mtune=native -march=native' CFLAGS='-O3 -mtune=native -march=native' ./configure --without-perl --without-magick-plus-plus --disable-openmp --with-fftw --with-gslib --with-gvc --with-rsvg --with-wmf
|
||||
make -j $PROC_LIMIT install
|
||||
make distclean
|
||||
@ -67,8 +67,8 @@ cd ..
|
||||
ln -fs /usr/include/qdbm/depot.h /usr/include/depot.h
|
||||
cd php-src
|
||||
cd ext
|
||||
cd apcu && git fetch --all && git checkout v5.1.23 && cd ..
|
||||
cd php-ext-brotli && git fetch --all && git checkout 0.13.1 && cd ..
|
||||
cd apcu && git fetch --all && git checkout v5.1.24 && cd ..
|
||||
cd php-ext-brotli && git fetch --all && git checkout 0.15.0 && cd ..
|
||||
cd imagick && git fetch --all && git checkout 3.7.0 && cd ..
|
||||
cd php-gnupg && git fetch --all --recurse-submodules && git checkout gnupg-1.5.1 --recurse-submodules && cd ..
|
||||
cd php-rar && git fetch --all && git reset --hard && git checkout ab26d285759e4c917879967b09976a44829ed570
|
||||
@ -170,28 +170,28 @@ index 5e680f6..cb5bdaa 100644
|
||||
EOF
|
||||
|
||||
cd ..
|
||||
cd igbinary && git fetch --all && git checkout 3.2.15 && cd ..
|
||||
cd igbinary && git fetch --all && git checkout 3.2.16 && cd ..
|
||||
cd msgpack-php && git fetch --all && git checkout msgpack-2.2.0 && cd ..
|
||||
rm -rf ssh2-*
|
||||
curl -sSf https://pecl.php.net/get/ssh2 | tar xzvf - --exclude package.xml
|
||||
cd ..
|
||||
git fetch --all
|
||||
git fetch --all --tags
|
||||
git checkout php-8.3.9
|
||||
git checkout php-8.3.13
|
||||
./buildconf -f
|
||||
LIBS='-lgpg-error' CXXFLAGS='-O3 -mtune=native -march=native' CFLAGS='-O3 -mtune=native -march=native' ./configure -C --enable-re2c-cgoto --prefix=/usr --with-config-file-scan-dir=/etc/php/8.3/fpm/conf.d --libdir=/usr/lib/php --libexecdir=/usr/lib/php --datadir=/usr/share/php/8.3 --program-suffix=8.3 --sysconfdir=/etc --localstatedir=/var --mandir=/usr/share/man --enable-fpm --enable-cli --disable-cgi --disable-phpdbg --with-fpm-systemd --with-fpm-user=www-data --with-fpm-group=www-data --with-layout=GNU --disable-dtrace --disable-short-tags --without-valgrind --disable-shared --disable-debug --disable-rpath --without-pear --with-openssl --enable-bcmath --with-bz2 --enable-calendar --with-curl --enable-dba --with-qdbm --with-lmdb --enable-exif --enable-ftp --enable-gd --with-external-gd --with-jpeg --with-webp --with-xpm --with-freetype --enable-gd-jis-conv --with-gettext --with-gmp --with-mhash --with-imap --with-imap-ssl --with-kerberos --enable-intl --with-ldap --with-ldap-sasl --enable-mbstring --with-mysqli --with-pdo-mysql --enable-mysqlnd --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-zlib --with-libedit --with-readline --enable-shmop --enable-soap --enable-sockets --with-sodium --with-password-argon2 --with-tidy --with-xsl --with-enchant --with-pspell --with-zip --with-ffi --enable-apcu --enable-brotli --with-libbrotli --with-imagick --with-ssh2 --with-gnupg --enable-rar --enable-igbinary --with-msgpack --enable-sysvsem --enable-sysvmsg --enable-sysvshm
|
||||
LIBS='-lgpg-error' CXXFLAGS='-O3 -mtune=native -march=native' CFLAGS='-O3 -mtune=native -march=native' ./configure -C --enable-re2c-cgoto --prefix=/usr --with-config-file-scan-dir=/etc/php/8.3/fpm/conf.d --libdir=/usr/lib/php --libexecdir=/usr/lib/php --datadir=/usr/share/php/8.3 --program-suffix=8.3 --sysconfdir=/etc --localstatedir=/var --mandir=/usr/share/man --enable-fpm --enable-cli --disable-cgi --disable-phpdbg --with-fpm-systemd --with-fpm-user=www-data --with-fpm-group=www-data --with-layout=GNU --disable-dtrace --disable-short-tags --without-valgrind --disable-shared --disable-debug --disable-rpath --without-pear --with-openssl --enable-bcmath --with-bz2 --enable-calendar --with-curl --enable-dba --with-qdbm --with-lmdb --enable-exif --enable-ftp --enable-gd --with-external-gd --with-jpeg --with-webp --with-xpm --with-freetype --enable-gd-jis-conv --with-gettext --with-gmp --with-mhash --with-imap --with-imap-ssl --with-kerberos --enable-intl --with-ldap --with-ldap-sasl --enable-mbstring --with-mysqli --with-pdo-mysql --enable-mysqlnd --with-mysql-sock=/run/mysqld/mysqld.sock --with-zlib --with-libedit --with-readline --enable-shmop --enable-soap --enable-sockets --with-sodium --with-password-argon2 --with-tidy --with-xsl --with-enchant --with-pspell --with-zip --with-ffi --enable-apcu --enable-brotli --with-libbrotli --with-imagick --with-ssh2 --with-gnupg --enable-rar --enable-igbinary --with-msgpack --enable-sysvsem --enable-sysvmsg --enable-sysvshm
|
||||
make -j $PROC_LIMIT install
|
||||
make distclean
|
||||
git reset --hard
|
||||
git checkout php-8.2.21
|
||||
git checkout php-8.2.25
|
||||
./buildconf -f
|
||||
LIBS='-lgpg-error' CXXFLAGS='-O3 -mtune=native -march=native' CFLAGS='-O3 -mtune=native -march=native' ./configure -C --enable-re2c-cgoto --prefix=/usr --with-config-file-scan-dir=/etc/php/8.2/fpm/conf.d --libdir=/usr/lib/php --libexecdir=/usr/lib/php --datadir=/usr/share/php/8.2 --program-suffix=8.2 --sysconfdir=/etc --localstatedir=/var --mandir=/usr/share/man --enable-fpm --enable-cli --disable-cgi --disable-phpdbg --with-fpm-systemd --with-fpm-user=www-data --with-fpm-group=www-data --with-layout=GNU --disable-dtrace --disable-short-tags --without-valgrind --disable-shared --disable-debug --disable-rpath --without-pear --with-openssl --enable-bcmath --with-bz2 --enable-calendar --with-curl --enable-dba --with-qdbm --with-lmdb --enable-exif --enable-ftp --enable-gd --with-external-gd --with-jpeg --with-webp --with-xpm --with-freetype --enable-gd-jis-conv --with-gettext --with-gmp --with-mhash --with-imap --with-imap-ssl --with-kerberos --enable-intl --with-ldap --with-ldap-sasl --enable-mbstring --with-mysqli --with-pdo-mysql --enable-mysqlnd --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-zlib --with-libedit --with-readline --enable-shmop --enable-soap --enable-sockets --with-sodium --with-password-argon2 --with-tidy --with-xsl --with-enchant --with-pspell --with-zip --with-ffi --enable-apcu --enable-brotli --with-libbrotli --with-imagick --with-ssh2 --with-gnupg --enable-rar --enable-igbinary --with-msgpack --enable-sysvsem --enable-sysvmsg --enable-sysvshm
|
||||
LIBS='-lgpg-error' CXXFLAGS='-O3 -mtune=native -march=native' CFLAGS='-O3 -mtune=native -march=native' ./configure -C --enable-re2c-cgoto --prefix=/usr --with-config-file-scan-dir=/etc/php/8.2/fpm/conf.d --libdir=/usr/lib/php --libexecdir=/usr/lib/php --datadir=/usr/share/php/8.2 --program-suffix=8.2 --sysconfdir=/etc --localstatedir=/var --mandir=/usr/share/man --enable-fpm --enable-cli --disable-cgi --disable-phpdbg --with-fpm-systemd --with-fpm-user=www-data --with-fpm-group=www-data --with-layout=GNU --disable-dtrace --disable-short-tags --without-valgrind --disable-shared --disable-debug --disable-rpath --without-pear --with-openssl --enable-bcmath --with-bz2 --enable-calendar --with-curl --enable-dba --with-qdbm --with-lmdb --enable-exif --enable-ftp --enable-gd --with-external-gd --with-jpeg --with-webp --with-xpm --with-freetype --enable-gd-jis-conv --with-gettext --with-gmp --with-mhash --with-imap --with-imap-ssl --with-kerberos --enable-intl --with-ldap --with-ldap-sasl --enable-mbstring --with-mysqli --with-pdo-mysql --enable-mysqlnd --with-mysql-sock=/run/mysqld/mysqld.sock --with-zlib --with-libedit --with-readline --enable-shmop --enable-soap --enable-sockets --with-sodium --with-password-argon2 --with-tidy --with-xsl --with-enchant --with-pspell --with-zip --with-ffi --enable-apcu --enable-brotli --with-libbrotli --with-imagick --with-ssh2 --with-gnupg --enable-rar --enable-igbinary --with-msgpack --enable-sysvsem --enable-sysvmsg --enable-sysvshm
|
||||
make -j $PROC_LIMIT install
|
||||
make distclean
|
||||
git reset --hard
|
||||
git checkout php-8.1.29
|
||||
git checkout php-8.1.30
|
||||
./buildconf -f
|
||||
LIBS='-lgpg-error' CXXFLAGS='-O3 -mtune=native -march=native' CFLAGS='-O3 -mtune=native -march=native' ./configure -C --enable-re2c-cgoto --prefix=/usr --with-config-file-scan-dir=/etc/php/8.1/fpm/conf.d --libdir=/usr/lib/php --libexecdir=/usr/lib/php --datadir=/usr/share/php/8.1 --program-suffix=8.1 --sysconfdir=/etc --localstatedir=/var --mandir=/usr/share/man --enable-fpm --enable-cli --disable-cgi --disable-phpdbg --with-fpm-systemd --with-fpm-user=www-data --with-fpm-group=www-data --with-layout=GNU --disable-dtrace --disable-short-tags --without-valgrind --disable-shared --disable-debug --disable-rpath --without-pear --with-openssl --enable-bcmath --with-bz2 --enable-calendar --with-curl --enable-dba --with-qdbm --with-lmdb --enable-exif --enable-ftp --enable-gd --with-external-gd --with-jpeg --with-webp --with-xpm --with-freetype --enable-gd-jis-conv --with-gettext --with-gmp --with-mhash --with-imap --with-imap-ssl --with-kerberos --enable-intl --with-ldap --with-ldap-sasl --enable-mbstring --with-mysqli --with-pdo-mysql --enable-mysqlnd --with-mysql-sock=/var/run/mysqld/mysqld.sock --with-zlib --with-libedit --with-readline --enable-shmop --enable-soap --enable-sockets --with-sodium --with-password-argon2 --with-tidy --with-xsl --with-enchant --with-pspell --with-zip --with-ffi --enable-apcu --enable-brotli --with-libbrotli --with-imagick --with-ssh2 --with-gnupg --enable-rar --enable-igbinary --with-msgpack --enable-sysvsem --enable-sysvmsg --enable-sysvshm
|
||||
LIBS='-lgpg-error' CXXFLAGS='-O3 -mtune=native -march=native' CFLAGS='-O3 -mtune=native -march=native' ./configure -C --enable-re2c-cgoto --prefix=/usr --with-config-file-scan-dir=/etc/php/8.1/fpm/conf.d --libdir=/usr/lib/php --libexecdir=/usr/lib/php --datadir=/usr/share/php/8.1 --program-suffix=8.1 --sysconfdir=/etc --localstatedir=/var --mandir=/usr/share/man --enable-fpm --enable-cli --disable-cgi --disable-phpdbg --with-fpm-systemd --with-fpm-user=www-data --with-fpm-group=www-data --with-layout=GNU --disable-dtrace --disable-short-tags --without-valgrind --disable-shared --disable-debug --disable-rpath --without-pear --with-openssl --enable-bcmath --with-bz2 --enable-calendar --with-curl --enable-dba --with-qdbm --with-lmdb --enable-exif --enable-ftp --enable-gd --with-external-gd --with-jpeg --with-webp --with-xpm --with-freetype --enable-gd-jis-conv --with-gettext --with-gmp --with-mhash --with-imap --with-imap-ssl --with-kerberos --enable-intl --with-ldap --with-ldap-sasl --enable-mbstring --with-mysqli --with-pdo-mysql --enable-mysqlnd --with-mysql-sock=/run/mysqld/mysqld.sock --with-zlib --with-libedit --with-readline --enable-shmop --enable-soap --enable-sockets --with-sodium --with-password-argon2 --with-tidy --with-xsl --with-enchant --with-pspell --with-zip --with-ffi --enable-apcu --enable-brotli --with-libbrotli --with-imagick --with-ssh2 --with-gnupg --enable-rar --enable-igbinary --with-msgpack --enable-sysvsem --enable-sysvmsg --enable-sysvshm
|
||||
make -j $PROC_LIMIT install
|
||||
make distclean
|
||||
git reset --hard
|
||||
@ -200,7 +200,7 @@ cd ..
|
||||
ldconfig
|
||||
|
||||
# install composer
|
||||
curl -sSL https://github.com/composer/composer/releases/download/2.7.7/composer.phar > /usr/bin/composer
|
||||
curl -sSL https://github.com/composer/composer/releases/download/2.8.2/composer.phar > /usr/bin/composer
|
||||
chmod +x /usr/bin/composer
|
||||
composer self-update
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ const INDEX_MD5S=[ //MD5 sums of index.hosting.html files that should be conside
|
||||
const REQUIRE_APPROVAL=false; //require admin approval of new sites? true/false
|
||||
const ENABLE_SHELL_ACCESS=true; //allows users to login via ssh, when disabled only sftp is allowed - run setup.php to migrate existing accounts
|
||||
const ADMIN_PASSWORD='MY_PASSWORD'; //password for admin interface
|
||||
const SERVICE_INSTANCES=['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's']; //one character per instance - run multiple tor+php-fpm instances for load balancing, remove all but one instance if you expect less than 200 accounts. If tor starts using 100% cpu and failing circuits every few hours after a restart, add more instances. In my experience this happens around 250 hidden services per instance - run setup.php after change
|
||||
const SERVICE_INSTANCES=['a']; //one character per instance - run multiple tor+php-fpm instances for load balancing, remove all but one instance if you expect less than 200 accounts. If tor starts using 100% cpu and failing circuits every few hours after a restart, add more instances. In my experience this happens around 250 hidden services per instance - run setup.php after change
|
||||
const DISABLED_PHP_VERSIONS=[]; //php versions still installed on the system but no longer offered for new accounts
|
||||
const PHP_VERSIONS=[7 => '8.1', 8 => '8.2']; //currently active php versions
|
||||
const DEFAULT_PHP_VERSION='8.2'; //default php version
|
||||
@ -600,12 +600,12 @@ function rewrite_nginx_config(): void
|
||||
continue;
|
||||
}
|
||||
$nginx_mysql.="server {
|
||||
listen unix:/home/$tmp[system_account]/var/run/mysqld/mysqld.sock;
|
||||
listen unix:/home/$tmp[system_account]/run/mysqld/mysqld.sock;
|
||||
proxy_pass unix:/var/run/mysqld/mysqld.sock;
|
||||
}
|
||||
";
|
||||
$nginx_mail.="server {
|
||||
listen unix:/home/$tmp[system_account]/var/run/mail.sock;
|
||||
listen unix:/home/$tmp[system_account]/run/mail.sock;
|
||||
root /var/www/mail;
|
||||
location / {
|
||||
include snippets/fastcgi-php.conf;
|
||||
|
||||
@ -364,7 +364,7 @@ if(!file_exists("/etc/nginx/streams-enabled/")){
|
||||
mkdir("/etc/nginx/streams-enabled/", 0755, true);
|
||||
}
|
||||
file_put_contents('/etc/nginx/streams-enabled/default', "server {
|
||||
listen unix:/var/www/var/run/mysqld/mysqld.sock;
|
||||
listen unix:/var/www/run/mysqld/mysqld.sock;
|
||||
proxy_pass unix:/var/run/mysqld/mysqld.sock;
|
||||
}");
|
||||
exec('systemctl enable nginx');
|
||||
|
||||
@ -1,334 +1,33 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
export PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"
|
||||
|
||||
test "$1" != "" || { echo "Need path to chroot directory"; exit 1; }
|
||||
|
||||
ALL_LIB_DIRECTORIES=()
|
||||
ALL_LIB_FILES=()
|
||||
|
||||
### functions
|
||||
function CHROOT_BINARY() {
|
||||
BINARY="$(which $1)"
|
||||
if [ "$BINARY" == "" ]; then
|
||||
return;
|
||||
fi
|
||||
if [ "$(echo $BINARY | grep -E '.*:.*')" != "" ]; then
|
||||
BINARY="$(echo $BINARY | cut -d':' -f2)"
|
||||
fi
|
||||
LIB_FILES="$(ldd $BINARY 2>&1 | grep -v 'not a dynamic executable' | awk '{ print $3 }' | grep -E '^/(.*)' || echo)"
|
||||
LDD_FILES="$(ldd $BINARY 2>&1 | grep -v 'not a dynamic executable' | grep 'ld-linux' | awk '{ print $1; }' || echo)"
|
||||
if [ "$LIB_FILES" != "" ]; then
|
||||
for LIB_FILE in $LIB_FILES; do
|
||||
ADD_LIB $LIB_FILE
|
||||
done
|
||||
fi
|
||||
if [ "$LDD_FILES" != "" ]; then
|
||||
for LDD_FILE in $LDD_FILES; do
|
||||
ADD_LIB $LDD_FILE
|
||||
done
|
||||
fi
|
||||
BINARY_DIRECTORY="$(dirname $BINARY)"
|
||||
mkdir -pm 0555 $CHROOT_DIRECTORY$BINARY_DIRECTORY
|
||||
cp $BINARY $CHROOT_DIRECTORY$BINARY
|
||||
chmod 0555 $CHROOT_DIRECTORY$BINARY
|
||||
}
|
||||
|
||||
function ADD_LIB() {
|
||||
LIB_DIRECTORY="$(dirname $1)"
|
||||
if [[ ! "${ALL_LIB_DIRECTORIES[@]}" =~ "$LIB_DIRECTORY" ]]; then
|
||||
ALL_LIB_DIRECTORIES=(${ALL_LIB_DIRECTORIES[@]} "$LIB_DIRECTORY")
|
||||
fi
|
||||
if [[ ! "${ALL_LIB_FILES[@]}" =~ "$1" ]]; then
|
||||
ALL_LIB_FILES=(${ALL_LIB_FILES[@]} "$1")
|
||||
fi
|
||||
}
|
||||
|
||||
function CHROOT_LIBRARIES() {
|
||||
for DIRECTORY in ${ALL_LIB_DIRECTORIES[@]}; do
|
||||
mkdir -pm 0555 $CHROOT_DIRECTORY$DIRECTORY
|
||||
done
|
||||
for FILE in ${ALL_LIB_FILES[@]}; do
|
||||
cp $FILE $CHROOT_DIRECTORY$FILE
|
||||
chmod 0555 $CHROOT_DIRECTORY$FILE
|
||||
done
|
||||
}
|
||||
|
||||
### variables
|
||||
CHROOT_DIRECTORY=$1
|
||||
CHROOT_DIRECTORY_STRUCTURE=(
|
||||
'/etc'
|
||||
'/etc/default'
|
||||
'/dev'
|
||||
'/tmp'
|
||||
'/usr'
|
||||
'/usr/share'
|
||||
'/usr/share/bash-completion'
|
||||
'/usr/share/bash-completion/completions'
|
||||
'/usr/bin'
|
||||
'/usr/lib'
|
||||
'/usr/lib/openssh'
|
||||
'/usr/sbin'
|
||||
'/var'
|
||||
'/var/run'
|
||||
'/var/run/mysqld'
|
||||
)
|
||||
CHROOT_DIRECTORY_TO_CLEAN=(
|
||||
'/bin'
|
||||
'/lib'
|
||||
'/usr/bin'
|
||||
'/usr/lib'
|
||||
'/usr/sbin'
|
||||
)
|
||||
BINARIES_GENERAL=(
|
||||
'['
|
||||
'awk'
|
||||
'base32'
|
||||
'base64'
|
||||
'basename'
|
||||
'basenc'
|
||||
'bash'
|
||||
'brotli'
|
||||
'bzip2'
|
||||
'cat'
|
||||
'chmod'
|
||||
'cksum'
|
||||
'clear'
|
||||
'comm'
|
||||
'composer'
|
||||
'cp'
|
||||
'csplit'
|
||||
'curl'
|
||||
'cut'
|
||||
'date'
|
||||
'dd'
|
||||
'dirname'
|
||||
'dir'
|
||||
'du'
|
||||
'echo'
|
||||
'egrep'
|
||||
'env'
|
||||
'expand'
|
||||
'expr'
|
||||
'factor'
|
||||
'false'
|
||||
'fgrep'
|
||||
'find'
|
||||
'fmt'
|
||||
'fold'
|
||||
'git'
|
||||
'git-receive-pack'
|
||||
'git-shell'
|
||||
'git-upload-archive'
|
||||
'git-upload-pack'
|
||||
'gpg'
|
||||
'grep'
|
||||
'gunzip'
|
||||
'gzip'
|
||||
'head'
|
||||
'id'
|
||||
'install'
|
||||
'join'
|
||||
'less'
|
||||
'link'
|
||||
'ln'
|
||||
'ls'
|
||||
'md5sum'
|
||||
'mkdir'
|
||||
'mktemp'
|
||||
'mv'
|
||||
'mysql'
|
||||
'mysqldump'
|
||||
'mysqlcheck'
|
||||
'nano'
|
||||
'nl'
|
||||
'nohup'
|
||||
'numfmt'
|
||||
'od'
|
||||
'openssl'
|
||||
'paste'
|
||||
'php8.1'
|
||||
'php8.2'
|
||||
'pr'
|
||||
'printenv'
|
||||
'printf'
|
||||
'ptx'
|
||||
'pwd'
|
||||
'readlink'
|
||||
'realpath'
|
||||
'rm'
|
||||
'rmdir'
|
||||
'rsync'
|
||||
'scp'
|
||||
'sed'
|
||||
'seq'
|
||||
'sftp'
|
||||
'sh'
|
||||
'sha1sum'
|
||||
'sha224sum'
|
||||
'sha256sum'
|
||||
'sha384sum'
|
||||
'sha512sum'
|
||||
'shred'
|
||||
'shuf'
|
||||
'sleep'
|
||||
'sort'
|
||||
'split'
|
||||
'ssh'
|
||||
'stat'
|
||||
'stdbuf'
|
||||
'sum'
|
||||
'tac'
|
||||
'tail'
|
||||
'tar'
|
||||
'test'
|
||||
'tee'
|
||||
'timeout'
|
||||
'touch'
|
||||
'tput'
|
||||
'tr'
|
||||
'true'
|
||||
'truncate'
|
||||
'tsort'
|
||||
'uname'
|
||||
'unexpand'
|
||||
'uniq'
|
||||
'unlink'
|
||||
'unxz'
|
||||
'unzip'
|
||||
'vdir'
|
||||
'vi'
|
||||
'vim'
|
||||
'wc'
|
||||
'wget'
|
||||
'which'
|
||||
'xargs'
|
||||
'xz'
|
||||
'zip'
|
||||
'zopfli'
|
||||
'nologin'
|
||||
)
|
||||
FILES_GENERAL=(
|
||||
'/etc/hosts'
|
||||
'/etc/hostname'
|
||||
'/etc/resolv.conf'
|
||||
'/etc/nsswitch.conf'
|
||||
'/etc/services'
|
||||
'/etc/protocols'
|
||||
'/etc/locale.alias'
|
||||
'/etc/default/locale'
|
||||
'/etc/localtime'
|
||||
'/etc/profile'
|
||||
'/etc/bash_completion'
|
||||
'/etc/bash.bashrc'
|
||||
'/usr/share/bash-completion/bash_completion'
|
||||
'/usr/share/bash-completion/completions/alias'
|
||||
'/usr/share/bash-completion/completions/bind'
|
||||
'/usr/share/bash-completion/completions/bzip2'
|
||||
'/usr/share/bash-completion/completions/compgen'
|
||||
'/usr/share/bash-completion/completions/complete'
|
||||
'/usr/share/bash-completion/completions/curl'
|
||||
'/usr/share/bash-completion/completions/declare'
|
||||
'/usr/share/bash-completion/completions/export'
|
||||
'/usr/share/bash-completion/completions/find'
|
||||
'/usr/share/bash-completion/completions/function'
|
||||
'/usr/share/bash-completion/completions/git'
|
||||
'/usr/share/bash-completion/completions/gzip'
|
||||
'/usr/share/bash-completion/completions/id'
|
||||
'/usr/share/bash-completion/completions/kill'
|
||||
'/usr/share/bash-completion/completions/mysql'
|
||||
'/usr/share/bash-completion/completions/openssl'
|
||||
'/usr/share/bash-completion/completions/pwd'
|
||||
'/usr/share/bash-completion/completions/rsync'
|
||||
'/usr/share/bash-completion/completions/scp'
|
||||
'/usr/share/bash-completion/completions/sh'
|
||||
'/usr/share/bash-completion/completions/sftp'
|
||||
'/usr/share/bash-completion/completions/tar'
|
||||
'/usr/share/bash-completion/completions/typeset'
|
||||
'/usr/share/bash-completion/completions/wget'
|
||||
'/etc/ld.so.conf'
|
||||
)
|
||||
DIRECTORIES_GENERAL=(
|
||||
'/usr/lib/git-core'
|
||||
'/usr/share/git-core'
|
||||
'/usr/lib/locale'
|
||||
'/usr/share/i18n'
|
||||
'/etc/ssl'
|
||||
'/usr/lib/ssl'
|
||||
'/usr/share/ca-certificates'
|
||||
'/etc/bash_completion.d'
|
||||
'/usr/share/zoneinfo'
|
||||
'/lib/terminfo'
|
||||
'/usr/share/terminfo'
|
||||
'/usr/lib/php'
|
||||
'/etc/profile.d'
|
||||
'/etc/ld.so.conf.d'
|
||||
)
|
||||
### test variables/parameters
|
||||
test "$CHROOT_DIRECTORY" != ""
|
||||
|
||||
if [ "$2" != "" ]; then
|
||||
CHROOT_BINARY $2
|
||||
CHROOT_LIBRARIES
|
||||
ldconfig -r $CHROOT_DIRECTORY
|
||||
jk_cp -j "$CHROOT_DIRECTORY" -k "$2"
|
||||
echo "copied extra binary $2";
|
||||
exit 0;
|
||||
fi
|
||||
|
||||
### init chroot directory
|
||||
mkdir -p $CHROOT_DIRECTORY
|
||||
chown root:www-data $CHROOT_DIRECTORY
|
||||
chmod 550 $CHROOT_DIRECTORY
|
||||
for DIRECTORY in ${CHROOT_DIRECTORY_TO_CLEAN[@]}; do
|
||||
rm -rf $CHROOT_DIRECTORY$DIRECTORY
|
||||
done
|
||||
ln -s usr/bin $CHROOT_DIRECTORY/bin
|
||||
ln -s usr/lib $CHROOT_DIRECTORY/lib
|
||||
for DIRECTORY in ${CHROOT_DIRECTORY_STRUCTURE[@]}; do
|
||||
mkdir -pm 0555 $CHROOT_DIRECTORY$DIRECTORY
|
||||
done
|
||||
chmod 777 $CHROOT_DIRECTORY/tmp
|
||||
# users and groups
|
||||
echo "root:x:0:0:root:/root:/bin/bash" > $CHROOT_DIRECTORY/etc/passwd
|
||||
echo "www-data:x:33:33::/var/www:/bin/bash" >> $CHROOT_DIRECTORY/etc/passwd
|
||||
echo "root:x:0:" > $CHROOT_DIRECTORY/etc/group
|
||||
echo "www-data:x:33:www-data" >> $CHROOT_DIRECTORY/etc/group
|
||||
|
||||
# /dev devices
|
||||
test -e $CHROOT_DIRECTORY/dev/null || mknod -m 666 $CHROOT_DIRECTORY/dev/null c 1 3
|
||||
test -e $CHROOT_DIRECTORY/dev/zero || mknod -m 666 $CHROOT_DIRECTORY/dev/zero c 1 5
|
||||
test -e $CHROOT_DIRECTORY/dev/tty || mknod -m 666 $CHROOT_DIRECTORY/dev/tty c 5 0
|
||||
test -e $CHROOT_DIRECTORY/dev/random || mknod -m 644 $CHROOT_DIRECTORY/dev/random c 1 8
|
||||
test -e $CHROOT_DIRECTORY/dev/urandom || mknod -m 644 $CHROOT_DIRECTORY/dev/urandom c 1 9
|
||||
# copy general directories
|
||||
for DIRECTORY in ${DIRECTORIES_GENERAL[@]}; do
|
||||
rm -rf $CHROOT_DIRECTORY$DIRECTORY
|
||||
cp -Rp $DIRECTORY $CHROOT_DIRECTORY$DIRECTORY
|
||||
done
|
||||
echo "export HOME=/" > $CHROOT_DIRECTORY/etc/profile.d/hosting.sh
|
||||
echo "export HISTFILE=/.bash_history" >> $CHROOT_DIRECTORY/etc/profile.d/hosting.sh
|
||||
echo 'export PATH="$PATH:/.composer/vendor/bin"' >> $CHROOT_DIRECTORY/etc/profile.d/hosting.sh
|
||||
# copy general files
|
||||
for FILE in ${FILES_GENERAL[@]}; do
|
||||
cp $FILE $CHROOT_DIRECTORY$FILE
|
||||
done
|
||||
### copy shared libraries and binaries
|
||||
# general
|
||||
for BINARY in ${BINARIES_GENERAL[@]}; do
|
||||
CHROOT_BINARY $BINARY
|
||||
done
|
||||
# git
|
||||
for BINARY in `find /usr/lib/git-core -type f`; do
|
||||
CHROOT_BINARY $BINARY
|
||||
done
|
||||
# networking
|
||||
for LIB in /lib/*/libnss_*; do
|
||||
ADD_LIB $LIB
|
||||
done
|
||||
# php
|
||||
for LIB in /usr/lib/php/*/*.so; do
|
||||
ADD_LIB $LIB
|
||||
done
|
||||
CHROOT_LIBRARIES
|
||||
ldconfig -r $CHROOT_DIRECTORY
|
||||
ln -f $CHROOT_DIRECTORY/usr/bin/php8.2 $CHROOT_DIRECTORY/usr/bin/php
|
||||
if [[ -d "$CHROOT_DIRECTORY/bin" ]]; then
|
||||
chown root:root "$CHROOT_DIRECTORY"
|
||||
chmod 555 "$CHROOT_DIRECTORY"
|
||||
jk_update -j "$CHROOT_DIRECTORY" -k /bin /lib /usr
|
||||
else
|
||||
mkdir -p "$CHROOT_DIRECTORY"
|
||||
chown root:root "$CHROOT_DIRECTORY"
|
||||
chmod 555 "$CHROOT_DIRECTORY"
|
||||
jk_init -j "$CHROOT_DIRECTORY" -k custom_hosting
|
||||
chmod 777 "$CHROOT_DIRECTORY/tmp"
|
||||
echo "export HOME=/" > "$CHROOT_DIRECTORY/etc/profile.d/hosting.sh"
|
||||
echo "export HISTFILE=/.bash_history" >> "$CHROOT_DIRECTORY/etc/profile.d/hosting.sh"
|
||||
echo 'export PATH="$PATH:/.composer/vendor/bin"' >> "$CHROOT_DIRECTORY/etc/profile.d/hosting.sh"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user