#!/bin/bash ################################################################################ # Author: crombiecrunch, bubasik, yenten # # Web: www.thecryptopool.com, http://yenten-pool.info/ # # Program: # Install yiimp on Ubuntu 16.04 running Nginx, MariaDB, and php7.x # # ################################################################################ output() { printf "\E[0;33;40m" echo $1 printf "\E[0m" } displayErr() { echo echo $1; echo exit 1; } clear output "Make sure you double check before hitting enter! Only one shot at these!" output "" read -e -p "Enter time zone (e.g. America/New_York) : " TIME read -e -p "Server name (no http:// or www. just example.com) : " server_name read -e -p "Enter support email (e.g. admin@example.com) : " EMAIL read -e -p "Set stratum to AutoExchange? i.e. mine any coinf with BTC address? [y/N] : " BTC read -e -p "Please enter a new location for /site/adminRights this is to customize the admin entrance url (e.g. myAdminpanel) : " admin_panel read -e -p "Enter your Public IP for admin access (http://www.whatsmyip.org/) : " Public read -e -p "Install Fail2ban? [Y/n] : " install_fail2ban read -e -p "Install UFW and configure ports? [Y/n] : " UFW read -e -p "Install LetsEncrypt SSL? IMPORTANT! You MUST have your domain name pointed to this server prior to running the script!! [Y/n]: " ssl_install clear output "If you found this helpful, please donate to BTC Donation: 1HUruZMcSben39E27cyLwsTrk6bbWZs3po" output "" output "Updating system and installing required packages." output "" # update package and upgrade Ubuntu sudo apt-get -y update sudo apt-get -y upgrade sudo apt-get -y autoremove clear output "Switching to Aptitude" output "" sudo apt-get -y install aptitude output "Installing Nginx server." output "" sudo aptitude -y install nginx sudo rm /etc/nginx/sites-enabled/default sudo service nginx start sudo service cron start #Making Nginx a bit hard echo 'map $http_user_agent $blockedagent { default 0; ~*malicious 1; ~*bot 1; ~*backdoor 1; ~*crawler 1; ~*bandit 1; } ' | sudo -E tee /etc/nginx/blockuseragents.rules >/dev/null 2>&1 output "Installing Mariadb Server." output "" # create random password rootpasswd=$(openssl rand -base64 12) export DEBIAN_FRONTEND="noninteractive" sudo aptitude -y install mariadb-server output "Installing php7.x and other needed files" output "" sudo aptitude -y install php7.0-fpm sudo aptitude -y install php7.0-opcache php7.0-fpm php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap php7.0-cli php7.0-cgi php-pear php-auth php7.0-mcrypt mcrypt imagemagick libruby php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip php7.0-mbstring sudo phpenmod mcrypt sudo phpenmod mbstring sudo aptitude -y install libgmp3-dev sudo aptitude -y install libmysqlclient-dev sudo aptitude -y install libcurl4-gnutls-dev sudo aptitude -y install libkrb5-dev sudo aptitude -y install libldap2-dev sudo aptitude -y install libidn11-dev sudo aptitude -y install gnutls-dev sudo aptitude -y install librtmp-dev sudo aptitude -y install build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils sudo aptitude -y install sendmail sudo aptitude -y install git sudo aptitude -y install pwgen -y clear #Generating Random Passwords password=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` password2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` AUTOGENERATED_PASS=`pwgen -c -1 20` output "Testing to see if server emails are sent" output "" if [[ "$root_email" != "" ]]; then echo $root_email > sudo tee --append ~/.email echo $root_email > sudo tee --append ~/.forward if [[ ("$send_email" == "y" || "$send_email" == "Y" || "$send_email" == "") ]]; then echo "This is a mail test for the SMTP Service." > sudo tee --append /tmp/email.message echo "You should receive this !" >> sudo tee --append /tmp/email.message echo "" >> sudo tee --append /tmp/email.message echo "Cheers" >> sudo tee --append /tmp/email.message sudo sendmail -s "SMTP Testing" $root_email < sudo tee --append /tmp/email.message sudo rm -f /tmp/email.message echo "Mail sent" fi fi output "Some optional installs" if [[ ("$install_fail2ban" == "y" || "$install_fail2ban" == "Y" || "$install_fail2ban" == "") ]]; then sudo aptitude -y install fail2ban fi if [[ ("$UFW" == "y" || "$UFW" == "Y" || "$UFW" == "") ]]; then sudo apt-get install ufw sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw allow 2142/tcp sudo ufw allow 3739/tcp sudo ufw allow 3525/tcp sudo ufw allow 4233/tcp sudo ufw allow 3747/tcp sudo ufw allow 5033/tcp sudo ufw allow 4262/tcp sudo ufw allow 3737/tcp sudo ufw allow 3556/tcp sudo ufw allow 3553/tcp sudo ufw allow 4633/tcp sudo ufw allow 8433/tcp sudo ufw allow 3555/tcp sudo ufw allow 3833/tcp sudo ufw allow 4533/tcp sudo ufw allow 4133/tcp sudo ufw allow 5339/tcp sudo ufw allow 8533/tcp sudo ufw allow 3334/tcp sudo ufw allow 4933/tcp sudo ufw allow 3333/tcp sudo ufw allow 6033/tcp sudo ufw allow 5766/tcp sudo ufw allow 3533/tcp sudo ufw allow 4033/tcp sudo ufw allow 3433/tcp sudo ufw allow 3633/tcp sudo ufw allow 6234/tcp sudo ufw allow 6236/tcp sudo ufw --force enable fi clear output "Installing phpmyadmin" output "" echo "phpmyadmin phpmyadmin/reconfigure-webserver multiselect" | sudo debconf-set-selections echo "phpmyadmin phpmyadmin/dbconfig-install boolean true" | sudo debconf-set-selections echo "phpmyadmin phpmyadmin/mysql/admin-user string root" | sudo debconf-set-selections echo "phpmyadmin phpmyadmin/mysql/admin-pass password $rootpasswd" | sudo debconf-set-selections echo "phpmyadmin phpmyadmin/mysql/app-pass password $AUTOGENERATED_PASS" | sudo debconf-set-selections echo "phpmyadmin phpmyadmin/app-password-confirm password $AUTOGENERATED_PASS" | sudo debconf-set-selections sudo aptitude -y install phpmyadmin output " Installing yiimp" output "" output "Grabbing yiimp fron Github, building files and setting file structure." output "" #Generating Random Password for stratum blckntifypass=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1` cd ~ git clone https://github.com/bubasik/yiimp-yespowerr16-ytn.git cd $HOME/yiimp-yespowerr16-ytn/blocknotify sudo sed -i 's/tu8tu5/'$blckntifypass'/' blocknotify.cpp sudo make cd $HOME/yiimp-yespowerr16-ytn/stratum/iniparser sudo make cd $HOME/yiimp-yespowerr16-ytn/stratum if [[ ("$BTC" == "y" || "$BTC" == "Y") ]]; then sudo sed -i 's/CFLAGS += -DNO_EXCHANGE/#CFLAGS += -DNO_EXCHANGE/' $HOME/yiimp-yespowerr16-ytn/stratum/Makefile sudo make fi sudo make cd $HOME/yiimp-yespowerr16-ytn sudo sed -i 's/AdminRights/'$admin_panel'/' $HOME/yiimp-yespowerr16-ytn/web/yaamp/modules/site/SiteController.php sudo cp -r $HOME/yiimp-yespowerr16-ytn/web /var/ sudo mkdir -p /var/stratum cd $HOME/yiimp-yespowerr16-ytn/stratum sudo cp -a config.sample/. /var/stratum/config sudo cp -r stratum /var/stratum sudo cp -r run.sh /var/stratum cd $HOME/yiimp-yespowerr16-ytn sudo cp -a $HOME/yiimp-yespowerr16-ytn/bin/. /bin/ sudo cp -r $HOME/yiimp-yespowerr16-ytn/blocknotify/blocknotify /var/stratum sudo mkdir -p /etc/yiimp sudo mkdir -p /$HOME/backup/ #fixing yiimp sed -i "s|ROOTDIR=/data/yiimp|ROOTDIR=/var|g" /bin/yiimp #fixing run.sh sudo rm -r /var/stratum/config/run.sh echo ' #!/bin/bash ulimit -n 10240 ulimit -u 10240 cd /var/stratum while true; do ./stratum /var/stratum/config/$1 sleep 2 done exec bash ' | sudo -E tee /var/stratum/config/run.sh >/dev/null 2>&1 sudo chmod +x /var/stratum/config/run.sh output "Update default timezone." output "Thanks for using this installation script. Donations welcome" # check if link file sudo [ -L /etc/localtime ] && sudo unlink /etc/localtime # update time zone sudo ln -sf /usr/share/zoneinfo/$TIME /etc/localtime sudo aptitude -y install ntpdate # write time to clock. sudo hwclock -w clear output "Making Web Server Magic Happen!" # adding user to group, creating dir structure, setting permissions sudo mkdir -p /var/www/$server_name/html output "Creating webserver initial config file" output "" echo 'include /etc/nginx/blockuseragents.rules; server { if ($blockedagent) { return 403; } if ($request_method !~ ^(GET|HEAD|POST)$) { return 444; } listen 80; listen [::]:80; server_name '"${server_name}"' www.'"${server_name}"'; root "/var/www/'"${server_name}"'/html/web"; index index.html index.htm index.php; charset utf-8; location / { try_files $uri $uri/ /index.php?$args; } location @rewrite { rewrite ^/(.*)$ /index.php?r=$1; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } access_log off; error_log /var/log/nginx/'"${server_name}"'.app-error.log error; # allow larger file uploads and longer script runtimes client_body_buffer_size 50k; client_header_buffer_size 50k; client_max_body_size 50k; large_client_header_buffers 2 50k; sendfile off; location ~ ^/index\.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors off; fastcgi_buffer_size 16k; fastcgi_buffers 4 16k; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; try_files $uri $uri/ =404; } location ~ \.php$ { return 404; } location ~ \.sh { return 404; } location ~ /\.ht { deny all; } location ~ /.well-known { allow all; } location /phpmyadmin { root /usr/share/; index index.php; try_files $uri $uri/ =404; location ~ ^/phpmyadmin/(doc|sql|setup)/ { deny all; } location ~ /phpmyadmin/(.+\.php)$ { fastcgi_pass unix:/run/php/php7.0-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; include snippets/fastcgi-php.conf; } } } ' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 sudo ln -s /etc/nginx/sites-available/$server_name.conf /etc/nginx/sites-enabled/$server_name.conf sudo ln -s /var/web /var/www/$server_name/html sudo service nginx restart if [[ ("$ssl_install" == "y" || "$ssl_install" == "Y" || "$ssl_install" == "") ]]; then output "Install LetsEncrypt and setting SSL" sudo aptitude -y install letsencrypt sudo letsencrypt certonly -a webroot --webroot-path=/var/web --email "$EMAIL" --agree-tos -d "$server_name" -d www."$server_name" sudo rm /etc/nginx/sites-available/$server_name.conf sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 # I am SSL Man! echo 'include /etc/nginx/blockuseragents.rules; server { if ($blockedagent) { return 403; } if ($request_method !~ ^(GET|HEAD|POST)$) { return 444; } listen 80; listen [::]:80; server_name '"${server_name}"'; # enforce https return 301 https://$server_name$request_uri; } server { if ($blockedagent) { return 403; } if ($request_method !~ ^(GET|HEAD|POST)$) { return 444; } listen 443 ssl http2; listen [::]:443 ssl http2; server_name '"${server_name}"' www.'"${server_name}"'; root /var/www/'"${server_name}"'/html/web; index index.php; access_log /var/log/nginx/'"${server_name}"'.app-accress.log; error_log /var/log/nginx/'"${server_name}"'.app-error.log error; # allow larger file uploads and longer script runtimes client_body_buffer_size 50k; client_header_buffer_size 50k; client_max_body_size 50k; large_client_header_buffers 2 50k; sendfile off; # strengthen ssl security ssl_certificate /etc/letsencrypt/live/'"${server_name}"'/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/'"${server_name}"'/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_dhparam /etc/ssl/certs/dhparam.pem; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; preload;"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header Content-Security-Policy "frame-ancestors 'self'"; location / { try_files $uri $uri/ /index.php?$args; } location @rewrite { rewrite ^/(.*)$ /index.php?r=$1; } location ~ ^/index\.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors off; fastcgi_buffer_size 16k; fastcgi_buffers 4 16k; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; include /etc/nginx/fastcgi_params; try_files $uri $uri/ =404; } location ~ \.php$ { return 404; } location ~ \.sh { return 404; } location ~ /\.ht { deny all; } location /phpmyadmin { root /usr/share/; index index.php; try_files $uri $uri/ =404; location ~ ^/phpmyadmin/(doc|sql|setup)/ { deny all; } location ~ /phpmyadmin/(.+\.php)$ { fastcgi_pass unix:/run/php/php7.0-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; include snippets/fastcgi-php.conf; } } } ' | sudo -E tee /etc/nginx/sites-available/$server_name.conf >/dev/null 2>&1 fi sudo service nginx restart sudo service php7.0-fpm reload clear output "Now for the database fun!" # create database Q1="CREATE DATABASE IF NOT EXISTS yiimpfrontend;" Q2="GRANT ALL ON *.* TO 'panel'@'localhost' IDENTIFIED BY '$password';" Q3="FLUSH PRIVILEGES;" SQL="${Q1}${Q2}${Q3}" sudo mysql -u root -p="" -e "$SQL" # create stratum user Q1="GRANT ALL ON *.* TO 'stratum'@'localhost' IDENTIFIED BY '$password2';" Q2="FLUSH PRIVILEGES;" SQL="${Q1}${Q2}" sudo mysql -u root -p="" -e "$SQL" #Create my.cnf echo ' [clienthost1] user=panel password='"${password}"' database=yiimpfrontend host=localhost [clienthost2] user=stratum password='"${password2}"' database=yiimpfrontend host=localhost [mysql] user=root password='"${rootpasswd}"' ' | sudo -E tee ~/.my.cnf >/dev/null 2>&1 sudo chmod 0600 ~/.my.cnf #Create keys file echo ' '"'"'); define('"'"'EXCH_BITSTAMP_SECRET'"'"','"'"''"'"'); define('"'"'EXCH_BLEUTRADE_SECRET'"'"', '"'"''"'"'); define('"'"'EXCH_BTER_SECRET'"'"', '"'"''"'"'); define('"'"'EXCH_CCEX_SECRET'"'"', '"'"''"'"'); define('"'"'EXCH_COINMARKETS_PASS'"'"', '"'"''"'"'); define('"'"'EXCH_CRYPTOPIA_SECRET'"'"', '"'"''"'"'); define('"'"'EXCH_EMPOEX_SECKEY'"'"', '"'"''"'"'); define('"'"'EXCH_HITBTC_SECRET'"'"', '"'"''"'"'); define('"'"'EXCH_KRAKEN_SECRET'"'"','"'"''"'"'); define('"'"'EXCH_LIVECOIN_SECRET'"'"', '"'"''"'"'); define('"'"'EXCH_NOVA_SECRET'"'"','"'"''"'"'); define('"'"'EXCH_POLONIEX_SECRET'"'"', '"'"''"'"'); define('"'"'EXCH_YOBIT_SECRET'"'"', '"'"''"'"'); ' | sudo -E tee /etc/yiimp/keys.php >/dev/null 2>&1 output "Database 'yiimpfrontend' and users 'panel' and 'stratum' created with password $password and $password2, will be saved for you" output "" output "BTC Donation: 1HUruZMcSben39E27cyLwsTrk6bbWZs3po" output "" output "Peforming the SQL import" output "" cd ~ cd yiimp-yespowerr16-ytn/sql # import sql dump sudo zcat 2016-04-03-yaamp.sql.gz | sudo mysql --defaults-group-suffix=host1 # oh the humanity! sudo mysql --defaults-group-suffix=host1 --force < 2016-04-24-market_history.sql sudo mysql --defaults-group-suffix=host1 --force < 2016-04-27-settings.sql sudo mysql --defaults-group-suffix=host1 --force < 2016-05-11-coins.sql sudo mysql --defaults-group-suffix=host1 --force < 2016-05-15-benchmarks.sql sudo mysql --defaults-group-suffix=host1 --force < 2016-05-23-bookmarks.sql sudo mysql --defaults-group-suffix=host1 --force < 2016-06-01-notifications.sql sudo mysql --defaults-group-suffix=host1 --force < 2016-06-04-bench_chips.sql sudo mysql --defaults-group-suffix=host1 --force < 2016-11-23-coins.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-02-05-benchmarks.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-03-31-earnings_index.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-05-accounts_case_swaptime.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-06-payouts_coinid_memo.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-09-notifications.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-10-bookmarks.sql sudo mysql --defaults-group-suffix=host1 --force < 2017-11-segwit.sql sudo mysql --defaults-group-suffix=host1 --force < 2018-01-stratums_ports.sql sudo mysql --defaults-group-suffix=host1 --force < 2018-02-coins_getinfo.sql clear output "Generating a basic serverconfig.php" output "" # make config file echo ' 0.3 define('"'"'EXCH_AUTO_WITHDRAW'"'"', 0.3); // nicehash keys deposit account & amount to deposit at a time define('"'"'NICEHASH_API_KEY'"'"','"'"'521c254d-8cc7-4319-83d2-ac6c604b5b49'"'"'); define('"'"'NICEHASH_API_ID'"'"','"'"'9205'"'"'); define('"'"'NICEHASH_DEPOSIT'"'"','"'"'3J9tapPoFCtouAZH7Th8HAPsD8aoykEHzk'"'"'); define('"'"'NICEHASH_DEPOSIT_AMOUNT'"'"','"'"'0.01'"'"'); $cold_wallet_table = array( '"'"'1KuE2LMZMPXJ4gsVniWLuyyPsqqZs5Av4y'"'"' => 0.10, ); // Sample fixed pool fees $configFixedPoolFees = array( '"'"'zr5'"'"' => 2.0, '"'"'scrypt'"'"' => 20.0, '"'"'sha256'"'"' => 5.0, ); // Sample custom stratum ports $configCustomPorts = array( // '"'"'x11'"'"' => 7000, ); // mBTC Coefs per algo (default is 1.0) $configAlgoNormCoef = array( // '"'"'x11'"'"' => 5.0, ); ' | sudo -E tee /var/web/serverconfig.php >/dev/null 2>&1 output "Updating stratum config files with database connection info." output "" cd /var/stratum/config sudo sed -i 's/password = tu8tu5/password = '$blckntifypass'/g' *.conf sudo sed -i 's/server = yaamp.com/server = '$server_name'/g' *.conf sudo sed -i 's/host = yaampdb/host = localhost/g' *.conf sudo sed -i 's/database = yaamp/database = yiimpfrontend/g' *.conf sudo sed -i 's/username = root/username = stratum/g' *.conf sudo sed -i 's/password = patofpaq/password = '$password2'/g' *.conf cd ~ output "Final Directory permissions" output "" whoami=`whoami` sudo usermod -aG www-data $whoami sudo chown -R www-data:www-data /var/log sudo chown -R www-data:www-data /var/stratum sudo chown -R www-data:www-data /var/web sudo chmod -R 775 /var/www/$server_name/html sudo chmod -R 775 /var/web sudo chmod -R 775 /var/stratum sudo chmod -R 777 /var/web/yaamp/runtime sudo chmod -R 777 /root/backup/ sudo chmod -R 777 /var/log sudo chmod -R 775 /var/web/serverconfig.php sudo service nginx restart sudo service php7.0-fpm reload clear output "Whew that was fun, just some reminders. Your mysql information is saved in ~/.my.cnf. this installer did not directly install anything required to build coins." output "" output "Please make sure to change your wallet addresses in the /var/web/serverconfig.php file." output "" output "Please make sure to add your public and private keys." output "" output "If you found this script helpful please consider donating some BTC Donation: 1HUruZMcSben39E27cyLwsTrk6bbWZs3po "