debianvps.sh 28 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872
  1. #!/bin/bash
  2. # Debian 9 and 10 VPS Installer
  3. # Original Script by Bonveio Abitona
  4. # Modified By KuroShion
  5. #
  6. # Variables (Can be changed depends on your preferred values)
  7. # Script name
  8. MyScriptName='AidanVPN'
  9. # OpenSSH Ports
  10. SSH_Port1='22'
  11. # Your SSH Banner
  12. SSH_Banner='https://pastebin.com/raw/bqjYZ0xA'
  13. # Dropbear Ports
  14. Dropbear_Port1='143'
  15. # Stunnel Ports
  16. Stunnel_Port1='442' # through Dropbear
  17. Stunnel_Port2='441' # through OpenSSH
  18. # OpenVPN Ports
  19. OpenVPN_TCP_Port='502' # take note when you change this port, openvpn sun noload config will not work
  20. OpenVPN_UDP_Port='1194'
  21. # Privoxy Ports
  22. Privoxy_Port1='8000'
  23. # Squid Ports
  24. Squid_Port1='8080'
  25. Squid_Port2='8888'
  26. Squid_Port3='3128'
  27. # OpenVPN Config Download Port
  28. OvpnDownload_Port='85' # Before changing this value, please read this document. It contains all unsafe ports for Google Chrome Browser, please read from line #23 to line #89: https://chromium.googlesource.com/chromium/src.git/+/refs/heads/master/net/base/port_util.cc
  29. # Server local time
  30. MyVPS_Time='Asia/KualaLumpur'
  31. ## All function used for this script
  32. #############################
  33. ## WARNING: Do not modify or edit anything
  34. ## if you didn't know what to do.
  35. ## This part is too sensitive.
  36. function InstUpdates(){
  37. export DEBIAN_FRONTEND=noninteractive
  38. apt-get update
  39. apt-get upgrade -y
  40. # Removing some firewall tools that may affect other services
  41. apt-get remove --purge ufw firewalld -y
  42. # Installing some important machine essentials
  43. apt-get install nano wget curl zip unzip tar gzip p7zip-full bc rc openssl cron net-tools dnsutils dos2unix screen bzip2 ccrypt -y
  44. # Now installing all our wanted services
  45. apt-get install dropbear stunnel4 privoxy ca-certificates nginx ruby apt-transport-https lsb-release squid screenfetch -y
  46. # Installing all required packages to install Webmin
  47. apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python dbus libxml-parser-perl -y
  48. apt-get install shared-mime-info jq -y
  49. # Installing a text colorizer
  50. gem install lolcat
  51. # install fail2ban
  52. apt-get -y install fail2ban
  53. # Trying to remove obsolette packages after installation
  54. apt-get autoremove -y
  55. # Installing OpenVPN by pulling its repository inside sources.list file
  56. rm -rf /etc/apt/sources.list.d/openvpn*
  57. echo "deb http://build.openvpn.net/debian/openvpn/stable $(lsb_release -sc) main" > /etc/apt/sources.list.d/openvpn.list
  58. wget -qO - http://build.openvpn.net/debian/openvpn/stable/pubkey.gpg|apt-key add -
  59. apt-get update
  60. apt-get install openvpn easy-rsa -y
  61. }
  62. function InstWebmin(){
  63. # Download the webmin .deb package
  64. # You may change its webmin version depends on the link you've loaded in this variable(.deb file only, do not load .zip or .tar.gz file):
  65. WebminFile='http://prdownloads.sourceforge.net/webadmin/webmin_1.910_all.deb'
  66. wget -qO webmin.deb "$WebminFile"
  67. # Installing .deb package for webmin
  68. dpkg --install webmin.deb
  69. rm -rf webmin.deb
  70. # Configuring webmin server config to use only http instead of https
  71. sed -i 's|ssl=1|ssl=0|g' /etc/webmin/miniserv.conf
  72. # Then restart to take effect
  73. systemctl restart webmin
  74. }
  75. function InstSSH(){
  76. # Removing some duplicated sshd server configs
  77. rm -f /etc/ssh/sshd_config*
  78. # Creating a SSH server config using cat eof tricks
  79. cat <<'MySSHConfig' > /etc/ssh/sshd_config
  80. # My OpenSSH Server config
  81. Port myPORT1
  82. AddressFamily inet
  83. ListenAddress 0.0.0.0
  84. HostKey /etc/ssh/ssh_host_rsa_key
  85. HostKey /etc/ssh/ssh_host_ecdsa_key
  86. HostKey /etc/ssh/ssh_host_ed25519_key
  87. PermitRootLogin yes
  88. MaxSessions 1024
  89. PubkeyAuthentication yes
  90. PasswordAuthentication yes
  91. PermitEmptyPasswords no
  92. ChallengeResponseAuthentication no
  93. UsePAM yes
  94. X11Forwarding yes
  95. PrintMotd no
  96. ClientAliveInterval 240
  97. ClientAliveCountMax 2
  98. UseDNS no
  99. Banner /etc/banner
  100. AcceptEnv LANG LC_*
  101. Subsystem sftp /usr/lib/openssh/sftp-server
  102. MySSHConfig
  103. # Now we'll put our ssh ports inside of sshd_config
  104. sed -i "s|myPORT1|$SSH_Port1|g" /etc/ssh/sshd_config
  105. # Download our SSH Banner
  106. rm -f /etc/banner
  107. wget -qO /etc/banner "$SSH_Banner"
  108. dos2unix -q /etc/banner
  109. # My workaround code to remove `BAD Password error` from passwd command, it will fix password-related error on their ssh accounts.
  110. sed -i '/password\s*requisite\s*pam_cracklib.s.*/d' /etc/pam.d/common-password
  111. sed -i 's/use_authtok //g' /etc/pam.d/common-password
  112. # Some command to identify null shells when you tunnel through SSH or using Stunnel, it will fix user/pass authentication error on HTTP Injector, KPN Tunnel, eProxy, SVI, HTTP Proxy Injector etc ssh/ssl tunneling apps.
  113. sed -i '/\/bin\/false/d' /etc/shells
  114. sed -i '/\/usr\/sbin\/nologin/d' /etc/shells
  115. echo '/bin/false' >> /etc/shells
  116. echo '/usr/sbin/nologin' >> /etc/shells
  117. # Restarting openssh service
  118. systemctl restart ssh
  119. # Removing some duplicate config file
  120. rm -rf /etc/default/dropbear*
  121. # creating dropbear config using cat eof tricks
  122. cat <<'MyDropbear' > /etc/default/dropbear
  123. # My Dropbear Config
  124. NO_START=0
  125. DROPBEAR_PORT=PORT01
  126. DROPBEAR_EXTRA_ARGS=""
  127. DROPBEAR_BANNER="/etc/banner"
  128. DROPBEAR_RSAKEY="/etc/dropbear/dropbear_rsa_host_key"
  129. DROPBEAR_DSSKEY="/etc/dropbear/dropbear_dss_host_key"
  130. DROPBEAR_ECDSAKEY="/etc/dropbear/dropbear_ecdsa_host_key"
  131. DROPBEAR_RECEIVE_WINDOW=65536
  132. MyDropbear
  133. # Now changing our desired dropbear ports
  134. sed -i "s|PORT01|$Dropbear_Port1|g" /etc/default/dropbear
  135. # Restarting dropbear service
  136. systemctl restart dropbear
  137. }
  138. function InsStunnel(){
  139. StunnelDir=$(ls /etc/default | grep stunnel | head -n1)
  140. # Creating stunnel startup config using cat eof tricks
  141. cat <<'MyStunnelD' > /etc/default/$StunnelDir
  142. # My Stunnel Config
  143. ENABLED=1
  144. FILES="/etc/stunnel/*.conf"
  145. OPTIONS=""
  146. BANNER="/etc/banner"
  147. PPP_RESTART=0
  148. # RLIMITS="-n 4096 -d unlimited"
  149. RLIMITS=""
  150. MyStunnelD
  151. # Removing all stunnel folder contents
  152. rm -rf /etc/stunnel/*
  153. # Creating stunnel certifcate using openssl
  154. openssl req -new -x509 -days 9999 -nodes -subj "/C=MY/ST=Selangor/L=Gombak/O=$MyScriptName/OU=$MyScriptName/CN=$MyScriptName" -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem &> /dev/null
  155. ## > /dev/null 2>&1
  156. # Creating stunnel server config
  157. cat <<'MyStunnelC' > /etc/stunnel/stunnel.conf
  158. # My Stunnel Config
  159. pid = /var/run/stunnel.pid
  160. cert = /etc/stunnel/stunnel.pem
  161. client = no
  162. socket = l:TCP_NODELAY=1
  163. socket = r:TCP_NODELAY=1
  164. TIMEOUTclose = 0
  165. [dropbear]
  166. accept = Stunnel_Port1
  167. connect = 127.0.0.1:dropbear_port_c
  168. [openssh]
  169. accept = Stunnel_Port2
  170. connect = 127.0.0.1:openssh_port_c
  171. MyStunnelC
  172. # setting stunnel ports
  173. sed -i "s|Stunnel_Port1|$Stunnel_Port1|g" /etc/stunnel/stunnel.conf
  174. sed -i "s|dropbear_port_c|$(netstat -tlnp | grep -i dropbear | awk '{print $4}' | cut -d: -f2 | xargs | awk '{print $2}' | head -n1)|g" /etc/stunnel/stunnel.conf
  175. sed -i "s|Stunnel_Port2|$Stunnel_Port2|g" /etc/stunnel/stunnel.conf
  176. sed -i "s|openssh_port_c|$(netstat -tlnp | grep -i ssh | awk '{print $4}' | cut -d: -f2 | xargs | awk '{print $2}' | head -n1)|g" /etc/stunnel/stunnel.conf
  177. # Restarting stunnel service
  178. systemctl restart $StunnelDir
  179. }
  180. function InsOpenVPN(){
  181. # Checking if openvpn folder is accidentally deleted or purged
  182. if [[ ! -e /etc/openvpn ]]; then
  183. mkdir -p /etc/openvpn
  184. fi
  185. # Removing all existing openvpn server files
  186. rm -rf /etc/openvpn/*
  187. # Creating server.conf, ca.crt, server.crt and server.key
  188. cp -r /usr/share/easy-rsa/ /etc/openvpn
  189. mkdir /etc/openvpn/easy-rsa/keys
  190. sed -i 's|export KEY_COUNTRY="US"|export KEY_COUNTRY="MY"|' /etc/openvpn/easy-rsa/vars
  191. sed -i 's|export KEY_PROVINCE="CA"|export KEY_PROVINCE="Selangor"|' /etc/openvpn/easy-rsa/vars
  192. sed -i 's|export KEY_CITY="SanFrancisco"|export KEY_CITY="Gombak"|' /etc/openvpn/easy-rsa/vars
  193. sed -i 's|export KEY_ORG="Fort-Funston"|export KEY_ORG="AidanVPN"|' /etc/openvpn/easy-rsa/vars
  194. sed -i 's|export KEY_EMAIL="me@myhost.mydomain"|export KEY_EMAIL="server@aidan.my"|' /etc/openvpn/easy-rsa/vars
  195. sed -i 's|export KEY_OU="MyOrganizationalUnit"|export KEY_OU="AidanVPN"|' /etc/openvpn/easy-rsa/vars
  196. sed -i 's|export KEY_NAME="EasyRSA"|export KEY_NAME="aidanvpn"|' /etc/openvpn/easy-rsa/vars
  197. sed -i 's|export KEY_OU=changeme|export KEY_OU=aidanvpn|' /etc/openvpn/easy-rsa/vars
  198. # Create Diffie-Helman Pem
  199. openssl dhparam -out /etc/openvpn/dh.pem 1024
  200. # Create PKI
  201. cd /etc/openvpn/easy-rsa
  202. cp openssl-1.0.0.cnf openssl.cnf
  203. . ./vars
  204. ./clean-all
  205. export EASY_RSA="${EASY_RSA:-.}"
  206. "$EASY_RSA/pkitool" --initca $*
  207. # Create key server
  208. export EASY_RSA="${EASY_RSA:-.}"
  209. "$EASY_RSA/pkitool" --server server
  210. # Setting KEY CN
  211. export EASY_RSA="${EASY_RSA:-.}"
  212. "$EASY_RSA/pkitool" client
  213. # cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn
  214. cd
  215. cp /etc/openvpn/easy-rsa/keys/server.crt /etc/openvpn/server.crt
  216. cp /etc/openvpn/easy-rsa/keys/server.key /etc/openvpn/server.key
  217. cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/ca.crt
  218. chmod +x /etc/openvpn/ca.crt
  219. cat <<'myOpenVPNconf' > /etc/openvpn/server_tcp.conf
  220. # My OpenVPN
  221. port MyOvpnPort
  222. dev tun
  223. proto tcp
  224. ca /etc/openvpn/ca.crt
  225. cert /etc/openvpn/server.crt
  226. key /etc/openvpn/server.key
  227. dh /etc/openvpn/dh.pem
  228. cipher AES-128-CBC
  229. ncp-disable
  230. auth none
  231. comp-lzo
  232. plugin /etc/openvpn/openvpn-auth-pam.so login
  233. verify-client-cert none
  234. username-as-common-name
  235. max-clients 4000
  236. server 10.200.0.0 255.255.0.0
  237. tun-mtu 1500
  238. mssfix 1460
  239. reneg-sec 0
  240. sndbuf 393216
  241. rcvbuf 393216
  242. push "sndbuf 393216"
  243. push "rcvbuf 393216"
  244. push "route-method exe"
  245. push "route-delay 2"
  246. client-to-client
  247. keepalive 10 120
  248. persist-tun
  249. persist-key
  250. persist-remote-ip
  251. status /etc/openvpn/tcp_stats.log
  252. log /etc/openvpn/tcp.log
  253. verb 3
  254. script-security 2
  255. socket-flags TCP_NODELAY
  256. push "socket-flags TCP_NODELAY"
  257. myOpenVPNconf
  258. cat <<'myOpenVPNconf2' > /etc/openvpn/server_udp.conf
  259. # My OpenVPN
  260. port MyOvpnPort
  261. dev tun
  262. proto udp
  263. ca /etc/openvpn/ca.crt
  264. cert /etc/openvpn/server.crt
  265. key /etc/openvpn/server.key
  266. dh /etc/openvpn/dh.pem
  267. cipher AES-128-CBC
  268. ncp-disable
  269. auth none
  270. comp-lzo
  271. plugin /etc/openvpn/openvpn-auth-pam.so login
  272. verify-client-cert none
  273. username-as-common-name
  274. max-clients 4000
  275. server 10.201.0.0 255.255.0.0
  276. tun-mtu 1500
  277. mssfix 1460
  278. reneg-sec 0
  279. sndbuf 393216
  280. rcvbuf 393216
  281. push "sndbuf 393216"
  282. push "rcvbuf 393216"
  283. push "route-method exe"
  284. push "route-delay 2"
  285. client-to-client
  286. keepalive 10 120
  287. persist-tun
  288. persist-key
  289. persist-remote-ip
  290. status /etc/openvpn/udp_stats.log
  291. log /etc/openvpn/udp.log
  292. verb 3
  293. script-security 2
  294. socket-flags TCP_NODELAY
  295. push "socket-flags TCP_NODELAY"
  296. myOpenVPNconf2
  297. # Getting all dns inside resolv.conf then use as Default DNS for our openvpn server
  298. grep -v '#' /etc/resolv.conf | grep 'nameserver' | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | while read -r line; do
  299. echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server.conf
  300. done
  301. # Creating a New update message in server.conf
  302. # cat <<'NUovpn' > /etc/openvpn/server.conf
  303. # New Update are now released, OpenVPN Server
  304. # are now running both TCP and UDP Protocol. (Both are only running on IPv4)
  305. # But our native server.conf are now removed and divided
  306. # Into two different configs base on their Protocols:
  307. # * OpenVPN TCP (located at /etc/openvpn/server_tcp.conf
  308. # * OpenVPN UDP (located at /etc/openvpn/server_udp.conf
  309. #
  310. # Also other logging files like
  311. # status logs and server logs
  312. # are moved into new different file names:
  313. # * OpenVPN TCP Server logs (/etc/openvpn/tcp.log)
  314. # * OpenVPN UDP Server logs (/etc/openvpn/udp.log)
  315. # * OpenVPN TCP Status logs (/etc/openvpn/tcp_stats.log)
  316. # * OpenVPN UDP Status logs (/etc/openvpn/udp_stats.log)
  317. #
  318. # Server ports are configured base on env vars
  319. # executed/raised from this script (OpenVPN_TCP_Port/OpenVPN_UDP_Port)
  320. #
  321. # Enjoy the new update
  322. # NUovpn
  323. # setting openvpn server port
  324. sed -i "s|MyOvpnPort|$OpenVPN_TCP_Port|g" /etc/openvpn/server_tcp.conf
  325. sed -i "s|MyOvpnPort|$OpenVPN_UDP_Port|g" /etc/openvpn/server_udp.conf
  326. # Getting some OpenVPN plugins for unix authentication
  327. wget -qO /etc/openvpn/b.zip 'https://raw.githubusercontent.com/jm051484/jm051484script/master/openvpn_plugin64'
  328. unzip -qq /etc/openvpn/b.zip -d /etc/openvpn
  329. rm -f /etc/openvpn/b.zip
  330. # Some workaround for OpenVZ machines for "Startup error" openvpn service
  331. if [[ "$(hostnamectl | grep -i Virtualization | awk '{print $2}' | head -n1)" == 'openvz' ]]; then
  332. sed -i 's|LimitNPROC|#LimitNPROC|g' /lib/systemd/system/openvpn*
  333. systemctl daemon-reload
  334. fi
  335. # Allow IPv4 Forwarding
  336. sed -i '/net.ipv4.ip_forward.*/d' /etc/sysctl.conf
  337. echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/20-openvpn.conf
  338. sysctl --system &> /dev/null
  339. # Iptables Rule for OpenVPN server
  340. cat <<'EOFipt' > /etc/openvpn/openvpn.bash
  341. #!/bin/bash
  342. PUBLIC_INET="$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)"
  343. IPCIDR='10.200.0.0/16'
  344. IPCIDR2='10.201.0.0/16'
  345. iptables -I FORWARD -s $IPCIDR -j ACCEPT
  346. iptables -I FORWARD -s $IPCIDR2 -j ACCEPT
  347. iptables -t nat -A POSTROUTING -o $PUBLIC_INET -j MASQUERADE
  348. iptables -t nat -A POSTROUTING -s $IPCIDR -o $PUBLIC_INET -j MASQUERADE
  349. iptables -t nat -A POSTROUTING -s $IPCIDR2 -o $PUBLIC_INET -j MASQUERADE
  350. EOFipt
  351. chmod +x /etc/openvpn/openvpn.bash
  352. bash /etc/openvpn/openvpn.bash
  353. # Enabling IPv4 Forwarding
  354. echo 1 > /proc/sys/net/ipv4/ip_forward
  355. # Starting OpenVPN server
  356. systemctl start openvpn@server_tcp
  357. systemctl enable openvpn@server_tcp
  358. systemctl start openvpn@server_udp
  359. systemctl enable openvpn@server_udp
  360. # Pulling OpenVPN no internet fixer script
  361. wget -qO /etc/openvpn/openvpn.bash "https://raw.githubusercontent.com/jm051484/jm051484script/master/openvpn.bash"
  362. chmod +x /etc/openvpn/openvpn.bash
  363. }
  364. function InsProxy(){
  365. # Removing Duplicate privoxy config
  366. rm -rf /etc/privoxy/config*
  367. # Creating Privoxy server config using cat eof tricks
  368. cat <<'myPrivoxy' > /etc/privoxy/config
  369. # My Privoxy Server Config
  370. user-manual /usr/share/doc/privoxy/user-manual
  371. confdir /etc/privoxy
  372. logdir /var/log/privoxy
  373. filterfile default.filter
  374. logfile logfile
  375. listen-address 0.0.0.0:Privoxy_Port1
  376. toggle 1
  377. enable-remote-toggle 0
  378. enable-remote-http-toggle 0
  379. enable-edit-actions 0
  380. enforce-blocks 0
  381. buffer-limit 4096
  382. enable-proxy-authentication-forwarding 1
  383. forwarded-connect-retries 1
  384. accept-intercepted-requests 1
  385. allow-cgi-request-crunching 1
  386. split-large-forms 0
  387. keep-alive-timeout 5
  388. tolerate-pipelining 1
  389. socket-timeout 300
  390. permit-access 0.0.0.0/0 IP-ADDRESS
  391. myPrivoxy
  392. # Setting machine's IP Address inside of our privoxy config(security that only allows this machine to use this proxy server)
  393. sed -i "s|IP-ADDRESS|$IPADDR|g" /etc/privoxy/config
  394. # Setting privoxy ports
  395. sed -i "s|Privoxy_Port1|$Privoxy_Port1|g" /etc/privoxy/config
  396. # Removing Duplicate Squid config
  397. rm -rf /etc/squid/squid.conf*
  398. # Creating Squid server config using cat eof tricks
  399. cat <<'mySquid' > /etc/squid/squid.conf
  400. # My Squid Proxy Server Config
  401. acl VPN dst IP-ADDRESS/32
  402. http_access allow VPN
  403. http_access deny all
  404. http_port Squid_Port1
  405. http_port Squid_Port2
  406. http_port Squid_Port3
  407. coredump_dir /var/spool/squid
  408. refresh_pattern ^ftp: 1440 20% 10080
  409. refresh_pattern ^gopher: 1440 0% 1440
  410. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  411. refresh_pattern . 0 20% 4320
  412. visible_hostname AidanVPN
  413. mySquid
  414. # Setting machine's IP Address inside of our squid config(security that only allows this machine to use this proxy server)
  415. sed -i "s|IP-ADDRESS|$IPADDR|g" /etc/squid/squid.conf
  416. # Setting squid ports
  417. sed -i "s|Squid_Port1|$Squid_Port1|g" /etc/squid/squid.conf
  418. sed -i "s|Squid_Port2|$Squid_Port2|g" /etc/squid/squid.conf
  419. sed -i "s|Squid_Port3|$Squid_Port3|g" /etc/squid/squid.conf
  420. sed -i "s|MyScriptName|$MyScriptName|g" /etc/squid/squid.conf
  421. # Starting Proxy server
  422. echo -e "Restarting proxy server.."
  423. systemctl restart privoxy
  424. systemctl restart squid
  425. }
  426. function OvpnConfigs(){
  427. # Creating nginx config for our ovpn config downloads webserver
  428. cat <<'myNginxC' > /etc/nginx/conf.d/jm051484-ovpn-config.conf
  429. # My OpenVPN Config Download Directory
  430. server {
  431. listen 0.0.0.0:myNginx;
  432. server_name localhost;
  433. root /var/www/openvpn;
  434. index index.html;
  435. }
  436. myNginxC
  437. # Setting our nginx config port for .ovpn download site
  438. sed -i "s|myNginx|$OvpnDownload_Port|g" /etc/nginx/conf.d/jm051484-ovpn-config.conf
  439. # Removing Default nginx page(port 80)
  440. rm -rf /etc/nginx/sites-*
  441. # Creating our root directory for all of our .ovpn configs
  442. rm -rf /var/www/openvpn
  443. mkdir -p /var/www/openvpn
  444. # Now creating all of our OpenVPN Configs
  445. cat <<EOF15> /var/www/openvpn/GTMConfig.ovpn
  446. client
  447. dev tun
  448. proto tcp
  449. remote $IPADDR $OpenVPN_TCP_Port
  450. remote-cert-tls server
  451. resolv-retry infinite
  452. connect-retry infinite
  453. nobind
  454. tun-mtu 1500
  455. mssfix 1460
  456. persist-key
  457. persist-tun
  458. auth-user-pass
  459. auth none
  460. auth-nocache
  461. cipher none
  462. keysize 0
  463. comp-lzo
  464. setenv CLIENT_CERT 0
  465. reneg-sec 0
  466. verb 3
  467. #http-proxy $IPADDR $Squid_Port1
  468. http-proxy $IPADDR $Privoxy_Port1
  469. http-proxy-option VERSION 1.1
  470. http-proxy-option CUSTOM-HEADER Host www.googleapis.com
  471. http-proxy-option CUSTOM-HEADER X-Forwarded-For www.googleapis.com
  472. <ca>
  473. $(cat /etc/openvpn/ca.crt)
  474. </ca>
  475. EOF15
  476. cat <<EOF16> /var/www/openvpn/SunConfig.ovpn
  477. client
  478. dev tun
  479. proto tcp
  480. remote $IPADDR $OpenVPN_TCP_Port
  481. remote-cert-tls server
  482. connect-retry infinite
  483. resolv-retry infinite
  484. nobind
  485. tun-mtu 1500
  486. mssfix 1460
  487. persist-key
  488. persist-tun
  489. auth-user-pass
  490. auth none
  491. auth-nocache
  492. cipher none
  493. keysize 0
  494. comp-lzo
  495. setenv CLIENT_CERT 0
  496. reneg-sec 0
  497. verb 3
  498. #http-proxy $IPADDR $Squid_Port1
  499. http-proxy $IPADDR $Privoxy_Port1
  500. http-proxy-option CUSTOM-HEADER Host www.viber.com.edgekey.net
  501. http-proxy-option CUSTOM-HEADER X-Online-Host www.viber.com.edgekey.net
  502. http-proxy-option CUSTOM-HEADER X-Forwarded-For www.viber.com.edgekey.net
  503. <ca>
  504. $(cat /etc/openvpn/ca.crt)
  505. </ca>
  506. EOF16
  507. cat <<EOF162> /var/www/openvpn/SunUDPConfig.ovpn
  508. client
  509. dev tun
  510. proto udp
  511. remote $IPADDR $OpenVPN_UDP_Port
  512. remote-cert-tls server
  513. resolv-retry infinite
  514. float
  515. fast-io
  516. nobind
  517. tun-mtu 1500
  518. mssfix 1460
  519. persist-key
  520. persist-remote-ip
  521. persist-tun
  522. auth-user-pass
  523. auth none
  524. auth-nocache
  525. cipher none
  526. keysize 0
  527. comp-lzo
  528. setenv CLIENT_CERT 0
  529. reneg-sec 0
  530. verb 3
  531. <ca>
  532. $(cat /etc/openvpn/ca.crt)
  533. </ca>
  534. EOF162
  535. cat <<EOF17> /var/www/openvpn/SunNoloadConfig.ovpn
  536. client
  537. dev tun
  538. proto tcp-client
  539. remote $IPADDR $OpenVPN_TCP_Port
  540. remote-cert-tls server
  541. bind
  542. float
  543. tun-mtu 1500
  544. tun-mtu-extra 32
  545. mssfix 1450
  546. mute-replay-warnings
  547. connect-retry-max 9999
  548. redirect-gateway def1
  549. connect-retry 0 1
  550. resolv-retry infinite
  551. setenv CLIENT_CERT 0
  552. persist-tun
  553. persist-key
  554. auth-user-pass
  555. auth none
  556. auth-nocache
  557. auth-retry interact
  558. cipher none
  559. keysize 0
  560. comp-lzo
  561. reneg-sec 0
  562. verb 0
  563. nice -20
  564. log /dev/null
  565. <ca>
  566. $(cat /etc/openvpn/ca.crt)
  567. </ca>
  568. EOF17
  569. # Creating OVPN download site index.html
  570. cat <<'mySiteOvpn' > /var/www/openvpn/index.html
  571. <!DOCTYPE html>
  572. <html lang="en">
  573. <!-- Simple OVPN Download site by jm051484 -->
  574. <head><meta charset="utf-8" /><title>MyScriptName OVPN Config Download</title><meta name="description" content="MyScriptName Server" /><meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" name="viewport" /><meta name="theme-color" content="#000000" /><link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.8.2/css/all.css"><link href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/css/bootstrap.min.css" rel="stylesheet"><link href="https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.8.3/css/mdb.min.css" rel="stylesheet"></head><body><div class="container justify-content-center" style="margin-top:9em;margin-bottom:5em;"><div class="col-md"><div class="view"><img src="https://openvpn.net/wp-content/uploads/openvpn.jpg" class="card-img-top"><div class="mask rgba-white-slight"></div></div><div class="card"><div class="card-body"><h5 class="card-title">Config List</h5><br /><ul class="list-group"><li class="list-group-item justify-content-between align-items-center" style="margin-bottom:1em;"><p>For Globe/TM <span class="badge light-blue darken-4">Android/iOS</span><br /><small> For EZ/GS Promo with WNP,SNS,FB and IG freebies</small></p><a class="btn btn-outline-success waves-effect btn-sm" href="http://IP-ADDRESS:NGINXPORT/GTMConfig.ovpn" style="float:right;"><i class="fa fa-download"></i> Download</a></li><li class="list-group-item justify-content-between align-items-center" style="margin-bottom:1em;"><p>For Globe/TM <span class="badge light-blue darken-4">PC/Modem</span><br /><small> For EZ/GS Promo with WNP,SNS,FB and IG freebies</small></p><a class="btn btn-outline-success waves-effect btn-sm" href="http://IP-ADDRESS:NGINXPORT/GTM-PC-Config.ovpn" style="float:right;"><i class="fa fa-download"></i> Download</a></li><li class="list-group-item justify-content-between align-items-center" style="margin-bottom:1em;"><p>For Sun <span class="badge light-blue darken-4">Android/iOS/PC/Modem</span><br /><small> For TU Promos</small></p><a class="btn btn-outline-success waves-effect btn-sm" href="http://IP-ADDRESS:NGINXPORT/SunConfig.ovpn" style="float:right;"><i class="fa fa-download"></i> Download</a></li><li class="list-group-item justify-content-between align-items-center" style="margin-bottom:1em;"><p>For Sun <span class="badge light-blue darken-4">Modem</span><br /><small> Without Promo/Noload</small></p><a class="btn btn-outline-success waves-effect btn-sm" href="http://IP-ADDRESS:NGINXPORT/SunNoloadConfig.ovpn" style="float:right;"><i class="fa fa-download"></i> Download</a></li></ul></div></div></div></div></body></html>
  575. mySiteOvpn
  576. # Setting template's correct name,IP address and nginx Port
  577. sed -i "s|MyScriptName|$MyScriptName|g" /var/www/openvpn/index.html
  578. sed -i "s|NGINXPORT|$OvpnDownload_Port|g" /var/www/openvpn/index.html
  579. sed -i "s|IP-ADDRESS|$IPADDR|g" /var/www/openvpn/index.html
  580. # Restarting nginx service
  581. systemctl restart nginx
  582. # Creating all .ovpn config archives
  583. cd /var/www/openvpn
  584. zip -qq -r Configs.zip *.ovpn
  585. cd
  586. }
  587. function ip_address(){
  588. local IP="$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 )"
  589. [ -z "${IP}" ] && IP="$( wget -qO- -t1 -T2 ipv4.icanhazip.com )"
  590. [ -z "${IP}" ] && IP="$( wget -qO- -t1 -T2 ipinfo.io/ip )"
  591. [ ! -z "${IP}" ] && echo "${IP}" || echo
  592. }
  593. IPADDR="$(ip_address)"
  594. function ConfStartup(){
  595. # Daily reboot time of our machine
  596. # For cron commands, visit https://crontab.guru
  597. echo -e "0 4\t* * *\troot\treboot" > /etc/cron.d/b_reboot_job
  598. # Creating directory for startup script
  599. rm -rf /etc/jm051484
  600. mkdir -p /etc/jm051484
  601. chmod -R 755 /etc/jm051484
  602. # Creating startup script using cat eof tricks
  603. cat <<'EOFSH' > /etc/jm051484/startup.sh
  604. #!/bin/bash
  605. # Setting server local time
  606. ln -fs /usr/share/zoneinfo/MyVPS_Time /etc/localtime
  607. # Prevent DOS-like UI when installing using APT (Disabling APT interactive dialog)
  608. export DEBIAN_FRONTEND=noninteractive
  609. # Allowing ALL TCP ports for our machine (Simple workaround for policy-based VPS)
  610. iptables -A INPUT -s $(wget -4qO- http://ipinfo.io/ip) -p tcp -m multiport --dport 1:65535 -j ACCEPT
  611. # Allowing OpenVPN to Forward traffic
  612. /bin/bash /etc/openvpn/openvpn.bash
  613. # Deleting Expired SSH Accounts
  614. /usr/local/sbin/delete_expired &> /dev/null
  615. EOFSH
  616. chmod +x /etc/jm051484/startup.sh
  617. # Setting server local time every time this machine reboots
  618. sed -i "s|MyVPS_Time|$MyVPS_Time|g" /etc/jm051484/startup.sh
  619. #
  620. rm -rf /etc/sysctl.d/99*
  621. # Setting our startup script to run every machine boots
  622. echo "[Unit]
  623. Description=jm051484 Startup Script
  624. Before=network-online.target
  625. Wants=network-online.target
  626. [Service]
  627. Type=oneshot
  628. ExecStart=/bin/bash /etc/jm051484/startup.sh
  629. RemainAfterExit=yes
  630. [Install]
  631. WantedBy=multi-user.target" > /etc/systemd/system/jm051484.service
  632. chmod +x /etc/systemd/system/jm051484.service
  633. systemctl daemon-reload
  634. systemctl start jm051484
  635. systemctl enable jm051484 &> /dev/null
  636. # install ddos deflate
  637. cd
  638. apt-get -y install dnsutils dsniff
  639. wget https://raw.githubusercontent.com/jm051484/Deb83in1Autoscript/master/ddos-deflate-master.zip
  640. unzip ddos-deflate-master.zip
  641. cd ddos-deflate-master
  642. ./install.sh
  643. rm -rf /root/ddos-deflate-master.zip
  644. # Rebooting cron service
  645. systemctl restart cron
  646. systemctl enable cron
  647. }
  648. function ConfMenu(){
  649. echo -e " Creating Menu scripts.."
  650. cd /usr/local/sbin/
  651. rm -rf {accounts,base-ports,base-ports-wc,base-script,bench-network,clearcache,connections,create,create_random,create_trial,delete_expired,diagnose,edit_dropbear,edit_openssh,edit_openvpn,edit_ports,edit_squid3,edit_stunnel4,locked_list,menu,options,ram,reboot_sys,reboot_sys_auto,restart_services,server,set_multilogin_autokill,set_multilogin_autokill_lib,show_ports,speedtest,user_delete,user_details,user_details_lib,user_extend,user_list,user_lock,user_unlock}
  652. wget -q 'https://raw.githubusercontent.com/jm051484/jm051484script/master/menu.zip'
  653. unzip -qq menu.zip
  654. rm -f menu.zip
  655. chmod +x ./*
  656. dos2unix ./* &> /dev/null
  657. sed -i 's|/etc/squid/squid.conf|/etc/privoxy/config|g' ./*
  658. sed -i 's|http_port|listen-address|g' ./*
  659. cd ~
  660. echo 'clear' > /etc/profile.d/jm051484.sh
  661. echo 'echo '' > /var/log/syslog' >> /etc/profile.d/jm051484.sh
  662. echo 'screenfetch -p -A Android' >> /etc/profile.d/jm051484.sh
  663. chmod +x /etc/profile.d/jm051484.sh
  664. }
  665. function ScriptMessage(){
  666. echo -e " (。◕‿◕。) $MyScriptName Debian VPS Installer"
  667. echo -e " Open release version"
  668. echo -e ""
  669. echo -e " Original Script created by Bonveio"
  670. echo -e " Modified by A.Dev"
  671. echo -e ""
  672. }
  673. #############################
  674. #############################
  675. ## Installation Process
  676. #############################
  677. ## WARNING: Do not modify or edit anything
  678. ## if you didn't know what to do.
  679. ## This part is too sensitive.
  680. #############################
  681. #############################
  682. # First thing to do is check if this machine is Debian
  683. source /etc/os-release
  684. if [[ "$ID" != 'debian' ]]; then
  685. ScriptMessage
  686. echo -e "[\e[1;31mError\e[0m] This script is for Debian only, exting..."
  687. exit 1
  688. fi
  689. # Now check if our machine is in root user, if not, this script exits
  690. # If you're on sudo user, run `sudo su -` first before running this script
  691. if [[ $EUID -ne 0 ]];then
  692. ScriptMessage
  693. echo -e "[\e[1;31mError\e[0m] This script must be run as root, exiting..."
  694. exit 1
  695. fi
  696. # (For OpenVPN) Checking it this machine have TUN Module, this is the tunneling interface of OpenVPN server
  697. if [[ ! -e /dev/net/tun ]]; then
  698. echo -e "[\e[1;31m×\e[0m] You cant use this script without TUN Module installed/embedded in your machine, file a support ticket to your machine admin about this matter"
  699. echo -e "[\e[1;31m-\e[0m] Script is now exiting..."
  700. exit 1
  701. fi
  702. # Begin Installation by Updating and Upgrading machine and then Installing all our wanted packages/services to be install.
  703. ScriptMessage
  704. sleep 2
  705. InstUpdates
  706. # Configure OpenSSH and Dropbear
  707. echo -e "Configuring ssh..."
  708. InstSSH
  709. # Configure Stunnel
  710. echo -e "Configuring stunnel..."
  711. InsStunnel
  712. # Configure Webmin
  713. echo -e "Configuring webmin..."
  714. InstWebmin
  715. # Configure Privoxy and Squid
  716. echo -e "Configuring proxy..."
  717. InsProxy
  718. # Configure OpenVPN
  719. echo -e "Configuring OpenVPN..."
  720. InsOpenVPN
  721. # Configuring Nginx OVPN config download site
  722. OvpnConfigs
  723. # Some assistance and startup scripts
  724. ConfStartup
  725. ## DNS maker plugin for SUN users(for vps script usage only)
  726. wget -qO dnsmaker "https://raw.githubusercontent.com/jm051484/jm051484script/master/DNSMaster/debian"
  727. chmod +x dnsmaker
  728. ./dnsmaker
  729. rm -rf dnsmaker
  730. sed -i "s|http-proxy $IPADDR|http-proxy $(cat /tmp/abonv_mydns)|g" /var/www/openvpn/SunConfig.ovpn
  731. sed -i "s|remote $IPADDR|remote $(cat /tmp/abonv_mydns)|g" /var/www/openvpn/SunUDPConfig.ovpn
  732. curl -4sSL "$(cat /tmp/abonv_mydns_domain)" &> /dev/null
  733. mv /tmp/abonv_mydns /etc/jm051484/my_domain_name
  734. mv /tmp/abonv_mydns_id /etc/jm051484/my_domain_id
  735. rm -rf /tmp/abonv*
  736. # VPS Menu script v1.0
  737. ConfMenu
  738. # Setting server local time
  739. ln -fs /usr/share/zoneinfo/$MyVPS_Time /etc/localtime
  740. clear
  741. cd ~
  742. # Running sysinfo
  743. bash /etc/profile.d/jm051484.sh
  744. # Showing script's banner message
  745. ScriptMessage
  746. # Showing additional information from installating this script
  747. echo -e ""
  748. echo -e " Success Installation"
  749. echo -e ""
  750. echo -e " Service Ports: "
  751. echo -e " OpenSSH: $SSH_Port1"
  752. echo -e " Stunnel: $Stunnel_Port1, $Stunnel_Port2"
  753. echo -e " DropbearSSH: $Dropbear_Port1, $Dropbear_Port2"
  754. echo -e " Privoxy: $Privoxy_Port1"
  755. echo -e " Squid: $Squid_Port1"
  756. echo -e " OpenVPN TCP: $OpenVPN_TCP_Port"
  757. echo -e " OpenVPN UDP: $OpenVPN_UDP_Port"
  758. echo -e " NGiNX: $OvpnDownload_Port"
  759. echo -e " Webmin: 10000"
  760. echo -e ""
  761. echo -e ""
  762. echo -e " OpenVPN Configs Download site"
  763. echo -e " http://$IPADDR:$OvpnDownload_Port"
  764. echo -e ""
  765. echo -e " All OpenVPN Configs Archive"
  766. echo -e " http://$IPADDR:$OvpnDownload_Port/Configs.zip"
  767. echo -e ""
  768. echo -e " [For SUN Users]:"
  769. echo -e " Your DNS: $(cat /etc/jm051484/my_domain_name)"
  770. echo -e " Your DNS ID: $(cat /etc/jm051484/my_domain_id)"
  771. echo -e " * Keep your DNS ID in private, do not share your ID to anyone"
  772. echo -e ""
  773. echo -e ""
  774. echo -e " [Note] DO NOT RESELL THIS SCRIPT"
  775. # Clearing all logs from installation
  776. rm -rf /root/.bash_history && history -c && echo '' > /var/log/syslog
  777. rm -f DebianVPS-Installer*
  778. exit 1