Update install.sh

This commit is contained in:
Stefan Pejcic 2025-02-06 15:15:54 +01:00 committed by GitHub
parent 0afd4f8343
commit a113e31c24
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -34,7 +34,7 @@ LOCALES=true # only en
NO_SSH=false # deny port 22 NO_SSH=false # deny port 22
SET_HOSTNAME_NOW=false # must be a FQDN SET_HOSTNAME_NOW=false # must be a FQDN
SETUP_SWAP_ANYWAY=false SETUP_SWAP_ANYWAY=false
MODSEC=true # install modsecurity, unless user provices --no-modsecurity flag CORAZA=true # install CorazaWAF, unless user provices --no-waf flag
SWAP_FILE="1" # calculated based on ram SWAP_FILE="1" # calculated based on ram
SEND_EMAIL_AFTER_INSTALL=false SEND_EMAIL_AFTER_INSTALL=false
SET_PREMIUM=false # added in 0.2.1 SET_PREMIUM=false # added in 0.2.1
@ -290,7 +290,7 @@ panel_customize # customizations
docker_compose_up # must be after configure_nginx docker_compose_up # must be after configure_nginx
docker_cpu_limiting # https://docs.docker.com/engine/security/rootless/#limiting-resources docker_cpu_limiting # https://docs.docker.com/engine/security/rootless/#limiting-resources
set_premium_features # must be after docker_compose_up set_premium_features # must be after docker_compose_up
configure_modsecurity # download modsec coreruleset or change docker image configure_coraza # download corazawaf coreruleset or change docker image
set_custom_hostname # set hostname if provided set_custom_hostname # set hostname if provided
generate_and_set_ssl_for_panels # if FQDN then lets setup https generate_and_set_ssl_for_panels # if FQDN then lets setup https
setup_firewall_service # setup firewall setup_firewall_service # setup firewall
@ -374,7 +374,7 @@ parse_args() {
echo " --csf Install and setup ConfigServer Firewall (default from >0.2.3)" echo " --csf Install and setup ConfigServer Firewall (default from >0.2.3)"
echo " --ufw Install and setup Uncomplicated Firewall (was default in <0.2.3)" echo " --ufw Install and setup Uncomplicated Firewall (was default in <0.2.3)"
echo " --skip-ssl Skip SSL setup." echo " --skip-ssl Skip SSL setup."
echo " --no-modsecurity Do not configure ModSecurity with OWASP Coreruleset." echo " --no-waf Do not configure CorazaWAF with OWASP Coreruleset."
echo " --no-ssh Disable port 22 and whitelist the IP address of user installing the panel." echo " --no-ssh Disable port 22 and whitelist the IP address of user installing the panel."
echo " --post_install=<path> Specify the post install script path." echo " --post_install=<path> Specify the post install script path."
echo " --screenshots=<url> Set the screenshots API URL." echo " --screenshots=<url> Set the screenshots API URL."
@ -438,8 +438,8 @@ while [[ $# -gt 0 ]]; do
--skip-ssl) --skip-ssl)
SKIP_SSL=true SKIP_SSL=true
;; ;;
--no-modsecurity) --no-waf)
MODSEC=false CORAZA=false
;; ;;
--debug) --debug)
DEBUG=true DEBUG=true
@ -1568,15 +1568,15 @@ fi
} }
configure_modsecurity() { configure_coraza() {
if [ "$MODSEC" = true ]; then if [ "$CORAZA" = true ]; then
echo "Installing ModSecurity and setting OWASP core ruleset.." echo "Installing CorazaWAF and setting OWASP core ruleset.."
debug_log mkdir -p /etc/openpanel/caddy/ debug_log mkdir -p /etc/openpanel/caddy/
debug_log wget https://raw.githubusercontent.com/corazawaf/coraza/v3/dev/coraza.conf-recommended -O /etc/openpanel/caddy/coraza_rules.conf debug_log wget https://raw.githubusercontent.com/corazawaf/coraza/v3/dev/coraza.conf-recommended -O /etc/openpanel/caddy/coraza_rules.conf
debug_log git clone https://github.com/coreruleset/coreruleset /etc/openpanel/caddy/coreruleset/ debug_log git clone https://github.com/coreruleset/coreruleset /etc/openpanel/caddy/coreruleset/
else else
echo "Disabling ModSecurity: setting caddy:latest docker image instead of openpanel/caddy-coraza" echo "Disabling CorazaWAF: setting caddy:latest docker image instead of openpanel/caddy-coraza"
sed -i 's|image: .*caddy.*|image: caddy:latest|' /root/docker-compose.yml sed -i 's|image: .*caddy.*|image: caddy:latest|' /root/docker-compose.yml
fi fi