Install AltaOS on Ubuntu 24.04 LTS

Submitted by Alan Mels on Tue, 10/29/2024 - 03:15

Make sure to tar /etc/ag directory on any working AltaGrade Ubuntu servers and wget the compressed file to the new server and run:

  1. cd /etc && wget http://backup.altagrade.net/ag.tgz && tar xzf ag.tgz && rm -rf ag.tgz

If you were to run the resulting script on this page (Click on Copy all the steps link):

  1. cd /usr/src && wget http://in.altagrade.org:8080/https://in.altagrade.org/sites/default/files/node-92-1730173444-source-code.txt && mv node-92-1730173444-source-code.txt altaos.txt && apt-get -y install wget dos2unix && dos2unix altaos.txt && mv altaos.txt altaos.sh && chmod 755 altaos.sh && mkdir /root/.altaos && sh ./altaos.sh | tee /root/.altaos/altaos-install.log

0) Check if the system is freshly installed before doing anything else, because we don't want to run the installation script twice

if [ -d /etc/webmin ]; then
  echo "It seems this script has already been executed on this server."
  echo "This script should be run only once as otherwise it will duplicate entries in number of configuration files!"
  exit 0
fi
 
chmod -x /etc/update-motd.d/*
apt-get update -y && apt-get upgrade -y && apt full-upgrade -y && apt autoremove -y
 
# Per https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1780196
apt install dracut-core -y
apt install policycoreutils -y
 
echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6=1" >> /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6=1" >> /etc/sysctl.conf
 
apt install net-tools

1) Set some variables to use later in the installation script

if grep -q "QEMU" /proc/bus/input/devices; then
    PORT=19759
else
    PORT=19753
fi
export PORT
IP="$( hostname -I )"
IP6="$( ip -6 addr | grep inet6 | awk -F '[ \t]+|/' '{print $3}' | grep -v ^::1 )"
IFACE=$(ip addr | grep $IP | awk '{print $NF}')
OWNER=""
TIMESTAMP=$(date +%s)
SECONDS=0

2) Change SSH port

adduser --disabled-password --gecos "" altagrade
usermod -aG sudo altagrade
sed -i '/%sudo/c\%sudo ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers
mkdir /home/altagrade/.ssh
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC753VZbicoElj5moS0XZ70ERwse483Cuqc6Jf3YXJvn4+ZGzdjUsUI4+0GHK0aufeFh4YNZQ9QoQnM/3HUKZIGm3/2lYvzY1Z2YtyWz57LSX6o+oskq01Pe+3g+sxbt1yOW/KhClVhTSNzFPtMV5h4//JLxdO1Z6pctXSgq2COZ9fnEAm/AzmYFpuNvg0JmNdWuFkvnSKZrkt9hmw72TTjTE+p9DviTmoq4GCr6l2Pg4y6oTlyQ595yi6wDZe0JK7cdkKMsA4U6kAyHqci7zXOu7HjLdYcKZCohCp/iddHZbERmlZuS1eGbiARYtBZb9FNdUmnUB3nggb4DU3FPeDl' >> /home/altagrade/.ssh/authorized_keys
restorecon -R -v /home/altagrade/.ssh
 
sed -i "s/#force_color_prompt=yes/force_color_prompt=yes/g" /root/.bashrc
source /root/.bashrc 
sed -i "s/#force_color_prompt=yes/force_color_prompt=yes/g" /home/altagrade/.bashrc
sed -i "s/#Port 22/Port $PORT/g" /etc/ssh/sshd_config
sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g" /etc/ssh/sshd_config
sed -i "s/PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
service sshd restart

3) Prepare the system

# Make boot fast
systemctl disable systemd-networkd-wait-online.service
systemctl mask systemd-networkd-wait-online.service
 
if [ "$(readlink /etc/localtime)" != "/usr/share/zoneinfo/UTC" ]; then
  echo "=================================================================================="
  echo "Setting local time to UTC .."
  rm -f /etc/localtime
  ln -s /usr/share/zoneinfo/UTC /etc/localtime
  echo ".. done"
fi
 
if [ ! -d /backup ]; then
  echo "=================================================================================="
  echo "Creating /home/backup directory .."
  mkdir /backup
  echo ".. done"
fi
 
if [ ! -d /sandbox ]; then
  echo "=================================================================================="
  echo "Creating /sandbox directory .."
  mkdir /sandbox
  echo ".. done"
fi

4) Enable Automatic Updates

apt install unattended-upgrades
apt install update-notifier-common
#edit /etc/apt/apt.conf.d/50unattended-upgrades per https://linoxide.com/enable-automatic-updates-on-ubuntu-20-04/
 
sed -i 's*//Unattended-Upgrade::Mail "";*Unattended-Upgrade::Mail "[email protected]";*g' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's*//Unattended-Upgrade::MailReport "on-change";*Unattended-Upgrade::MailReport "only-on-error";*g' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's*//Unattended-Upgrade::Automatic-Reboot "false";*Unattended-Upgrade::Automatic-Reboot "true";*g' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's*//Unattended-Upgrade::Automatic-Reboot-WithUsers "true";*Unattended-Upgrade::Automatic-Reboot-WithUsers "true";*g' /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's*//Unattended-Upgrade::Automatic-Reboot-Time "02:00";*Unattended-Upgrade::Automatic-Reboot-Time "02:36";*g' /etc/apt/apt.conf.d/50unattended-upgrades

5) Installing Webmin and Virtualmin

if [ ! -d /etc/webmin ]; then
  echo "=================================================================================="
  echo "Installing control panel .."
  cd /usr/src
  wget http://software.virtualmin.com/gpl/scripts/install.sh
  chmod 755 install.sh
  ./install.sh -y
  echo ".. done"
fi

6) Configuring Virtualmin

# yes | /usr/share/webmin/authentic-theme/theme-update.sh
# yes | /usr/share/usermin/authentic-theme/theme-update.sh
# Adapting Virtualmin and Webmin jargon for cPanel users
/etc/ag/cp/new-lang.sh
sed -i 's/bandwidth /traffic /g' /etc/webmin/virtual-server/bw-template
sed -i 's/bandwidth /traffic /g' /etc/webmin/virtual-server/warnbw-template
sed -i 's/Bandwidth /Traffic /g' /etc/webmin/virtual-server/bw-template
sed -i 's/Bandwidth /Traffic /g' /etc/webmin/virtual-server/warnbw-template
sed -i 's/virtual server /domain /g' /etc/webmin/virtual-server/bw-template
sed -i 's/virtual server /domain /g' /etc/webmin/virtual-server/warnbw-template
sed -i 's/sub-servers /sub-domains /g' /etc/webmin/virtual-server/bw-template
sed -i 's/sub-servers /sub-domains /g' /etc/webmin/virtual-server/warnbw-template
 
rm -rf /etc/webmin/authentic-theme
cp -R /etc/ag/webmin/authentic-theme /etc/webmin
rm -rf /etc/webmin/status
cp -R /etc/ag/webmin/status /etc/webmin
rm -rf /etc/webmin/custom
cp -R /etc/ag/webmin/custom /etc/webmin
 
sed -i 's/mail=1/mail=2/g' /etc/webmin/virtual-server/config
sed -i 's/spam=1/spam=2/g' /etc/webmin/virtual-server/config
sed -i 's/dns=1/dns=2/g' /etc/webmin/virtual-server/config
sed -i 's/plugins=virtualmin-awstats virtualmin-dav virtualmin-htpasswd/plugins=virtualmin-htpasswd/g' /etc/webmin/virtual-server/config
sed -i 's/ftp=2/ftp=0/g' /etc/webmin/virtual-server/config
sed -i 's/virus=1/virus=2/g' /etc/webmin/virtual-server/config
echo 'plugins_inactive=virtualmin-awstats virtualmin-init virtualmin-dav virtualmin-registrar virtualmin-git virtualmin-sqlite virtualmin-slavedns' >> /etc/webmin/virtual-server/config
 
echo "PORT ${PORT}" > /etc/webmin/virtual-server/globals

7) Webmin UI categories

cat > /etc/webmin/webmin.descs << 'EOT'
bandwidth=Traffic Monitoring
webmin=Host Manager Configuration
servers=Host Manager Servers
webminlog=Host Manager Log
acl=Host Manager Users
virtualmin-registrar=Site Manager Domain Registration
virtualmin-dav=Site Manager DAV
virtualmin-init=Site Manager Bootup Actions
virtualmin-git=Site Manager Git
virtualmin-htpasswd=Site Manager Protected Directories
virtualmin-sqlite=Site Manager SQLite
virtual-server=Site Manager Domains
usermin=User Manager Configuration
custom=AltaGrade Commands
EOT
 
cat > /etc/webmin/webmin.catnames << 'EOT'
=AltaGrade
EOT

8) Email template for domains

cat > /etc/webmin/virtual-server/domain-template << 'EOT'
The following website has been created successfully:
 
+=============================================+
| Website Info | ${DOM}
+=============================================+
| Username: ${USER}
| Password: ${PASS}
${IF-WEB}
| Website: http://www.${DOM}
| HTML directory: ${PUBLIC_HTML_PATH}
${IF-MAIL}
| SMTP server:             mail.${DOM} 
| POP3 server:             mail.${DOM}
${ENDIF-MAIL}
${IF-WEBALIZER}
| Webalizer log reporting: Enabled
${ENDIF-WEBALIZER}
${ENDIF-WEB}
${IF-MYSQL}
| MySQL database: ${DB}
| MySQL login: ${MYSQL_USER}
${IF-MYSQL_PASS}
| MySQL password: ${MYSQL_PASS}
${ELSE-MYSQL_PASS}
| MySQL password: ${PASS}
${ENDIF-MYSQL_PASS}
${ENDIF-MYSQL}
| Apache Solr Host: localhost
| Apache Solr Port: 8983
| Apache Solr Path: /solr/${DOM} 
+=============================================+
 
+=============================================+
| Server Info | ${IP}
+=============================================+
| Dedicated IP: ${IP}
| SSH and SFTP Port: ${PORT}
| Control Panel: http://admin.${DOM} 
| (or https://${IP}:8443 before propagation)
+=============================================+
 
Please note of the following important details:
 
- The above access information is not for your profile account at https://my.altagrade.com. 
You set your own username and password for your profile account during sign-up process. 
If you forgot your password to your profile account, then please just reset it on 
https://my.altagrade.com/user/password.
 
- You can request this e-mail any time by logging in to your control panel, selecting the 
website's domain name in the drop-down list on the left menu and clicking on 
"Administration Options" > Re-Send Signup Email.
 
- Find more detailed information please read our documentation portal at 
https://www.altagrade.com/help.
 
- If you have any questions, comments, or concerns, feel free to create a support ticket 
at https://my.altagrade.com.
EOT
 
cat > /etc/webmin/virtual-server/subdomain-template << 'EOT'
The following website has been created successfully:
 
+===================================+
| Website Info | ${DOM}
+===================================+
| Username: 		${USER}
| Password: 		${PASS}
${IF-WEB}
| Website:                 http://www.${DOM}
${IF-MAIL}
| SMTP server:             mail.${DOM} 
| POP3 server:             mail.${DOM}
${ENDIF-MAIL}
${IF-WEBALIZER}
| Webalizer log reporting: Enabled
${ENDIF-WEBALIZER}
${ENDIF-WEB}
${IF-MYSQL}
| MySQL database:          ${DB}
| MySQL login:             ${MYSQL_USER}
${IF-MYSQL_PASS}
| MySQL password:          ${MYSQL_PASS}
${ELSE-MYSQL_PASS}
| MySQL password:          ${PASS}
${ENDIF-MYSQL_PASS}
${ENDIF-MYSQL}
| Apache Solr Host: localhost
| Apache Solr Port: 8983
| Apache Solr Path: /solr/${DOM} 
+===================================+
 
+===================================+
| Server Info | ${IP}
+===================================+
| Dedicated IP: ${IP}
| SSH and SFTP Port: ${PORT}
| Control Panel: http://admin.${DOM} (or https://${IP}:8443 before propagation)
+===================================+
 
 
- The above access information is not for your profile account at https://my.altagrade.com. 
You set your own username and password for your profile account during sign-up process. 
If you forgot your password to your profile account, then please just reset it on 
https://my.altagrade.com/user/password.
 
- You can request this e-mail any time by logging in to your control panel, selecting the 
website's domain name in the drop-down list on the left menu and clicking on 
"Administration Options" > Re-Send Signup Email.
 
- Find more detailed information please read our documentation portal at 
https://www.altagrade.com/help.
 
- If you have any questions, comments, or concerns, feel free to create a support ticket 
at https://my.altagrade.com.
EOT
 
sed -i '/newdom_subject/c\
newdom_subject=Account information for ${DOM}' /etc/webmin/virtual-server/config
sed -i '/newsubdom_subject/c\
newdom_subject=Account information for ${DOM}' /etc/webmin/virtual-server/config

9) Unlimited plan

cat > /etc/webmin/virtual-server/plans/0 << 'EOT'
quota=
quota=
bwlimit=
norename=0
file=/etc/webmin/virtual-server/plans/0
uquota=
nodbname=1
realdomslimit=
migrate=0
aliaslimit=
domslimit=
capabilities=
ipfollow=
id=0
featurelimits=
mailboxlimit=
name=Unlimited Plan
dbslimit=
aliasdomslimit=
forceunder=0
scripts=
safeunder=0
EOT

10) Configure firewall

sed -ie 's/port=10000/port=8443/' /etc/webmin/miniserv.conf
sed -ie 's/listen=10000/listen=8443/' /etc/webmin/miniserv.conf
 
systemctl disable --now firewalld.service
apt-get install ufw -y
yes | ufw enable
ufw default deny incoming
ufw default allow outgoing
ufw allow "Apache Full"
ufw allow ssh
ufw allow $PORT/tcp
ufw allow 8443/tcp
yes | ufw enable

11) Install additional PHP packages & Composer

apt-get install php8.3-{cli,pdo,fpm,zip,gd,xml,mysql,cgi,apcu,uploadprogress} -y
 
echo "=================================================================================="
echo "Changing PHP configurations settings .."
sed -ie 's/upload_max_filesize = 2M/upload_max_filesize = 20M/' /etc/php/8.3/cgi/php.ini
sed -ie 's/post_max_size = 8M/post_max_size = 16M/' /etc/php/8.3/cgi/php.ini
sed -ie 's/max_execution_time = 30/max_execution_time = 600/' /etc/php/8.3/cgi/php.ini
sed -ie 's/max_input_time = 60/max_input_time = 600/' /etc/php/8.3/cgi/php.ini
sed -ie 's/memory_limit = 128M/memory_limit = 1280M/' /etc/php/8.3/cgi/php.ini
 
sed -ie 's/upload_max_filesize = 2M/upload_max_filesize = 20M/' /etc/php/8.3/fpm/php.ini
sed -ie 's/post_max_size = 8M/post_max_size = 16M/' /etc/php/8.3/fpm/php.ini
sed -ie 's/max_execution_time = 30/max_execution_time = 600/' /etc/php/8.3/fpm/php.ini
sed -ie 's/max_input_time = 60/max_input_time = 600/' /etc/php/8.3/fpm/php.ini
sed -ie 's/memory_limit = 128M/memory_limit = 1280M/' /etc/php/8.3/fpm/php.ini
 
sed -ie 's/upload_max_filesize = 2M/upload_max_filesize = 20M/' /etc/php/8.3/cli/php.ini
sed -ie 's/post_max_size = 8M/post_max_size = 16M/' /etc/php/8.3/cli/php.ini
sed -ie 's/max_execution_time = 30/max_execution_time = 600/' /etc/php/8.3/cli/php.ini
sed -ie 's/max_input_time = 60/max_input_time = 600/' /etc/php/8.3/cli/php.ini
sed -ie 's/memory_limit = 128M/memory_limit = 1280M/' /etc/php/8.3/cli/php.ini
echo "=================================================================================="
 
 
echo "Installing Composer .."
cd ~
curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php
php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer
echo ".. done"
 
apt install memcached libmemcached-tools -y
sed -ie 's/-m 64/-m 4096/' /etc/memcached.conf
sed -ie 's/-l ::1/#-l ::1/' /etc/memcached.conf
systemctl enable memcached
systemctl start memcached
apt install php8.3-memcached -y

12) Install bee

cd /usr/local/src &&
git clone https://github.com/backdrop-contrib/bee.git
ln -s /usr/local/src/bee/bee.php /usr/local/bin/bee

13) Configuring AltaGrade cron-tasks

cat > /etc/cron.daily/altagrade << 'EOF'
#!/bin/bash
sed -ie 's/Ubuntu Linux/AltaOS/' /etc/webmin/config >/dev/null 2>&1
sh /etc/ag/cp/new-lang.sh >/dev/null 2>&1
sed -ie 's/slider_enabled=true/slider_enabled=false/' /etc/webmin/authentic-theme/settings.js >/dev/null 2>&1
exit
EOF
chmod 755 /etc/cron.daily/altagrade
/etc/cron.daily/altagrade

14) Add banner message

if ! grep -Fq "▓▓▓█████▓" /etc/banner
then
  echo "=================================================================================="
  echo "Creating /etc/banner .."
cat <<EOT >> /etc/banner
 ▄▄▄       ▓▓▓  ▓▓▓█████▓ ▄▄▄        ▄████  ▓▓▀███   ▄▄▄      ▓█████▄ ▓█████
▒▓▓██▄    ▓██▒  ▓  ▓▓▒ ▓▒▒████▄     ▓▓▒ ▀█▒▓██ ▒ ▓█▒▒▓▓██▄    ▒▓▓▀ ██▌▓▓   ▀
▒▓▓  ▀█▄  ▒▓▓░  ▒ ▓██░ ▒░▒▓▓  ▀█▄  ▒▓▓░▄▄▄░▓▓▓ ░▄█ ▒▒▓▓  ▀█▄  ░██   █▌▒▓▓██
░██▄▄▄▄██ ▒▓▓░  ░ ▓██▓ ░ ░██▄▄▄▄██ ░▓█  ██▓▒▓▓▀▀█▄  ░██▄▄▄▄██ ░▓█▄   ▌▒▓█  ▄
 ▓█   ▓██▒░██████▒▒██▒ ░  ▓█   ▓██▒░▒▓███▀▒░██▓ ▒▓▓▒ ▓█   ▓██▒░▒████▓ ░▒████▒
 ▒▒   ▓▒█░░ ▒░▓  ░▒ ░░    ▒▒   ▓▒█░ ░▒   ▒ ░ ▒▓ ░▒▓░ ▒▒   ▓▒█░ ▒▒▓  ▒ ░░ ▒░ ░
  ▒   ▒▒ ░░ ░ ▒  ░  ░      ▒   ▒▒ ░  ░   ░   ░▒ ░ ▒░  ▒   ▒▒ ░ ░ ▒  ▒  ░ ░  ░
  ░   ▒     ░ ░   ░        ░   ▒   ░ ░   ░   ░░   ░   ░   ▒    ░ ░  ░    ░
      ░  ░    ░  ░             ░  ░      ░    ░           ░  ░   ░       ░  ░
 
*****************************************************************************
*             Welcome to AltaGrade Optimized Operating System!              *
*                                                                           *
* If you encounter any issues with the server, then please browse our Help  *
* section on https://www.altagrade.com/docs first. And if you couldn't find *
* any solution, then submit a support request at https://my.altagrade.com.  *
*                                                                           *
*****************************************************************************
 
EOT
  echo ".. done"
fi
 
if grep -Fq "#Banner none" /etc/ssh/sshd_config
then
  sed -ie '/#Banner none/c\Banner /etc/banner' /etc/ssh/sshd_config
else
  echo 'Banner /etc/banner' >> /etc/ssh/sshd_config
fi

15) Finalizing the installation script

# Per https://www.virtualmin.com/node/43097
rm -rf /var/webmin/module.infos.cache
sh /etc/ag/cp/new-lang.sh >/dev/null 2>&1
/sbin/virtualmin check-config
 
# Calculating execution time
executed="$(($SECONDS / 60)) minutes and $(($SECONDS % 60)) seconds"
echo "The installation took $executed"
echo "AltaOS installed on $(date)" > /root/.altaos/install_date.txt
 
updatedb
echo "Rebooting the system..."
reboot