Fix ssl bug and optional iptables

config/index.html

@@ -31,7 +31,7 @@ font-family:"Microsoft YaHei",sans-serif;
 <p><b>Donate:</b>&nbsp;&nbsp;&nbsp;&nbsp;<a href="https://paypal.me/yeho" target="_blank"><img src="https://img.shields.io/badge/Paypal-donate-green.svg" alt="" /></a> <a href="https://static.oneinstack.com/images/alipay.png" target="_blank"><img src="https://img.shields.io/badge/Alipay-donate-green.svg" alt="" /></a> <a href="https://static.oneinstack.com/images/weixin.png" target="_blank"><img src="https://img.shields.io/badge/Wechat-donate-green.svg" /></a></p>
 <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Paypal:&nbsp;&nbsp;lj2007331@gmail.com &nbsp;&nbsp;Alipay:&nbsp;&nbsp;lj2007331@gmail.com</p>
 <div align="center"><iframe src="https://static.oneinstack.com/ad_buttom.html" width="475" frameborder="0" scrolling="no"></iframe></div>
-<div align="center"><h3><a href="https://oneinstack.com" target="_blank">OneinStack</a> by <a href="https://blog.linuxeye.com/" target="_blank">LinuxEye</a></h3></div>
+<div align="center"><h3><a href="https://oneinstack.com" target="_blank">OneinStack</a> by <a href="https://blog.linuxeye.cn/" target="_blank">LinuxEye</a></h3></div>
 </div>
 </body>
 </html>

config/index_cn.html

@@ -32,7 +32,7 @@ font-family:微软雅黑,sans-serif;
 <p><b>赞助我们:</b>&nbsp;&nbsp;&nbsp;&nbsp;<a href="https://paypal.me/yeho" target="_blank"><img src="https://img.shields.io/badge/Paypal-donate-green.svg" alt="" /></a> <a href="https://static.oneinstack.com/images/alipay.png" target="_blank"><img src="https://img.shields.io/badge/%E6%94%AF%E4%BB%98%E5%AE%9D-%E5%90%91TA%E6%8D%90%E5%8A%A9-green.svg" alt="" /></a> <a href="https://static.oneinstack.com/images/weixin.png" target="_blank"><img src="https://img.shields.io/badge/%E5%BE%AE%E4%BF%A1-%E5%90%91TA%E6%8D%90%E5%8A%A9-green.svg" /></a></p>
 <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Paypal:&nbsp;&nbsp;lj2007331@gmail.com &nbsp;&nbsp;支付宝:&nbsp;&nbsp;lj2007331@gmail.com</p>
 <div align="center"><iframe src="https://static.oneinstack.com/ad_buttom.html" width="475" frameborder="0" scrolling="no"></iframe></div>
-<div align="center"><h3><a href="https://oneinstack.com" target="_blank">OneinStack</a> by <a href="https://blog.linuxeye.com/" target="_blank">Linux 运维笔记</a></h3></div>
+<div align="center"><h3><a href="https://oneinstack.com" target="_blank">OneinStack</a> by <a href="https://blog.linuxeye.cn/" target="_blank">Linux 运维笔记</a></h3></div>
 </div>
 </body>
 </html>

include/check_download.sh

@@ -15,6 +15,7 @@ checkDownload() {
   if [ "${Web_yn}" == 'y' ]; then
     echo "Download openSSL..."
     src_url=https://www.openssl.org/source/openssl-${openssl_version}.tar.gz && Download_src
+    src_url=http://curl.haxx.se/ca/cacert.pem && Download_src
     case "${Nginx_version}" in
       1)
         echo "Download nginx..."
@@ -538,13 +539,6 @@ checkDownload() {
         # php 5.3
         src_url=${mirrorLink}/debian_patches_disable_SSLv2_for_openssl_1_0_0.patch && Download_src
         src_url=${mirrorLink}/php5.3patch && Download_src
-        # Use the special ssl for php5.3
-        if [ "${Debian_version}" == '8' -o "${Debian_version}" == '9' -o "${Ubuntu_version}" == "16" ]; then
-          if [ ! -e "/usr/local/openssl100s/lib/libcrypto.a" ]; then
-            src_url=${mirrorLink}/openssl-1.0.0s.tar.gz && Download_src
-            src_url=${mirrorLink}/curl-7.35.0.tar.gz && Download_src
-          fi
-        fi
         src_url=http://www.php.net/distributions/php-${php53_version}.tar.gz && Download_src
         src_url=${mirrorLink}/fpm-race-condition.patch && Download_src
         ;;

include/check_sw.sh

@@ -54,9 +54,11 @@ installDepsCentOS() {
   echo "${CMSG}Removing the conflicting packages...${CEND}"
   if [ "${CentOS_RHEL_version}" == '7' ]; then
     yum -y groupremove "Basic Web Server" "MySQL Database server" "MySQL Database client" "File and Print Server"
-    yum -y install iptables-services
     systemctl mask firewalld.service
-    systemctl enable iptables.service
+    if [ "$iptables_yn" == 'y' ]; then
+      yum -y install iptables-services
+      systemctl enable iptables.service
+    fi
   elif [ "${CentOS_RHEL_version}" == '6' ]; then
     yum -y groupremove "FTP Server" "PostgreSQL Database client" "PostgreSQL Database server" "MySQL Database server" "MySQL Database client" "Web Server" "Office Suite and Productivity" "E-mail server" "Ruby Support" "Printing client"
   elif [ "${CentOS_RHEL_version}" == '5' ]; then

include/init_CentOS.sh

@@ -10,9 +10,9 @@
 
 # closed Unnecessary services and remove obsolete rpm package
 [ "${CentOS_RHEL_version}" == '7' ] && [ "$(systemctl is-active NetworkManager.service)" == 'active' ] && NM_flag=1
-for Service in $(chkconfig --list | grep 3:on | awk '{print $1}' | grep -vE 'nginx|httpd|tomcat|mysqld|php-fpm|pureftpd|redis-server|memcached|supervisord|aegis|NetworkManager');do chkconfig --level 3 ${Service} off;done
+for Service in $(chkconfig --list | grep 3:on | awk '{print $1}' | grep -vE 'nginx|httpd|tomcat|mysqld|php-fpm|pureftpd|redis-server|memcached|supervisord|aegis|NetworkManager|iptables');do chkconfig --level 3 ${Service} off;done
 [ "${NM_flag}" == '1' ] && systemctl enable NetworkManager.service
-for Service in sshd network crond iptables messagebus irqbalance syslog rsyslog;do chkconfig --level 3 ${Service} on;done
+for Service in sshd network crond messagebus irqbalance syslog rsyslog;do chkconfig --level 3 ${Service} on;done
 
 # Close SELINUX
 setenforce 0
@@ -72,7 +72,7 @@ echo options nf_conntrack hashsize=131072 > /etc/modprobe.d/nf_conntrack.conf
 [ ! -e "/etc/sysctl.conf_bk" ] && /bin/mv /etc/sysctl.conf{,_bk}
 cat > /etc/sysctl.conf << EOF
 fs.file-max=65535
-net.ipv4.tcp_max_tw_buckets = 60000
+net.ipv4.tcp_max_tw_buckets = 6000
 net.ipv4.tcp_sack = 1
 net.ipv4.tcp_window_scaling = 1
 net.ipv4.tcp_rmem = 4096 87380 4194304
@@ -120,15 +120,16 @@ ntpdate pool.ntp.org
 [ ! -e "/var/spool/cron/root" -o -z "$(grep 'ntpdate' /var/spool/cron/root)" ] && { echo "*/20 * * * * $(which ntpdate) pool.ntp.org > /dev/null 2>&1" >> /var/spool/cron/root;chmod 600 /var/spool/cron/root; }
 
 # iptables
-if [ -e "/etc/sysconfig/iptables" ] && [ -n "$(grep '^:INPUT DROP' /etc/sysconfig/iptables)" -a -n "$(grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/sysconfig/iptables)" -a -n "$(grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/sysconfig/iptables)" ]; then
-  IPTABLES_STATUS=yes
-else
-  IPTABLES_STATUS=no
-fi
-
-if [ "$IPTABLES_STATUS" == "no" ]; then
-  [ -e "/etc/sysconfig/iptables" ] && /bin/mv /etc/sysconfig/iptables{,_bk}
-  cat > /etc/sysconfig/iptables << EOF
+if [ "$iptables_yn" == 'y' ]; then
+  if [ -e "/etc/sysconfig/iptables" ] && [ -n "$(grep '^:INPUT DROP' /etc/sysconfig/iptables)" -a -n "$(grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/sysconfig/iptables)" -a -n "$(grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/sysconfig/iptables)" ]; then
+    IPTABLES_STATUS=yes
+  else
+    IPTABLES_STATUS=no
+  fi
+  
+  if [ "$IPTABLES_STATUS" == "no" ]; then
+    [ -e "/etc/sysconfig/iptables" ] && /bin/mv /etc/sysconfig/iptables{,_bk}
+    cat > /etc/sysconfig/iptables << EOF
 # Firewall configuration written by system-config-securitylevel
 # Manual customization of this file is not recommended.
 *filter
@@ -149,12 +150,14 @@ if [ "$IPTABLES_STATUS" == "no" ]; then
 -A syn-flood -j REJECT --reject-with icmp-port-unreachable
 COMMIT
 EOF
-fi
+  fi
 
-FW_PORT_FLAG=$(grep -ow "dport ${SSH_PORT}" /etc/sysconfig/iptables)
-[ -z "${FW_PORT_FLAG}" -a "${SSH_PORT}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${SSH_PORT} -j ACCEPT@" /etc/sysconfig/iptables
+  FW_PORT_FLAG=$(grep -ow "dport ${SSH_PORT}" /etc/sysconfig/iptables)
+  [ -z "${FW_PORT_FLAG}" -a "${SSH_PORT}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${SSH_PORT} -j ACCEPT@" /etc/sysconfig/iptables
+  chkconfig --level 3 iptables on
+  service iptables restart
+fi
 service rsyslog restart
-service iptables restart
 service sshd restart
 
 . /etc/profile

include/init_Debian.sh

@@ -89,15 +89,16 @@ ntpdate pool.ntp.org
 [ ! -e "/var/spool/cron/crontabs/root" -o -z "$(grep ntpdate /var/spool/cron/crontabs/root 2>/dev/null)" ] && { echo "*/20 * * * * $(which ntpdate) pool.ntp.org > /dev/null 2>&1" >> /var/spool/cron/crontabs/root;chmod 600 /var/spool/cron/crontabs/root; }
 
 # iptables
-if [ -e "/etc/iptables.up.rules" ] && [ -n "$(grep '^:INPUT DROP' /etc/iptables.up.rules)" -a -n "$(grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/iptables.up.rules)" -a -n "$(grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/iptables.up.rules)" ]; then
-  IPTABLES_STATUS=yes
-else
-  IPTABLES_STATUS=no
-fi
-
-if [ "${IPTABLES_STATUS}" == "no" ]; then
-  [ -e "/etc/iptables.up.rules" ] && /bin/mv /etc/iptables.up.rules{,_bk}
-  cat > /etc/iptables.up.rules << EOF
+if [ "$iptables_yn" == 'y' ]; then
+  if [ -e "/etc/iptables.up.rules" ] && [ -n "$(grep '^:INPUT DROP' /etc/iptables.up.rules)" -a -n "$(grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/iptables.up.rules)" -a -n "$(grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/iptables.up.rules)" ]; then
+    IPTABLES_STATUS=yes
+  else
+    IPTABLES_STATUS=no
+  fi
+  
+  if [ "${IPTABLES_STATUS}" == "no" ]; then
+    [ -e "/etc/iptables.up.rules" ] && /bin/mv /etc/iptables.up.rules{,_bk}
+    cat > /etc/iptables.up.rules << EOF
 # Firewall configuration written by system-config-securitylevel
 # Manual customization of this file is not recommended.
 *filter
@@ -118,16 +119,17 @@ if [ "${IPTABLES_STATUS}" == "no" ]; then
 -A syn-flood -j REJECT --reject-with icmp-port-unreachable
 COMMIT
 EOF
-fi
+  fi
 
-FW_PORT_FLAG=$(grep -ow "dport ${SSH_PORT}" /etc/iptables.up.rules)
-[ -z "${FW_PORT_FLAG}" -a "${SSH_PORT}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${SSH_PORT} -j ACCEPT@" /etc/iptables.up.rules
-iptables-restore < /etc/iptables.up.rules
-cat > /etc/network/if-pre-up.d/iptables << EOF
+  FW_PORT_FLAG=$(grep -ow "dport ${SSH_PORT}" /etc/iptables.up.rules)
+  [ -z "${FW_PORT_FLAG}" -a "${SSH_PORT}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${SSH_PORT} -j ACCEPT@" /etc/iptables.up.rules
+  iptables-restore < /etc/iptables.up.rules
+  cat > /etc/network/if-pre-up.d/iptables << EOF
 #!/bin/bash
 /sbin/iptables-restore < /etc/iptables.up.rules
 EOF
-chmod +x /etc/network/if-pre-up.d/iptables
+  chmod +x /etc/network/if-pre-up.d/iptables
+fi
 service rsyslog restart
 service ssh restart
 

include/init_Ubuntu.sh

@@ -92,15 +92,16 @@ ntpdate pool.ntp.org
 [ ! -e "/var/spool/cron/crontabs/root" -o -z "$(grep ntpdate /var/spool/cron/crontabs/root 2>/dev/null)" ] && { echo "*/20 * * * * $(which ntpdate) pool.ntp.org > /dev/null 2>&1" >> /var/spool/cron/crontabs/root;chmod 600 /var/spool/cron/crontabs/root; }
 
 # iptables
-if [ -e "/etc/iptables.up.rules" ] && [ -n "$(grep '^:INPUT DROP' /etc/iptables.up.rules)" -a -n "$(grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/iptables.up.rules)" -a -n "$(grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/iptables.up.rules)" ]; then
-  IPTABLES_STATUS=yes
-else
-  IPTABLES_STATUS=no
-fi
-
-if [ "${IPTABLES_STATUS}" == "no" ]; then
-  [ -e "/etc/iptables.up.rules" ] && /bin/mv /etc/iptables.up.rules{,_bk}
-  cat > /etc/iptables.up.rules << EOF
+if [ "$iptables_yn" == 'y' ]; then
+  if [ -e "/etc/iptables.up.rules" ] && [ -n "$(grep '^:INPUT DROP' /etc/iptables.up.rules)" -a -n "$(grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/iptables.up.rules)" -a -n "$(grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/iptables.up.rules)" ]; then
+    IPTABLES_STATUS=yes
+  else
+    IPTABLES_STATUS=no
+  fi
+  
+  if [ "${IPTABLES_STATUS}" == "no" ]; then
+    [ -e "/etc/iptables.up.rules" ] && /bin/mv /etc/iptables.up.rules{,_bk}
+    cat > /etc/iptables.up.rules << EOF
 # Firewall configuration written by system-config-securitylevel
 # Manual customization of this file is not recommended.
 *filter
@@ -121,16 +122,17 @@ if [ "${IPTABLES_STATUS}" == "no" ]; then
 -A syn-flood -j REJECT --reject-with icmp-port-unreachable
 COMMIT
 EOF
-fi
+  fi
 
-FW_PORT_FLAG=$(grep -ow "dport ${SSH_PORT}" /etc/iptables.up.rules)
-[ -z "${FW_PORT_FLAG}" -a "${SSH_PORT}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${SSH_PORT} -j ACCEPT@" /etc/iptables.up.rules
-iptables-restore < /etc/iptables.up.rules
-cat > /etc/network/if-pre-up.d/iptables << EOF
+  FW_PORT_FLAG=$(grep -ow "dport ${SSH_PORT}" /etc/iptables.up.rules)
+  [ -z "${FW_PORT_FLAG}" -a "${SSH_PORT}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${SSH_PORT} -j ACCEPT@" /etc/iptables.up.rules
+  iptables-restore < /etc/iptables.up.rules
+  cat > /etc/network/if-pre-up.d/iptables << EOF
 #!/bin/bash
 /sbin/iptables-restore < /etc/iptables.up.rules
 EOF
-chmod +x /etc/network/if-pre-up.d/iptables
+  chmod +x /etc/network/if-pre-up.d/iptables
+fi
 service rsyslog restart
 service ssh restart
 

include/openssl.sh

@@ -20,6 +20,7 @@ Install_openSSL102() {
     popd
     if [ -f "${openssl_install_dir}/lib/libcrypto.a" ]; then
       echo "${CSUCCESS}openssl-1.0.2 module installed successfully! ${CEND}"
+      /bin/cp cacert.pem ${openssl_install_dir}/ssl/cert.pem
       echo "${openssl_install_dir}/lib" > /etc/ld.so.conf.d/openssl.conf
       ldconfig
       rm -rf openssl-${openssl_version}
@@ -30,23 +31,3 @@ Install_openSSL102() {
     popd
   fi
 }
-
-Install_openSSL100() {
-  if [ ! -e '/usr/local/openssl100s/lib/libcrypto.a' ]; then
-    pushd ${oneinstack_dir}/src
-    tar xzf openssl-1.0.0s.tar.gz
-    pushd openssl-1.0.0s
-    make clean
-    ./config --prefix=/usr/local/openssl100s -fPIC shared zlib-dynamic
-    make -j ${THREAD} && make install
-    popd
-    if [ -f "/usr/local/openssl100s/lib/libcrypto.a" ]; then
-      echo "${CSUCCESS}openssl-1.0.0s module installed successfully! ${CEND}"
-      rm -rf openssl-1.0.0s
-    else
-      echo "${CFAILURE}openssl-1.0.0s install failed, Please contact the author! ${CEND}"
-      kill -9 $$
-    fi
-    popd
-  fi
-}

include/pureftpd.sh

@@ -36,17 +36,19 @@ Install_PureFTPd() {
     service pureftpd start
 
     # iptables Ftp
-    if [ "${OS}" == "CentOS" ]; then
-      if [ -z "$(grep '20000:30000' /etc/sysconfig/iptables)" ]; then
-        iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-        iptables -I INPUT 6 -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT
-        service iptables save
-      fi
-    elif [[ "${OS}" =~ ^Ubuntu$|^Debian$ ]]; then
-      if [ -z "$(grep '20000:30000' /etc/iptables.up.rules)" ]; then
-        iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-        iptables -I INPUT 6 -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT
-        iptables-save > /etc/iptables.up.rules
+    if [ "$iptables_yn" == 'y' ]; then
+      if [ "${OS}" == "CentOS" ]; then
+        if [ -z "$(grep '20000:30000' /etc/sysconfig/iptables)" ]; then
+          iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
+          iptables -I INPUT 6 -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT
+          service iptables save
+        fi
+      elif [[ "${OS}" =~ ^Ubuntu$|^Debian$ ]]; then
+        if [ -z "$(grep '20000:30000' /etc/iptables.up.rules)" ]; then
+          iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
+          iptables -I INPUT 6 -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT
+          iptables-save > /etc/iptables.up.rules
+        fi
       fi
     fi
 

include/tomcat-6.sh

@@ -73,15 +73,17 @@ EOF
     sed -i "s@/usr/local/tomcat@${tomcat_install_dir}@g" ${tomcat_install_dir}/conf/server.xml
     sed -i /ThreadLocalLeakPreventionListener/d ${tomcat_install_dir}/conf/server.xml
     if [ ! -e "${nginx_install_dir}/sbin/nginx" -a ! -e "${tengine_install_dir}/sbin/nginx" -a ! -e "${apache_install_dir}/conf/httpd.conf" ]; then
-      if [ "${OS}" == "CentOS" ]; then
-        if [ -z "$(grep -w '8080' /etc/sysconfig/iptables)" ]; then
-          iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-          service iptables save
-        fi
-      elif [[ "${OS}" =~ ^Ubuntu$|^Debian$ ]]; then
-        if [ -z "$(grep -w '8080' /etc/iptables.up.rules)" ]; then
-          iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-          iptables-save > /etc/iptables.up.rules
+      if [ "$iptables_yn" == 'y' ]; then
+        if [ "${OS}" == "CentOS" ]; then
+          if [ -z "$(grep -w '8080' /etc/sysconfig/iptables)" ]; then
+            iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+            service iptables save
+          fi
+        elif [[ "${OS}" =~ ^Ubuntu$|^Debian$ ]]; then
+          if [ -z "$(grep -w '8080' /etc/iptables.up.rules)" ]; then
+            iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+            iptables-save > /etc/iptables.up.rules
+          fi
         fi
       fi
     fi

include/tomcat-7.sh

@@ -73,15 +73,17 @@ EOF
     sed -i "s@/usr/local/tomcat@${tomcat_install_dir}@g" ${tomcat_install_dir}/conf/server.xml
 
     if [ ! -e "${nginx_install_dir}/sbin/nginx" -a ! -e "${tengine_install_dir}/sbin/nginx" -a ! -e "${apache_install_dir}/conf/httpd.conf" ]; then
-      if [ "${OS}" == "CentOS" ]; then
-        if [ -z "$(grep -w '8080' /etc/sysconfig/iptables)" ]; then
-          iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-          service iptables save
-        fi
-      elif [[ "${OS}" =~ ^Ubuntu$|^Debian$ ]]; then
-        if [ -z "$(grep -w '8080' /etc/iptables.up.rules)" ]; then
-          iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-          iptables-save > /etc/iptables.up.rules
+      if [ "$iptables_yn" == 'y' ]; then
+        if [ "${OS}" == "CentOS" ]; then
+          if [ -z "$(grep -w '8080' /etc/sysconfig/iptables)" ]; then
+            iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+            service iptables save
+          fi
+        elif [[ "${OS}" =~ ^Ubuntu$|^Debian$ ]]; then
+          if [ -z "$(grep -w '8080' /etc/iptables.up.rules)" ]; then
+            iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+            iptables-save > /etc/iptables.up.rules
+          fi
         fi
       fi
     fi

include/tomcat-8.sh

@@ -73,15 +73,17 @@ EOF
     sed -i "s@/usr/local/tomcat@${tomcat_install_dir}@g" ${tomcat_install_dir}/conf/server.xml
 
     if [ ! -e "${nginx_install_dir}/sbin/nginx" -a ! -e "${tengine_install_dir}/sbin/nginx" -a ! -e "${apache_install_dir}/conf/httpd.conf" ]; then
-      if [ "${OS}" == "CentOS" ]; then
-        if [ -z "$(grep -w '8080' /etc/sysconfig/iptables)" ]; then
-          iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-          service iptables save
-        fi
-      elif [[ "${OS}" =~ ^Ubuntu$|^Debian$ ]]; then
-        if [ -z "$(grep -w '8080' /etc/iptables.up.rules)" ]; then
-          iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-          iptables-save > /etc/iptables.up.rules
+      if [ "$iptables_yn" == 'y' ]; then
+        if [ "${OS}" == "CentOS" ]; then
+          if [ -z "$(grep -w '8080' /etc/sysconfig/iptables)" ]; then
+            iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+            service iptables save
+          fi
+        elif [[ "${OS}" =~ ^Ubuntu$|^Debian$ ]]; then
+          if [ -z "$(grep -w '8080' /etc/iptables.up.rules)" ]; then
+            iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+            iptables-save > /etc/iptables.up.rules
+          fi
         fi
       fi
     fi

install.sh

@@ -54,6 +54,16 @@ if [ -e "/etc/ssh/sshd_config" ]; then
   fi
 fi
 
+# check iptables
+while :; do echo
+  read -p "Do you want to enable iptables? [y/n]: " iptables_yn
+  if [[ ! $iptables_yn =~ ^[y,n]$ ]]; then
+    echo "${CWARNING}input error! Please only input 'y' or 'n'${CEND}"
+  else
+    break
+  fi
+done
+
 # check Web server
 while :; do echo
   read -p "Do you want to install Web server? [y/n]: " Web_yn

ss.sh

@@ -74,19 +74,17 @@ Iptables_set() {
   done
 
   if [ "${OS}" == 'CentOS' ]; then
-    if [ -z "$(grep -E ${SS_port} /etc/sysconfig/iptables)" ]; then
+    if [ -n "`grep 'dport 80 ' /etc/sysconfig/iptables`" -a -z "$(grep -E ${SS_port} /etc/sysconfig/iptables)" ]; then
       iptables -I INPUT 4 -p udp -m state --state NEW -m udp --dport ${SS_port} -j ACCEPT
       iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport ${SS_port} -j ACCEPT
       service iptables save
     fi
   elif [[ ${OS} =~ ^Ubuntu$|^Debian$ ]]; then
-    if [ -z "$(grep -E ${SS_port} /etc/iptables.up.rules)" ]; then
+    if [ -n "`grep 'dport 80 ' /etc/iptables.up.rules`" -a -z "$(grep -E ${SS_port} /etc/iptables.up.rules)" ]; then
       iptables -I INPUT 4 -p udp -m state --state NEW -m udp --dport ${SS_port} -j ACCEPT
       iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport ${SS_port} -j ACCEPT
       iptables-save > /etc/iptables.up.rules
     fi
-  else
-      echo "${CWARNING}This port is already in iptables! ${CEND}"
   fi
 
 }

versions.txt

@@ -22,7 +22,7 @@ mysql56_version=5.6.36
 mysql55_version=5.5.56
 
 mariadb102_version=10.2.6
-mariadb101_version=10.1.24
+mariadb101_version=10.1.25
 mariadb100_version=10.0.31
 mariadb55_version=5.5.56
 
@@ -38,8 +38,8 @@ jdk17_version=1.7.0_80
 jdk16_version=1.6.0_45
 
 # PHP
-php71_version=7.1.6
-php70_version=7.0.20
+php71_version=7.1.7
+php70_version=7.0.21
 php56_version=5.6.30
 php55_version=5.5.38
 php54_version=5.4.45
@@ -71,7 +71,7 @@ redis_pecl_for_php7_version=3.1.2
 redis_pecl_version=2.2.8
 
 # Memcached
-memcached_version=1.4.38
+memcached_version=1.4.39
 libmemcached_version=1.0.18
 memcached_pecl_version=2.2.0
 memcached_pecl_php7_version=3.0.3