installation process rewriten to step by step logic

7 years ago · a277d5faa3
8 changed files with 206 additions and 335 deletions
--- a/scripts/install-openvpn.sh
+++ b/scripts/install-openvpn.sh
@ -5,133 +5,27 @@ print_error() {
    exit
 }

-read_env() {
-    source "$1"
-#    grep -vE '^#|^$' "$1" | sed -r 's/\ /\\\ /g; s/\=/\t/g' | \
-#    while read env val
-#        do
-#            env - $env="$val"
-#    done
-}
-
 # Ensure to be root
 if [ "$EUID" -ne 0 ]; then
-  echo "Please run as root"
-  exit
+  print_error "Please run as root"
 fi

 base_path=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )

 # Read dotEnv file
-read_env "$base_path/../.env"
-
-printf "\n################## Server informations ##################\n"
-
-[ ! -z "$VPN_LOCAL" ] && echo "VPN_LOCAL=$VPN_LOCAL"
-[ -z "$VPN_LOCAL" ]  && read -p "Server local Hostname/IP: " VPN_LOCAL
-[ -z "$VPN_LOCAL" ]  && print_error "Server local address is required!"
-
-[ ! -z "$VPN_REMOTE" ] && echo "VPN_LOCAL=$VPN_REMOTE"
-[ -z "$VPN_REMOTE" ]  && read -p "Server remote Hostname/IP: " VPN_REMOTE
-[ -z "$VPN_REMOTE" ]  && print_error "Server remote address is required!"
-
-[ ! -z "$VPN_PROTO" ] && echo "VPN_PROTO=$VPN_PROTO"
-[ -z "$VPN_PROTO" ] && read -p "OpenVPN protocol (tcp or udp) [tcp]: " VPN_PROTO
-[ -z "$VPN_PROTO" ] && VPN_PROTO="tcp"
-
-[ ! -z "$VPN_PORT" ] && echo "VPN_PORT=$VPN_PORT"
-[ -z "$VPN_PORT" ]  && read -p "OpenVPN port [443]: " VPN_PORT
-[ -z "$VPN_PORT" ]  && VPN_PORT="443"
-
-[ ! -z "$VPN_GROUP" ] && echo "VPN_GROUP=$VPN_GROUP"
-[ -z "$VPN_GROUP" ] && read -p "OpenVPN group [nogroup]: " VPN_GROUP
-[ -z "$VPN_GROUP" ] && VPN_GROUP="nogroup"
-
-[ ! -z "$VPN_INIF" ] && echo "VPN_INIF=$VPN_INIF"
-[ -z "$VPN_INIF" ]  && read -p "OpenVPN input interface [tun0]: " VPN_INIF
-[ -z "$VPN_INIF" ]  && VPN_INIF="tun0"
-
-[ ! -z "$VPN_OUTIF" ] && echo "VPN_OUTIF=$VPN_OUTIF"
-[ -z "$VPN_OUTIF" ] && read -p "OpenVPN output interface [eth0]: " VPN_OUTIF
-[ -z "$VPN_OUTIF" ] && VPN_OUTIF="eth0"
-
-[ ! -z "$VPN_NET" ] && echo "VPN_NET=$VPN_NET"
-[ -z "$VPN_NET" ]   && read -p "OpenVPN clients subnet [10.8.0.0/24]: " VPN_NET
-[ -z "$VPN_NET" ]   && VPN_NET="10.8.0.0/24"
-
-
-printf "\n################## Certificates informations ##################\n"
+source "$base_path/../.env"

-[ -z "$EASYRSA_KEY_SIZE" ]      && read -p "Key size (1024, 2048 or 4096) [2048]: " EASYRSA_KEY_SIZE
-[ -z "$EASYRSA_CA_EXPIRE" ]     && read -p "Root certificate expiration (in days) [3650]: " EASYRSA_CA_EXPIRE
-[ -z "$EASYRSA_CERT_EXPIRE" ]   && read -p "Certificate expiration (in days) [3650]: " EASYRSA_CERT_EXPIRE
-[ -z "$EASYRSA_REQ_COUNTRY" ]   && read -p "Country Name (2 letter code) [US]: " EASYRSA_REQ_COUNTRY
-[ -z "$EASYRSA_REQ_PROVINCE" ]  && read -p "State or Province Name (full name) [California]: " EASYRSA_REQ_PROVINCE
-[ -z "$EASYRSA_REQ_CITY" ]      && read -p "Locality Name (eg, city) [San Francisco]: " EASYRSA_REQ_CITY
-[ -z "$EASYRSA_REQ_ORG" ]       && read -p "Organization Name (eg, company) [Copyleft Certificate Co]: " EASYRSA_REQ_ORG
-[ -z "$EASYRSA_REQ_OU" ]        && read -p "Organizational Unit Name (eg, section) [My Organizational Unit]: " EASYRSA_REQ_OU
-[ -z "$EASYRSA_REQ_EMAIL" ]     && read -p "Email Address [me@example.net]: " EASYRSA_REQ_EMAIL
-[ -z "$EASYRSA_REQ_CN" ]        && read -p "Common Name (eg, your name or your server's hostname) [ChangeMe]: " EASYRSA_REQ_CN
+source ./install/00_env.sh
+source ./install/03_certificate.sh
+source ./install/04_openvpn.sh
+source ./install/05_firewall.sh

+printf "\033[1m\n#################################### Finish ####################################\n"

-printf "\n################## Creating the certificates ##################\n"
-
-EASYRSA_RELEASES=( $(
-  curl -s https://api.github.com/repos/OpenVPN/easy-rsa/releases | \
-  grep 'tag_name' | \
-  grep -E '3(\.[0-9]+)+' | \
-  awk '{ print $2 }' | \
-  sed 's/[,|"|v]//g'
-) )
-EASYRSA_LATEST=${EASYRSA_RELEASES[0]}
-
-# Get the rsa keys
-wget -q https://github.com/OpenVPN/easy-rsa/releases/download/v${EASYRSA_LATEST}/EasyRSA-${EASYRSA_LATEST}.tgz -O /tmp/EasyRSA-${EASYRSA_LATEST}.tgz
-mkdir -p /etc/openvpn/easy-rsa
-tar -xaf /tmp/EasyRSA-${EASYRSA_LATEST}.tgz -C /etc/openvpn/easy-rsa --strip-components=1
-rm -r /tmp/EasyRSA-${EASYRSA_LATEST}.tgz
-cd /etc/openvpn/easy-rsa
-
-# Init PKI dirs and build CA certs
-./easyrsa --batch init-pki
-./easyrsa --batch build-ca nopass
-# Generate Diffie-Hellman parameters
-./easyrsa --batch gen-dh
-# Generate server keypair
-./easyrsa --batch build-server-full server nopass
-
-# Generate shared-secret for TLS Authentication
-openvpn --genkey --secret pki/ta.key
-
-
-printf "\n################## Setup OpenVPN ##################\n"
-
-# Copy certificates and the server configuration in the openvpn directory
-cp /etc/openvpn/easy-rsa/pki/{ca.crt,ta.key,issued/server.crt,private/server.key,dh.pem} "/etc/openvpn/"
-chmod +r /etc/openvpn/{ca.crt,ta.key}
-cp "$base_path/../configs/server.conf" "/etc/openvpn/"
-mkdir -p "/etc/openvpn/ccd"
-sed -i "
-s/VPN_SERVER/$VPN_SERVER/;
-s/VPN_PORT/$VPN_PORT/;
-s/VPN_INIF/$VPN_INIF/;
-s/VPN_PROTO/$VPN_PROTO/;
-s/VPN_GROUP/$VPN_GROUP/" "/etc/openvpn/server.conf"
-
-
-printf "\n################## Setup firewall ##################\n"
-
-# Make ip forwading and make it persistent
-echo 1 > "/proc/sys/net/ipv4/ip_forward"
-echo "net.ipv4.ip_forward = 1" >> "/etc/sysctl.conf"
-
-# Iptable rules
-iptables -I FORWARD -i $VPN_INIF -j ACCEPT
-iptables -I FORWARD -o $VPN_INIF -j ACCEPT
-iptables -I OUTPUT -o $VPN_INIF -j ACCEPT
-
-iptables -A FORWARD -i $VPN_INIF -o $VPN_OUTIF -j ACCEPT
-iptables -t nat -A POSTROUTING -o $VPN_OUTIF -j MASQUERADE
-iptables -t nat -A POSTROUTING -s $VPN_NET -o $VPN_OUTIF -j MASQUERADE
+echo -e "# Congratulations, you have successfully setup OpenVPN-Admin! #\r"
+echo -e "Please, finish the installation by configuring your web server (Apache, Nginx...)"
+echo -e "and install the web application by visiting http://your-installation/index.php?installation\r"
+echo -e "Then, you will be able to run OpenVPN with systemctl start openvpn@server\r"
+echo "Please, report any issues here https://github.com/Chocobozzz/OpenVPN-Admin"

-printf "\033[1m\n#################################### Finish ####################################\n"
+printf "\n################################################################################ \033[0m\n"
--- a/scripts/install.sh
+++ b/scripts/install.sh
@ -7,10 +7,14 @@ print_help () {
  echo -e "\tgroup:    Group of the web application"
 }

+print_error() {
+    echo "$1"
+    exit
+}
+
 # Ensure to be root
 if [ "$EUID" -ne 0 ]; then
-  echo "Please run as root"
-  exit
+  print_error "Please run as root"
 fi

 # Ensure there are enought arguments
@ -20,11 +24,10 @@ if [ "$#" -ne 3 ]; then
 fi

 # Ensure there are the prerequisites
-for i in openvpn mysql php bower node unzip wget sed; do
+for i in openvpn mysql php node npm unzip wget sed curl; do
  which $i > /dev/null
  if [ "$?" -ne 0 ]; then
-    echo "Miss $i"
-    exit
+    print_error "Miss $i"
  fi
 done

@ -42,223 +45,22 @@ fi

 base_path=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )

+# Read dotEnv file
+source "$base_path/../.env"

-printf "\n################## Server informations ##################\n"
-
-read -p "Server Hostname/IP: " ip_server
-
-read -p "OpenVPN protocol (tcp or udp) [tcp]: " openvpn_proto
-
-if [[ -z $openvpn_proto ]]; then
-  openvpn_proto="tcp"
-fi
-
-read -p "Port [443]: " server_port
-
-if [[ -z $server_port ]]; then
-  server_port="443"
-fi
-
-# Get root pass (to create the database and the user)
-mysql_root_pass=""
-status_code=1
-
-while [ $status_code -ne 0 ]; do
-  read -p "MySQL root password: " -s mysql_root_pass; echo
-  echo "SHOW DATABASES" | mysql -u root --password="$mysql_root_pass" &> /dev/null
-  status_code=$?
-done
-
-sql_result=$(echo "SHOW DATABASES" | mysql -u root --password="$mysql_root_pass" | grep -e "^openvpn-admin$")
-# Check if the database doesn't already exist
-if [ "$sql_result" != "" ]; then
-  echo "The openvpn-admin database already exists."
-  exit
-fi
-
-
-# Check if the user doesn't already exist
-read -p "MySQL user name for OpenVPN-Admin (will be created): " mysql_user
-
-echo "SHOW GRANTS FOR $mysql_user@localhost" | mysql -u root --password="$mysql_root_pass" &> /dev/null
-if [ $? -eq 0 ]; then
-  echo "The MySQL user already exists."
-  exit
-fi
-
-read -p "MySQL user password for OpenVPN-Admin: " -s mysql_pass; echo
-
-# TODO MySQL port & host ?
-
-
-printf "\n################## Certificates informations ##################\n"
-
-read -p "Key size (1024, 2048 or 4096) [2048]: " key_size
-
-read -p "Root certificate expiration (in days) [3650]: " ca_expire
-
-read -p "Certificate expiration (in days) [3650]: " cert_expire
-
-read -p "Country Name (2 letter code) [US]: " cert_country
-
-read -p "State or Province Name (full name) [California]: " cert_province
-
-read -p "Locality Name (eg, city) [San Francisco]: " cert_city
-
-read -p "Organization Name (eg, company) [Copyleft Certificate Co]: " cert_org
-
-read -p "Organizational Unit Name (eg, section) [My Organizational Unit]: " cert_ou
-
-read -p "Email Address [me@example.net]: " cert_email
-
-read -p "Common Name (eg, your name or your server's hostname) [ChangeMe]: " key_cn
-
-
-printf "\n################## Creating the certificates ##################\n"
-
-EASYRSA_RELEASES=( $(
-  curl -s https://api.github.com/repos/OpenVPN/easy-rsa/releases | \
-  grep 'tag_name' | \
-  grep -E '3(\.[0-9]+)+' | \
-  awk '{ print $2 }' | \
-  sed 's/[,|"|v]//g'
-) )
-EASYRSA_LATEST=${EASYRSA_RELEASES[0]}
-
-# Get the rsa keys
-wget -q https://github.com/OpenVPN/easy-rsa/releases/download/v${EASYRSA_LATEST}/EasyRSA-${EASYRSA_LATEST}.tgz
-tar -xaf EasyRSA-${EASYRSA_LATEST}.tgz
-mv EasyRSA-${EASYRSA_LATEST} /etc/openvpn/easy-rsa
-rm -r EasyRSA-${EASYRSA_LATEST}.tgz
-cd /etc/openvpn/easy-rsa
-
-if [[ ! -z $key_size ]]; then
-  export EASYRSA_KEY_SIZE=$key_size
-fi
-if [[ ! -z $ca_expire ]]; then
-  export EASYRSA_CA_EXPIRE=$ca_expire
-fi
-if [[ ! -z $cert_expire ]]; then
-  export EASYRSA_CERT_EXPIRE=$cert_expire
-fi
-if [[ ! -z $cert_country ]]; then
-  export EASYRSA_REQ_COUNTRY=$cert_country
-fi
-if [[ ! -z $cert_province ]]; then
-  export EASYRSA_REQ_PROVINCE=$cert_province
-fi
-if [[ ! -z $cert_city ]]; then
-  export EASYRSA_REQ_CITY=$cert_city
-fi
-if [[ ! -z $cert_org ]]; then
-  export EASYRSA_REQ_ORG=$cert_org
-fi
-if [[ ! -z $cert_ou ]]; then
-  export EASYRSA_REQ_OU=$cert_ou
-fi
-if [[ ! -z $cert_email ]]; then
-  export EASYRSA_REQ_EMAIL=$cert_email
-fi
-if [[ ! -z $key_cn ]]; then
-  export EASYRSA_REQ_CN=$key_cn
-fi
-
-# Init PKI dirs and build CA certs
-./easyrsa init-pki
-./easyrsa build-ca nopass
-# Generate Diffie-Hellman parameters
-./easyrsa gen-dh
-# Genrate server keypair
-./easyrsa build-server-full server nopass
-
-# Generate shared-secret for TLS Authentication
-openvpn --genkey --secret pki/ta.key
-
-
-printf "\n################## Setup OpenVPN ##################\n"
-
-# Copy certificates and the server configuration in the openvpn directory
-cp /etc/openvpn/easy-rsa/pki/{ca.crt,ta.key,issued/server.crt,private/server.key,dh.pem} "/etc/openvpn/"
-cp "$base_path/installation/server.conf" "/etc/openvpn/"
-mkdir "/etc/openvpn/ccd"
-sed -i "s/port 443/port $server_port/" "/etc/openvpn/server.conf"
-
-if [ $openvpn_proto = "udp" ]; then
-  sed -i "s/proto tcp/proto $openvpn_proto/" "/etc/openvpn/server.conf"
-fi
-
-nobody_group=$(id -ng nobody)
-sed -i "s/group nogroup/group $nobody_group/" "/etc/openvpn/server.conf"
-
-printf "\n################## Setup firewall ##################\n"
-
-# Make ip forwading and make it persistent
-echo 1 > "/proc/sys/net/ipv4/ip_forward"
-echo "net.ipv4.ip_forward = 1" >> "/etc/sysctl.conf"
-
-# Iptable rules
-iptables -I FORWARD -i tun0 -j ACCEPT
-iptables -I FORWARD -o tun0 -j ACCEPT
-iptables -I OUTPUT -o tun0 -j ACCEPT
-
-iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
-iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-iptables -t nat -A POSTROUTING -s 10.8.0.2/24 -o eth0 -j MASQUERADE
-
-
-printf "\n################## Setup MySQL database ##################\n"
-
-echo "CREATE DATABASE \`openvpn-admin\`" | mysql -u root --password="$mysql_root_pass"
-echo "CREATE USER $mysql_user@localhost IDENTIFIED BY '$mysql_pass'" | mysql -u root --password="$mysql_root_pass"
-echo "GRANT ALL PRIVILEGES ON \`openvpn-admin\`.*  TO $mysql_user@localhost" | mysql -u root --password="$mysql_root_pass"
-echo "FLUSH PRIVILEGES" | mysql -u root --password="$mysql_root_pass"
-
-
-printf "\n################## Setup web application ##################\n"
-
-# Copy bash scripts (which will insert row in MySQL)
-cp -r "$base_path/installation/scripts" "/etc/openvpn/"
-chmod +x "/etc/openvpn/scripts/"*
-
-# Configure MySQL in openvpn scripts
-sed -i "s/USER=''/USER='$mysql_user'/" "/etc/openvpn/scripts/config.sh"
-sed -i "s/PASS=''/PASS='$mysql_pass'/" "/etc/openvpn/scripts/config.sh"
-
-# Create the directory of the web application
-mkdir "$openvpn_admin"
-cp -r "$base_path/"{index.php,sql,bower.json,.bowerrc,js,include,css,installation/client-conf} "$openvpn_admin"
-
-# New workspace
-cd "$openvpn_admin"
-
-# Replace config.php variables
-sed -i "s/\$user = '';/\$user = '$mysql_user';/" "./include/config.php"
-sed -i "s/\$pass = '';/\$pass = '$mysql_pass';/" "./include/config.php"
-
-# Replace in the client configurations with the ip of the server and openvpn protocol
-for file in "./client-conf/gnu-linux/client.conf" "./client-conf/osx-viscosity/client.conf" "./client-conf/windows/client.ovpn"; do
-  sed -i "s/remote xxx\.xxx\.xxx\.xxx 443/remote $ip_server $server_port/" $file
-
-  if [ $openvpn_proto = "udp" ]; then
-    sed -i "s/proto tcp-client/proto udp/" $file
-  fi
-done
-
-# Copy ta.key inside the client-conf directory
-for directory in "./client-conf/gnu-linux/" "./client-conf/osx-viscosity/" "./client-conf/windows/"; do
-  cp "/etc/openvpn/"{ca.crt,ta.key} $directory
-done
-
-# Install third parties
-bower --allow-root install
-chown -R "$user:$group" "$openvpn_admin"
+source ./install/00_env.sh
+source ./install/01_mysql.sh
+source ./install/02_app.sh
+source ./install/03_certificate.sh
+source ./install/04_openvpn.sh
+source ./install/05_firewall.sh

 printf "\033[1m\n#################################### Finish ####################################\n"

 echo -e "# Congratulations, you have successfully setup OpenVPN-Admin! #\r"
-echo -e "Please, finish the installation by configuring your web server (Apache, NGinx...)"
+echo -e "Please, finish the installation by configuring your web server (Apache, Nginx...)"
 echo -e "and install the web application by visiting http://your-installation/index.php?installation\r"
 echo -e "Then, you will be able to run OpenVPN with systemctl start openvpn@server\r"
 echo "Please, report any issues here https://github.com/Chocobozzz/OpenVPN-Admin"
+
 printf "\n################################################################################ \033[0m\n"
--- a/scripts/install/00_env.sh
+++ b/scripts/install/00_env.sh
@ -0,0 +1,49 @@
+#!/bin/bash
+
+printf "\n################## Server informations ##################\n"
+
+[ ! -z "$VPN_LOCAL" ] && echo "VPN_LOCAL=$VPN_LOCAL"
+[ -z "$VPN_LOCAL" ]  && read -p "Server local Hostname/IP: " VPN_LOCAL
+[ -z "$VPN_LOCAL" ]  && print_error "Server local address is required!"
+
+[ ! -z "$VPN_REMOTE" ] && echo "VPN_LOCAL=$VPN_REMOTE"
+[ -z "$VPN_REMOTE" ]  && read -p "Server remote Hostname/IP: " VPN_REMOTE
+[ -z "$VPN_REMOTE" ]  && print_error "Server remote address is required!"
+
+[ ! -z "$VPN_PROTO" ] && echo "VPN_PROTO=$VPN_PROTO"
+[ -z "$VPN_PROTO" ] && read -p "OpenVPN protocol (tcp or udp) [tcp]: " VPN_PROTO
+[ -z "$VPN_PROTO" ] && VPN_PROTO="tcp"
+
+[ ! -z "$VPN_PORT" ] && echo "VPN_PORT=$VPN_PORT"
+[ -z "$VPN_PORT" ]  && read -p "OpenVPN port [443]: " VPN_PORT
+[ -z "$VPN_PORT" ]  && VPN_PORT="443"
+
+[ ! -z "$VPN_GROUP" ] && echo "VPN_GROUP=$VPN_GROUP"
+[ -z "$VPN_GROUP" ] && read -p "OpenVPN group [nogroup]: " VPN_GROUP
+[ -z "$VPN_GROUP" ] && VPN_GROUP="nogroup"
+
+[ ! -z "$VPN_INIF" ] && echo "VPN_INIF=$VPN_INIF"
+[ -z "$VPN_INIF" ]  && read -p "OpenVPN input interface [tun0]: " VPN_INIF
+[ -z "$VPN_INIF" ]  && VPN_INIF="tun0"
+
+[ ! -z "$VPN_OUTIF" ] && echo "VPN_OUTIF=$VPN_OUTIF"
+[ -z "$VPN_OUTIF" ] && read -p "OpenVPN output interface [eth0]: " VPN_OUTIF
+[ -z "$VPN_OUTIF" ] && VPN_OUTIF="eth0"
+
+[ ! -z "$VPN_NET" ] && echo "VPN_NET=$VPN_NET"
+[ -z "$VPN_NET" ]   && read -p "OpenVPN clients subnet [10.8.0.0/24]: " VPN_NET
+[ -z "$VPN_NET" ]   && VPN_NET="10.8.0.0/24"
+
+
+printf "\n################## Certificates informations ##################\n"
+
+[ -z "$EASYRSA_KEY_SIZE" ]      && read -p "Key size (1024, 2048 or 4096) [2048]: " EASYRSA_KEY_SIZE
+[ -z "$EASYRSA_CA_EXPIRE" ]     && read -p "Root certificate expiration (in days) [3650]: " EASYRSA_CA_EXPIRE
+[ -z "$EASYRSA_CERT_EXPIRE" ]   && read -p "Certificate expiration (in days) [3650]: " EASYRSA_CERT_EXPIRE
+[ -z "$EASYRSA_REQ_COUNTRY" ]   && read -p "Country Name (2 letter code) [US]: " EASYRSA_REQ_COUNTRY
+[ -z "$EASYRSA_REQ_PROVINCE" ]  && read -p "State or Province Name (full name) [California]: " EASYRSA_REQ_PROVINCE
+[ -z "$EASYRSA_REQ_CITY" ]      && read -p "Locality Name (eg, city) [San Francisco]: " EASYRSA_REQ_CITY
+[ -z "$EASYRSA_REQ_ORG" ]       && read -p "Organization Name (eg, company) [Copyleft Certificate Co]: " EASYRSA_REQ_ORG
+[ -z "$EASYRSA_REQ_OU" ]        && read -p "Organizational Unit Name (eg, section) [My Organizational Unit]: " EASYRSA_REQ_OU
+[ -z "$EASYRSA_REQ_EMAIL" ]     && read -p "Email Address [me@example.net]: " EASYRSA_REQ_EMAIL
+[ -z "$EASYRSA_REQ_CN" ]        && read -p "Common Name (eg, your name or your server's hostname) [ChangeMe]: " EASYRSA_REQ_CN
--- a/scripts/install/01_mysql.sh
+++ b/scripts/install/01_mysql.sh
@ -0,0 +1,53 @@
+#!/bin/bash
+
+function mysql_exec()
+{
+    echo "$1" | mysql -u root --password="$mysql_root_pass" &> /dev/null
+}
+
+printf "\n################## Setup MySQL database ##################\n"
+
+[ ! -z "$DB_HOST" ] && echo "DB_HOST=$DB_HOST"
+[ -z "$DB_HOST" ]  && read -p "MySQL database host: " DB_HOST
+[ -z "$DB_HOST" ]  && print_error "MySQL database host is required!"
+
+# Get root pass (to create the database and the user)
+mysql_root_pass=""
+status_code=1
+
+while [ $status_code -ne 0 ]; do
+  read -p "MySQL root password: " -s mysql_root_pass; echo
+  mysql_exec "SHOW DATABASES"
+  status_code=$?
+done
+
+[ ! -z "$DB_NAME" ] && echo "DB_NAME=$DB_NAME"
+[ -z "$DB_NAME" ]  && read -p "MySQL database name: " DB_NAME
+[ -z "$DB_NAME" ]  && print_error "MySQL database name is required!"
+
+[ ! -z "$DB_USER" ] && echo "DB_USER=$DB_USER"
+[ -z "$DB_USER" ]  && read -p "MySQL user name for $DB_NAME (will be created): " DB_USER
+[ -z "$DB_USER" ]  && print_error "MySQL user is required!"
+
+[ ! -z "$DB_PASS" ] && echo "DB_PASS=$DB_PASS"
+[ -z "$DB_PASS" ]  && read -p "MySQL user password for $DB_USER: " DB_PASS
+[ -z "$DB_PASS" ]  && print_error "MySQL user password is required!"
+
+sql_result=$(mysql_exec "SHOW DATABASES" | grep -e "^$DB_NAME$")
+
+# Check if the database doesn't already exist
+if [ "$sql_result" != "" ]; then
+  echo "The $DB_NAME database already exists."
+  exit
+fi
+
+mysql_exec "SHOW GRANTS FOR $DB_USER@localhost"
+if [ $? -eq 0 ]; then
+  echo "The MySQL user already exists."
+  exit
+fi
+
+mysql_exec "CREATE DATABASE \`$DB_NAME\`"
+mysql_exec "CREATE USER $DB_USER@% IDENTIFIED BY '$DB_PASS'"
+mysql_exec "GRANT ALL PRIVILEGES ON \`$DB_NAME\`.*  TO $DB_USER@%"
+mysql_exec "FLUSH PRIVILEGES"
--- a/scripts/install/02_app.sh
+++ b/scripts/install/02_app.sh
@ -0,0 +1,12 @@
+#!/bin/bash
+
+printf "\n################## Setup web application ##################\n"
+
+# Install third parties
+npm install
+
+# Create the directory of the web application
+mkdir -p "$openvpn_admin"
+cp -r "$base_path/"{app/,public/,vendor/,.env} "$openvpn_admin"
+
+chown -R "$user:$group" "$openvpn_admin"
--- a/scripts/install/03_certificate.sh
+++ b/scripts/install/03_certificate.sh
@ -0,0 +1,30 @@
+#!/bin/bash
+
+printf "\n################## Creating the certificates ##################\n"
+
+EASYRSA_RELEASES=( $(
+  curl -s https://api.github.com/repos/OpenVPN/easy-rsa/releases | \
+  grep 'tag_name' | \
+  grep -E '3(\.[0-9]+)+' | \
+  awk '{ print $2 }' | \
+  sed 's/[,|"|v]//g'
+) )
+EASYRSA_LATEST=${EASYRSA_RELEASES[0]}
+
+# Get the rsa keys
+wget -q https://github.com/OpenVPN/easy-rsa/releases/download/v${EASYRSA_LATEST}/EasyRSA-${EASYRSA_LATEST}.tgz -O /tmp/EasyRSA-${EASYRSA_LATEST}.tgz
+mkdir -p /etc/openvpn/easy-rsa
+tar -xaf /tmp/EasyRSA-${EASYRSA_LATEST}.tgz -C /etc/openvpn/easy-rsa --strip-components=1
+rm -r /tmp/EasyRSA-${EASYRSA_LATEST}.tgz
+cd /etc/openvpn/easy-rsa
+
+# Init PKI dirs and build CA certs
+./easyrsa --batch init-pki
+./easyrsa --batch build-ca nopass
+# Generate Diffie-Hellman parameters
+./easyrsa --batch gen-dh
+# Generate server keypair
+./easyrsa --batch build-server-full server nopass
+
+# Generate shared-secret for TLS Authentication
+openvpn --genkey --secret pki/ta.key
--- a/scripts/install/04_openvpn.sh
+++ b/scripts/install/04_openvpn.sh
@ -0,0 +1,15 @@
+#!/bin/bash
+
+printf "\n################## Setup OpenVPN ##################\n"
+
+# Copy certificates and the server configuration in the openvpn directory
+cp /etc/openvpn/easy-rsa/pki/{ca.crt,ta.key,issued/server.crt,private/server.key,dh.pem} "/etc/openvpn/"
+chmod +r /etc/openvpn/{ca.crt,ta.key}
+cp "$base_path/../configs/server.conf" "/etc/openvpn/"
+mkdir -p "/etc/openvpn/ccd"
+sed -i "
+s/VPN_SERVER/$VPN_SERVER/;
+s/VPN_PORT/$VPN_PORT/;
+s/VPN_INIF/$VPN_INIF/;
+s/VPN_PROTO/$VPN_PROTO/;
+s/VPN_GROUP/$VPN_GROUP/" "/etc/openvpn/server.conf"
--- a/scripts/install/05_firewall.sh
+++ b/scripts/install/05_firewall.sh
@ -0,0 +1,16 @@
+#!/bin/bash
+
+printf "\n################## Setup firewall ##################\n"
+
+# Make ip forwading and make it persistent
+echo 1 > "/proc/sys/net/ipv4/ip_forward"
+echo "net.ipv4.ip_forward = 1" >> "/etc/sysctl.conf"
+
+# Iptable rules
+iptables -I FORWARD -i $VPN_INIF -j ACCEPT
+iptables -I FORWARD -o $VPN_INIF -j ACCEPT
+iptables -I OUTPUT -o $VPN_INIF -j ACCEPT
+
+iptables -A FORWARD -i $VPN_INIF -o $VPN_OUTIF -j ACCEPT
+iptables -t nat -A POSTROUTING -o $VPN_OUTIF -j MASQUERADE
+iptables -t nat -A POSTROUTING -s $VPN_NET -o $VPN_OUTIF -j MASQUERADE