Tool Crappy aCis Installer Ubuntu 22/24

[Drakken]

I have not touched a L2J style server in probably 13-14 years, as part of my "re-education" on server stuff I decided to build a installation script, hope some of you find it useful.

NOTE: This script should only be run on a fresh Ubuntu 22/24 install, must be ran as root. I have only tested on 22 so far.

What it does:

- Checks to make sure you are root and are using Ubuntu 22/24
- Creates a system user for running aCis
- Installs java jdk 21, Mariadb, Apache2 + PHP, Adminer, Ant
- Created user and database for gameserver and login server
- Creates user for Adminer
- Adds second layer of security for Adminer (apache2 auth)
- Runs secure_installation on Mariadb
- Makes all .sh files executeable
- Fills in Mariadb database information in database_installer.sh, config/server.properties, config/loginserver.properties
- Runs database_installer.sh
- Fetches aCis repository and builds it (supports public and private repo)
- Moves all needed files into <user>/acis-built
- Enables UFW and opens needed ports: 22, 80, 2106, 7777
- Installs fail2ban and configures protection for sshd (max 3 fails)
- Retrieves geodata from http://anothercrappyinterludeserver.com/files/ and unpacks it in correct place
- Fills in server IP in loginserver.properties

Script is here: https://github.com/Salty-Dragon/aCis-installer-ubuntu

 

Help etc hop on Discord: https://discord.gg/QuZTw8pn3E

 

 

Edited June 10 by Drakken
add discord

[Nightw0lf]

I totally understand the whole installation but why port 80 and apache+php and adminer i think they should be optional and also be asked about opening 3306 or XXXX and listen to *

thanks 

[Drakken]

15 hours ago, Nightw0lf said:

I totally understand the whole installation but why port 80 and apache+php and adminer i think they should be optional and also be asked about opening 3306 or XXXX and listen to *

thanks 

 

I am planning on making adminer optional which would also make php and apache2 optional, I just haven't had time yet. That script I made for myself and I know that I want adminer

 

"

and also be asked about opening 3306 or XXXX and listen to *

thanks "

 

Could you explain this a bit more? I am not sure I should offer the option to open port 3306 as that is a bad thing unless you know what you are doing, and if you know what you are doing it is a simple thing to open it yourself after.

 

Listen to * is this for login / gameserver or Mariadb?

[Nightw0lf]

well i mean mariadb listen to *

and the port should be offered since you are already there you probably know how to make a user with rights

 

still i am talking for what i would like, thats why it should be like optional it would be so cool and could be used for other projects and just in case you dont know this you can execute it through terminal from the github in one command so you can update it live and give the users the command only, when you play with unix its just like that

bash <(curl -s https://raw.githubusercontent.com/Salty-Dragon/aCis-installer-ubuntu/main/crappy-aCis-installer.sh)

bash <(wget -qO- https://raw.githubusercontent.com/Salty-Dragon/aCis-installer-ubuntu/main/crappy-aCis-installer.sh)

some examples to play with

[Drakken]

On 6/13/2025 at 1:25 AM, Nightw0lf said:

well i mean mariadb listen to *

and the port should be offered since you are already there you probably know how to make a user with rights

 

still i am talking for what i would like, thats why it should be like optional it would be so cool and could be used for other projects and just in case you dont know this you can execute it through terminal from the github in one command so you can update it live and give the users the command only, when you play with unix its just like that

bash <(curl -s https://raw.githubusercontent.com/Salty-Dragon/aCis-installer-ubuntu/main/crappy-aCis-installer.sh)

bash <(wget -qO- https://raw.githubusercontent.com/Salty-Dragon/aCis-installer-ubuntu/main/crappy-aCis-installer.sh)

some examples to play with

 

 

Mariadb is set to bind only to 127.0.0.1 and if netstat for example shows a second column like "listen 0.0.0.0:*" which is kind of confusing but actually represents potential remote addresses which can connect which because of bind to 127.0.0.1 means only 127.0.0.1 can connect. If you disable the firewall and try to connect from outside you will see it is not possible.

 

Thanks for the commands, I do know about these but had not thought about them, thank you

 

I will probably make some updates to the escipt this week based on yours and others feedback 

[Nightw0lf]

20 hours ago, Drakken said:

but actually represents potential remote addresses

correct  

[Seamless]

One thing i want to add  is disabling root login, creating a new user with sudo privileges, setting up SSH key authentication and completely disabling password  logins and also avoid  exposure on port 80 completely. it's much better to manage them directly from your local machine using IP whitelisting on database user or firewall-iptables. This way, only trusted IPs have access. Even better ssh tunnel. Good job though.