From ea7d6ba2a614509f04ba262ba414a555446b102d Mon Sep 17 00:00:00 2001 From: Christoph Date: Mon, 23 Sep 2024 15:30:09 +0200 Subject: [PATCH] install-mattermost.sh: add support for postgreSQL. --- install-mattermost.sh | 654 +++++++++++++++++++++++++++++++++--------- 1 file changed, 518 insertions(+), 136 deletions(-) diff --git a/install-mattermost.sh b/install-mattermost.sh index a55b6e9..eaf9105 100755 --- a/install-mattermost.sh +++ b/install-mattermost.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash - + script_name="$(basename $(realpath $0))" working_dir="$(dirname $(realpath $0))" @@ -205,6 +205,8 @@ DEFAULT_MATTERMOST_USER="mattermost" DEFAULT_DB_NAME="mattermost" DEFAULT_DB_USER="mattermost" +DEFAUTL_DB_TYPE="psql" + # generate random password regexp_digit="([23456789].*){2}" regexp_special_char="([-_%+].*){2}" @@ -242,6 +244,22 @@ fi [[ -n "$FQHN_HOSTNAME" ]] && DEFAULT_FQHN_HOSTNAME="$FQHN_HOSTNAME" +if [[ -n "$DB_TYPE" ]] ; then + if [[ "${DB_TYPE,,}" = "postgres" ]] || [[ "${DB_TYPE,,}" = "postgresql" ]] || [[ "${DB_TYPE,,}" = "pgsql" ]] || [[ "${DB_TYPE,,}" = "psql" ]] ; then + + DEFAULT_DB_TYPE=pgsql + + elif [[ "${DB_TYPE,,}" = "mysql" ]] ; then + + DEFAULT_DB_TYPE=mysql + + else + fatal "Wrong or empty Database Type (DB_TYPE) - must be 'mysql' or 'pgsql'." + fi +else + DEFAULT_DB_TYPE=pgsql +fi + [[ -n "$DB_NAME" ]] && DEFAULT_DB_NAME="$DB_NAME" [[ -n "$DB_USER" ]] && DEFAULT_DB_NAME="$DB_USER" [[ -n "$DB_PASS" ]] && DEFAULT_DB_PASS="$DB_PASS" @@ -344,6 +362,45 @@ do done +DB_TYPE="" +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Choose Database Type" +echo "" +if [[ "$DEFAULT_DB_TYPE" = "mysql" ]]; then + echo -e "\033[3G\033[37m\033[1m[1] MySQL\033[m" +else + echo -e "\033[3G[1] MySQL" +fi +if [[ "$DEFAULT_DB_TYPE" = "pgsql" ]] ; then + echo -e "\033[3G[2] \033[37m\033[1mPostgeSQL\033[m" +else + echo -e "\033[3G[2] PostgeSQL" +fi +echo "" +echo "Type a number or press to choose highlighted value" +echo "" +echononl "Eingabe: " +while [ "$DB_TYPE" != "mysql" -a "$DB_TYPE" != "pgsql" ]; do + read OPTION + case $OPTION in + 1) + DB_TYPE="mysql" + ;; + 2) + DB_TYPE="pgsql" + ;; + '') DB_TYPE=$DEFAULT_DB_TYPE + ;; + *) + echo "" + echo -e "\033[3GFalsche Eingabe ! [ 1 = MySQL ; 2 = PostgreSQL ] or type " + echo "" + echononl "Eingabe: " + ;; + esac +done DB_NAME= @@ -418,44 +475,44 @@ else done fi - -if [[ -n "$MYSQL_CREDENTIAL_ARGS" ]] ; then - if ! $(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e 'quit' > /dev/null 2>&1) ; then - fatal "Parameter MYSQL_CREDENTIAL_ARGS is given, but a connection to MySQL Service failed.!" - fi - USE_MYSQL_CREDENTIAL_ARGS=true -else - USE_MYSQL_CREDENTIAL_ARGS=false - - _MYSQL_ROOT_PW="" - echo "" - echo -e "\033[32m--\033[m" - echo "" - echo "Insert root password of MySQL Database Service" - echo "" - while [ "X${_MYSQL_ROOT_PW}" = "X" ]; do - - echononl "Passworteingabe: " - read -s _MYSQL_ROOT_PW - if [ "X${_MYSQL_ROOT_PW}" = "X" ]; then - echo -e "\n\t\033[33m\033[1mPassworteingabe erforderlich!\033[m\n" - continue +if [[ "$DB_TYPE" = "mysql" ]] ; then + if [[ -n "$MYSQL_CREDENTIAL_ARGS" ]] ; then + if ! $(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e 'quit' > /dev/null 2>&1) ; then + fatal "Parameter MYSQL_CREDENTIAL_ARGS is given, but a connection to MySQL Service failed.!" fi - if $(pgrep mysqld_safe > /dev/null 2>&1) || $(pgrep mysqld > /dev/null 2>&1); then - if $(mysql --user="root" --password="$_MYSQL_ROOT_PW" -N -s -e 'quit' > /dev/null 2>&1) ; then - MYSQL_ROOT_PW=$_MYSQL_ROOT_PW - else - echo -e "\n\t\033[33m\033[1mFalsches Passwort\033[m\n" - _MYSQL_ROOT_PW="" + USE_MYSQL_CREDENTIAL_ARGS=true + else + USE_MYSQL_CREDENTIAL_ARGS=false + + _MYSQL_ROOT_PW="" + echo "" + echo -e "\033[32m--\033[m" + echo "" + echo "Insert root password of MySQL Database Service" + echo "" + while [ "X${_MYSQL_ROOT_PW}" = "X" ]; do + + echononl "Passworteingabe: " + read -s _MYSQL_ROOT_PW + if [ "X${_MYSQL_ROOT_PW}" = "X" ]; then + echo -e "\n\t\033[33m\033[1mPassworteingabe erforderlich!\033[m\n" + continue fi - else - fatal "MySQL seems not be running. Start MySQL Service and try installing mattermost again." - fi - done + if $(pgrep mysqld_safe > /dev/null 2>&1) || $(pgrep mysqld > /dev/null 2>&1); then + if $(mysql --user="root" --password="$_MYSQL_ROOT_PW" -N -s -e 'quit' > /dev/null 2>&1) ; then + MYSQL_ROOT_PW=$_MYSQL_ROOT_PW + else + echo -e "\n\t\033[33m\033[1mFalsches Passwort\033[m\n" + _MYSQL_ROOT_PW="" + fi + else + fatal "MySQL seems not be running. Start MySQL Service and try installing mattermost again." + fi + done + fi fi - echo "" echo "" echo -e "\t\033[32mStart install script for Mattermost Server with the following parameters\033[m" @@ -469,12 +526,20 @@ echo -e "\tMattermost user..........: $MATTERMOST_USER" echo -e "\tMattermost group.........: $MATTERMOST_GROUP" echo "" echo "" -if $USE_MYSQL_CREDENTIAL_ARGS ; then - echo -e "\tMYSQL_CREDENTIAL_ARGS....: $MYSQL_CREDENTIAL_ARGS" +if [[ "${DB_TYPE}" = "pgsql" ]] ; then + echo -e "\tDatabase Type............: PostgreSQL" else - echo -e "\tRoot password MySQL......: **" + echo -e "\tDatabase Type............: MySQL" fi echo "" +if [[ "${DB_TYPE}" = "mysql" ]]; then + if $USE_MYSQL_CREDENTIAL_ARGS ; then + echo -e "\tMYSQL_CREDENTIAL_ARGS....: $MYSQL_CREDENTIAL_ARGS" + else + echo -e "\tRoot password MySQL......: **" + fi + echo "" +fi echo -e "\tDatabase Name............: $DB_NAME" echo -e "\tDatabase User............: $DB_USER" echo -e "\tDatabase Password........: $DB_PASS" @@ -519,19 +584,60 @@ if $nginx_installed ; then echo -e "\033[85G[ \033[32mYES\033[m ]" else echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]" + + echo "" + echononl "\033[1mcontinue anyway\033[m [yes/no]: " + read OK + while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/nno]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Abbruch durch User" fi _failed=false -echononl "Check if MySQL Database Service is installed.." -if $(dpkg -s mysql-server > "$log_file" 2>&1) ; then - mysql_server_installed=true +if [[ "${DB_TYPE}" = "mysql" ]]; then + echononl "Check if MySQL Database Service is installed.." + if $(dpkg -s mysql-server > "$log_file" 2>&1) ; then + mysql_server_installed=true + else + mysql_server_installed=false + fi + if $mysql_server_installed ; then + echo -e "\033[85G[ \033[32mYES\033[m ]" + else + echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]" + + echo "" + echononl "\033[1mcontinue anyway\033[m [yes/no]: " + read OK + while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/nno]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Abbruch durch User" + fi else - mysql_server_installed=false -fi -if $mysql_server_installed ; then - echo -e "\033[85G[ \033[32mYES\033[m ]" -else - echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]" + echononl "Check if PostgreSQL Database Service is installed.." + if $(dpkg -s postgresql > "$log_file" 2>&1) ; then + postgresql_server_installed=true + else + postgresql_server_installed=false + fi + if $postgresql_server_installed ; then + echo -e "\033[85G[ \033[32mYES\033[m ]" + else + echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]" + + echo "" + echononl "\033[1mcontinue anyway\033[m [yes/no]: " + read OK + while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/nno]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Abbruch durch User" + fi fi @@ -556,15 +662,15 @@ if ! $nginx_installed || ! $mysql_server_installed ; then if ! $cert_present ; then - fatal "Prerequisites are a correct installation of the NGINX Web Service as well - as a correct installation of the MySQL database service. - - It's also highly recommended to have a valid certificate for your + fatal "Prerequisites are a correct installation of the NGINX Web Service as well + as a correct installation of the MySQL database service. + + It's also highly recommended to have a valid certificate for your FQHN Hostname '${FQHN_HOSTNAME}'." else - fatal "Prerequisites are a correct installation of the NGINX Web Service as well + fatal "Prerequisites are a correct installation of the NGINX Web Service as well as a correct installation of the MySQL database service." fi @@ -603,54 +709,199 @@ fi blank_line -echononl "Create Database User '${DB_USER}' with Password '${DB_PASS}'.." -if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ - "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '$DB_USER')" 2>/dev/null)" = 1 ]]; then - echo_skipped -else + +if [[ "${DB_TYPE}" = "mysql" ]] ; then + echononl "Create MySQL Database User '${DB_USER}' with Password '${DB_PASS}'.." + if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ + "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '$DB_USER')" 2>/dev/null)" = 1 ]]; then + echo_skipped + else + mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ + "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '${DB_PASS}'" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + fi + + echononl "Create MySQL Database '${DB_NAME}'.." + if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ + "SHOW DATABASES LIKE '${DB_NAME}'" 2>/dev/null)" = "${DB_NAME}" ]]; then + + echo_skipped + else + mysql $MYSQL_CREDENTIAL_ARGS -N -s -e "CREATE DATABASE ${DB_NAME}" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + fi + + echononl "Grant access privileges to the user '${DB_USER}'’." mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ - "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '${DB_PASS}'" > "$log_file" 2>&1 + "GRANT ALL PRIVILEGES ON ${DB_NAME}.* to '${DB_USER}'@'localhost';" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi -fi -echononl "Create Database '${DB_NAME}'.." -if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ - "SHOW DATABASES LIKE '${DB_NAME}'" 2>/dev/null)" = "${DB_NAME}" ]]; then - - echo_skipped -else - mysql $MYSQL_CREDENTIAL_ARGS -N -s -e "CREATE DATABASE ${DB_NAME}" > "$log_file" 2>&1 + echononl "FLUSH PRIVILEGES to dadabase engine .." + mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ + "FLUSH PRIVILEGES" > "$log_file" 2>&1 if [[ $? -ne 0 ]]; then echo_failed error "$(cat "$log_file")" else echo_ok fi -fi - -echononl "Grant access privileges to the user '${DB_USER}'’." -mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ - "GRANT ALL PRIVILEGES ON ${DB_NAME}.* to '${DB_USER}'@'localhost';" > "$log_file" 2>&1 -if [[ $? -ne 0 ]]; then - echo_failed - error "$(cat "$log_file")" else - echo_ok -fi -echononl "FLUSH PRIVILEGES to dadabase engine .." -mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ - "FLUSH PRIVILEGES" > "$log_file" 2>&1 -if [[ $? -ne 0 ]]; then - echo_failed - error "$(cat "$log_file")" -else - echo_ok + # Check if PostgreSQL database '$DB_NAME' exists .. + # + count=$(su - postgres -c "psql -q -A -t -l" | grep -c -e "^$DB_NAME") + if [[ $count -eq 0 ]];then + database_exists=false + else + database_exists=true + fi + +# sudo -u postgres psql -c "CREATE DATABASE ${DB_NAME};" > $log_file 2>&1 +# sudo -u postgres psql -c "CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASS}';" > $log_file 2>&1 +# sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} to ${DB_USER};" > $log_file 2>&1 +# sudo -u postgres psql -c "ALTER DATABASE ${DB_NAME} OWNER TO ${DB_USER};" > $log_file 2>&1 +# sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO ${DB_USER};" > $log_file 2>&1 + + echononl "Create PostgreSQL database '${DB_NAME}'.." + if $database_exists ; then + echo_skipped + else + sudo -u postgres psql -c "CREATE DATABASE ${DB_NAME};" > $log_file 2>&1 + + if [[ $? -ne 0 ]] ; then + echo_failed + error "$(cat "$log_file")" + + echo "" + echononl "\033[1mcontinue anyway\033[m [yes/no]: " + read OK + while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/nno]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Abbruch durch User" + + else + echo_ok + fi + + fi + + echononl "Create PostgreSQL database user ${DB_USER}.." + if $database_exists ; then + echo_skipped + else + + sudo -u postgres psql -c "CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASS}';" > $log_file 2>&1 + + if [[ $? -ne 0 ]] ; then + echo_failed + error "$(cat "$log_file")" + + echo "" + echononl "\033[1mcontinue anyway\033[m [yes/no]: " + read OK + while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/nno]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Abbruch durch User" + + else + echo_ok + fi + fi + + echononl "Grant the user access to the Mattermost database.." + if $database_exists ; then + echo_skipped + else + + sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} to ${DB_USER};" > $log_file 2>&1 + + if [[ $? -ne 0 ]] ; then + echo_failed + error "$(cat "$log_file")" + + echo "" + echononl "\033[1mcontinue anyway\033[m [yes/no]: " + read OK + while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/nno]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Abbruch durch User" + + else + echo_ok + fi + fi + + echononl "Change the owner of database '${DB_NAME}' to '${DB_USER}'.." + if $database_exists ; then + echo_skipped + else + + sudo -u postgres psql -c "ALTER DATABASE ${DB_NAME} OWNER TO ${DB_USER};" > $log_file 2>&1 + + if [[ $? -ne 0 ]] ; then + echo_failed + error "$(cat "$log_file")" + + echo "" + echononl "\033[1mcontinue anyway\033[m [yes/no]: " + read OK + while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/nno]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Abbruch durch User" + + else + echo_ok + fi + fi + + echononl "Grant access to objects contained in the specified schema.." + if $database_exists ; then + echo_skipped + else + + sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO ${DB_USER};" > $log_file 2>&1 + + if [[ $? -ne 0 ]] ; then + echo_failed + error "$(cat "$log_file")" + + echo "" + echononl "\033[1mcontinue anyway\033[m [yes/no]: " + read OK + while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/nno]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Abbruch durch User" + + else + echo_ok + fi + fi + fi @@ -756,52 +1007,100 @@ echo -e "\033[37m\033[1mConfigure Mattermost - file '/opt/mattermost/config/conf echo echononl "Set up 'SqlSettings'.." -if ! $(grep -q -E "^\s*\"DriverName\":\s+mysql" /opt/mattermost/config/config.json 2> "$log_file") ; then +if [[ "${DB_TYPE}" = "mysql" ]] ; then + if ! $(grep -q -E "^\s*\"DriverName\":\s+mysql" /opt/mattermost/config/config.json 2> "$log_file") ; then - _found=false - :> ${LOCK_DIR}/config.json - :> $log_file + _found=false + :> ${LOCK_DIR}/config.json + :> $log_file - while IFS='' read -r _line || [[ -n $_line ]] ; do + while IFS='' read -r _line || [[ -n $_line ]] ; do - if $_found && echo "$_line" | grep -iq -E "^\s*\"DriverName\":" 2> /dev/null ; then - cat <> ${LOCK_DIR}/config.json 2> "$log_file" - "DriverName": "mysql", + if $_found && echo "$_line" | grep -iq -E "^\s*\"DriverName\":" 2> /dev/null ; then + cat <> ${LOCK_DIR}/config.json 2> "$log_file" + "DriverName": "mysql", EOF - elif $_found && echo "$_line" | grep -iq -E "^\s*\"DataSource\":" 2> /dev/null ; then - cat <> ${LOCK_DIR}/config.json 2> "$log_file" - "DataSource": "${DB_USER}:${DB_PASS}@tcp(localhost:3306)/${DB_NAME}?charset=utf8mb4,utf8\\u0026readTimeout=30s\\u0026writeTimeout=30s", + elif $_found && echo "$_line" | grep -iq -E "^\s*\"DataSource\":" 2> /dev/null ; then + cat <> ${LOCK_DIR}/config.json 2> "$log_file" + "DataSource": "${DB_USER}:${DB_PASS}@tcp(localhost:3306)/${DB_NAME}?charset=utf8mb4,utf8\\u0026readTimeout=30s\\u0026writeTimeout=30s", EOF + else + echo "$_line" >> ${LOCK_DIR}/config.json 2> "$log_file" + fi + + if ! $_found && echo "$_line" | grep -iq -E "^\s*\"SqlSettings\"" 2> /dev/null ; then + _found=true + fi + + if $_found && echo "$_line" | grep -iq -E "^\s*\}," 2> /dev/null ; then + _found=false + fi + + done < "/opt/mattermost/config/config.json" + + cp -a "${LOCK_DIR}/config.json" /opt/mattermost/config/config.json >> "$log_file" 2>&1 + + if [[ -s "$log_file" ]] ; then + echo_failed + error "$(cat "$log_file")" else - echo "$_line" >> ${LOCK_DIR}/config.json 2> "$log_file" + echo_ok fi - if ! $_found && echo "$_line" | grep -iq -E "^\s*\"SqlSettings\"" 2> /dev/null ; then - _found=true - fi - - if $_found && echo "$_line" | grep -iq -E "^\s*\}," 2> /dev/null ; then - _found=false - fi - - done < "/opt/mattermost/config/config.json" - - cp -a "${LOCK_DIR}/config.json" /opt/mattermost/config/config.json >> "$log_file" 2>&1 - - if [[ -s "$log_file" ]] ; then - echo_failed - error "$(cat "$log_file")" else - echo_ok + echo_skipped fi - else - echo_skipped + if ! $(grep -q -E "^\s*\"DriverName\":\s+postgres" /opt/mattermost/config/config.json 2> "$log_file") ; then + + _found=false + :> ${LOCK_DIR}/config.json + :> $log_file + + while IFS='' read -r _line || [[ -n $_line ]] ; do + + + if $_found && echo "$_line" | grep -iq -E "^\s*\"DriverName\":" 2> /dev/null ; then + cat <> ${LOCK_DIR}/config.json 2> "$log_file" + "DriverName": "postgres", +EOF + elif $_found && echo "$_line" | grep -iq -E "^\s*\"DataSource\":" 2> /dev/null ; then + cat <> ${LOCK_DIR}/config.json 2> "$log_file" + "DataSource": "postgres://${DB_USER}:${DB_PASS}@localhost:5432/${DB_NAME}?sslmode=disable\\u0026connect_timeout=100s", +EOF + else + echo "$_line" >> ${LOCK_DIR}/config.json 2> "$log_file" + fi + + if ! $_found && echo "$_line" | grep -iq -E "^\s*\"SqlSettings\"" 2> /dev/null ; then + _found=true + fi + + if $_found && echo "$_line" | grep -iq -E "^\s*\}," 2> /dev/null ; then + _found=false + fi + + done < "/opt/mattermost/config/config.json" + + cp -a "${LOCK_DIR}/config.json" /opt/mattermost/config/config.json >> "$log_file" 2>&1 + + if [[ -s "$log_file" ]] ; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi + + else + echo_skipped + fi + : fi + echononl "Set up 'ServiceSettings'.." -if ! $(grep -q -E "^\s*\"DriverName\":\s+mysql" /opt/mattermost/config/config.json 2> "$log_file") ; then +if ! $(grep -q -E "^\s*\"SiteURL\":\s+\"https://${FQHN_HOSTNAME}\"" /opt/mattermost/config/config.json 2> "$log_file") ; then _found=false :> ${LOCK_DIR}/config.json @@ -833,7 +1132,7 @@ EOF done < "/opt/mattermost/config/config.json" cp -a "${LOCK_DIR}/config.json" /opt/mattermost/config/config.json >> "$log_file" 2>&1 - + if [[ -s "$log_file" ]] ; then echo_failed error "$(cat "$log_file")" @@ -861,7 +1160,8 @@ echo -e "\033[37m\033[1mSetup Mattermost to use systemd for starting and stoppin echo echononl "Create a systemd unit file.." -cat < /etc/systemd/system//mattermost.service 2>"$log_file" +if [[ "${DB_TYPE}" = "mysql" ]] ; then + cat < /etc/systemd/system//mattermost.service 2>"$log_file" [Unit] Description=Mattermost After=network.target @@ -872,6 +1172,7 @@ Requires=mysql.service Type=notify ExecStart=/opt/mattermost/bin/mattermost TimeoutStartSec=3600 +KillMode=mixed Restart=always RestartSec=10 WorkingDirectory=/opt/mattermost @@ -882,11 +1183,40 @@ LimitNOFILE=524288 [Install] WantedBy=multi-user.target EOF -if [[ -s "$log_file" ]] ; then - echo_failed - error "$(cat "$log_file")" + if [[ -s "$log_file" ]] ; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi else - echo_ok + cat < /etc/systemd/system//mattermost.service 2>"$log_file" +[Unit] +Description=Mattermost +After=network.target + +[Service] +Type=notify +ExecStart=/opt/mattermost/bin/mattermost +TimeoutStartSec=3600 +KillMode=mixed +Restart=always +RestartSec=10 +WorkingDirectory=/opt/mattermost +User=mattermost +Group=mattermost +LimitNOFILE=49152 + +[Install] +WantedBy=multi-user.target +EOF + + if [[ -s "$log_file" ]] ; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi fi @@ -964,6 +1294,8 @@ server { server_name ${FQHN_HOSTNAME}; + http2_push_preload on; # Enable HTTP/2 Server Push + # Include location directive for Let's Encrypt ACME Challenge # # Needed for (automated) updating certificate @@ -983,22 +1315,26 @@ server { # ssl_dhparam /etc/nginx/ssl/dhparam.pem; - # Eable session resumption to improve https performance - ssl_session_cache shared:SSL:50m; - ssl_session_timeout 10m; - ssl_session_tickets off; - - #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE - # omit SSLv3 because of POODLE - # omit TLSv1 TLSv1.1 + # Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC). ssl_protocols TLSv1.2 TLSv1.3; + # Enable TLSv1.3's 0-RTT. Use \$ssl_early_data when reverse proxying to + # prevent replay attacks. + # + # @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data + ssl_early_data on; + # ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES) # Everything better than SHA1 (deprecated) # ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers on; + # Eable session resumption to improve https performance + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 10m; + ssl_session_tickets off; + # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) # add_header Strict-Transport-Security max-age=15768000; @@ -1008,11 +1344,13 @@ server { ssl_stapling on; ssl_stapling_verify on; - location ~ /api/v[0-9]+/(users/)?websocket$ { + add_header X-Early-Data \$tls1_3_early_data; + + location ~ /api/v[0-9]+/(users/)?websocket\$ { proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "upgrade"; client_max_body_size 50M; - proxy_set_header Host \$http_host; + proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; @@ -1020,18 +1358,19 @@ server { proxy_buffers 256 16k; proxy_buffer_size 16k; client_body_timeout 60; - send_timeout 300; + send_timeout 300s; lingering_timeout 5; - proxy_connect_timeout 90; - proxy_send_timeout 300; + proxy_connect_timeout 90s; + proxy_send_timeout 300s; proxy_read_timeout 90s; + proxy_http_version 1.1; proxy_pass http://mm_backend; } location / { - client_max_body_size 50M; + client_max_body_size 100M; proxy_set_header Connection ""; - proxy_set_header Host \$http_host; + proxy_set_header Host \$host; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \$scheme; @@ -1049,6 +1388,14 @@ server { } } +# This block is useful for debugging TLS v1.3. Please feel free to remove this +# and use the '\$ssl_early_data' variable exposed by NGINX directly should you +# wish to do so. +map \$ssl_early_data \$tls1_3_early_data { + "~." \$ssl_early_data; + default ""; +} + EOF if [[ $? -ne 0 ]]; then echo_failed @@ -1203,6 +1550,41 @@ EOF fi +_key="DB_TYPE" +_val="$DB_TYPE" +echononl "Update Parameter '$_key'.." +if $(grep -q -E "^\s*$_key=\"?$_val\"?\s*$" "$conf_file" 2> /dev/null) ; then + echo_skipped +elif $(grep -q -E "^\s*$_key=" "$conf_file" 2> /dev/null) ; then + perl -i -n -p -e "s/^\s*$_key=.*/${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +elif $(grep -q -E "^\s*#\s*${_key}" "$conf_file" 2> /dev/null) ; then + perl -i -n -p -e "s/^(\s*\#\s*$_key=.*)/\1\n${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1 + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +else + cat <> "$conf_file" 2> "$log_file" + +${_key}=${_val} +EOF + if [[ $? -ne 0 ]]; then + echo_failed + error "$(cat "$log_file")" + else + echo_ok + fi +fi + + _key="DB_NAME" _val="$DB_NAME" echononl "Update Parameter '$_key'.." @@ -1712,7 +2094,7 @@ else fi fi -info "To ensure, your system is fully prepared for installing Jitsi Meet, it is +info "To ensure, your system is fully prepared for installing Jitsi Meet, it is recommend to \033[1mreboot the system before installing Jitsi Meet\033[m." clean_up 0