install/mattermost
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install-mattermost.sh: add support for postgreSQL.

Browse Source
This commit is contained in:
Christoph 2024-09-23 15:30:09 +02:00
parent ef78057ee0
commit ea7d6ba2a6
1 changed files with 518 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

484
install-mattermost.sh
View File

@ -205,6 +205,8 @@ DEFAULT_MATTERMOST_USER="mattermost"
DEFAULT_DB_NAME="mattermost" DEFAULT_DB_NAME="mattermost"
DEFAULT_DB_USER="mattermost" DEFAULT_DB_USER="mattermost"
DEFAUTL_DB_TYPE="psql"
# generate random password # generate random password
regexp_digit="([23456789].*){2}" regexp_digit="([23456789].*){2}"
regexp_special_char="([-_%+].*){2}" regexp_special_char="([-_%+].*){2}"
@ -242,6 +244,22 @@ fi
[[ -n "$FQHN_HOSTNAME" ]] && DEFAULT_FQHN_HOSTNAME="$FQHN_HOSTNAME" [[ -n "$FQHN_HOSTNAME" ]] && DEFAULT_FQHN_HOSTNAME="$FQHN_HOSTNAME"
if [[ -n "$DB_TYPE" ]] ; then
if [[ "${DB_TYPE,,}" = "postgres" ]] || [[ "${DB_TYPE,,}" = "postgresql" ]] || [[ "${DB_TYPE,,}" = "pgsql" ]] || [[ "${DB_TYPE,,}" = "psql" ]] ; then
DEFAULT_DB_TYPE=pgsql
elif [[ "${DB_TYPE,,}" = "mysql" ]] ; then
DEFAULT_DB_TYPE=mysql
else
fatal "Wrong or empty Database Type (DB_TYPE) - must be 'mysql' or 'pgsql'."
fi
else
DEFAULT_DB_TYPE=pgsql
fi
[[ -n "$DB_NAME" ]] && DEFAULT_DB_NAME="$DB_NAME" [[ -n "$DB_NAME" ]] && DEFAULT_DB_NAME="$DB_NAME"
[[ -n "$DB_USER" ]] && DEFAULT_DB_NAME="$DB_USER" [[ -n "$DB_USER" ]] && DEFAULT_DB_NAME="$DB_USER"
[[ -n "$DB_PASS" ]] && DEFAULT_DB_PASS="$DB_PASS" [[ -n "$DB_PASS" ]] && DEFAULT_DB_PASS="$DB_PASS"
@ -344,6 +362,45 @@ do
done done
DB_TYPE=""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Choose Database Type"
echo ""
if [[ "$DEFAULT_DB_TYPE" = "mysql" ]]; then
echo -e "\033[3G\033[37m\033[1m[1] MySQL\033[m"
else
echo -e "\033[3G[1] MySQL"
fi
if [[ "$DEFAULT_DB_TYPE" = "pgsql" ]] ; then
echo -e "\033[3G[2] \033[37m\033[1mPostgeSQL\033[m"
else
echo -e "\033[3G[2] PostgeSQL"
fi
echo ""
echo "Type a number or press <RETURN> to choose highlighted value"
echo ""
echononl "Eingabe: "
while [ "$DB_TYPE" != "mysql" -a "$DB_TYPE" != "pgsql" ]; do
read OPTION
case $OPTION in
1)
DB_TYPE="mysql"
;;
2)
DB_TYPE="pgsql"
;;
'') DB_TYPE=$DEFAULT_DB_TYPE
;;
*)
echo ""
echo -e "\033[3GFalsche Eingabe ! [ 1 = MySQL ; 2 = PostgreSQL ] or type <RETURN>"
echo ""
echononl "Eingabe: "
;;
esac
done
DB_NAME= DB_NAME=
@ -418,13 +475,13 @@ else
done done
fi fi
if [[ "$DB_TYPE" = "mysql" ]] ; then
if [[ -n "$MYSQL_CREDENTIAL_ARGS" ]] ; then if [[ -n "$MYSQL_CREDENTIAL_ARGS" ]] ; then
if ! $(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e 'quit' > /dev/null 2>&1) ; then if ! $(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e 'quit' > /dev/null 2>&1) ; then
fatal "Parameter MYSQL_CREDENTIAL_ARGS is given, but a connection to MySQL Service failed.!" fatal "Parameter MYSQL_CREDENTIAL_ARGS is given, but a connection to MySQL Service failed.!"
fi fi
USE_MYSQL_CREDENTIAL_ARGS=true USE_MYSQL_CREDENTIAL_ARGS=true
else else
USE_MYSQL_CREDENTIAL_ARGS=false USE_MYSQL_CREDENTIAL_ARGS=false
_MYSQL_ROOT_PW="" _MYSQL_ROOT_PW=""
@ -452,10 +509,10 @@ else
fatal "MySQL seems not be running. Start MySQL Service and try installing mattermost again." fatal "MySQL seems not be running. Start MySQL Service and try installing mattermost again."
fi fi
done done
fi
fi fi
echo "" echo ""
echo "" echo ""
echo -e "\t\033[32mStart install script for Mattermost Server with the following parameters\033[m" echo -e "\t\033[32mStart install script for Mattermost Server with the following parameters\033[m"
@ -469,12 +526,20 @@ echo -e "\tMattermost user..........: $MATTERMOST_USER"
echo -e "\tMattermost group.........: $MATTERMOST_GROUP" echo -e "\tMattermost group.........: $MATTERMOST_GROUP"
echo "" echo ""
echo "" echo ""
if $USE_MYSQL_CREDENTIAL_ARGS ; then if [[ "${DB_TYPE}" = "pgsql" ]] ; then
echo -e "\tMYSQL_CREDENTIAL_ARGS....: $MYSQL_CREDENTIAL_ARGS" echo -e "\tDatabase Type............: PostgreSQL"
else else
echo -e "\tRoot password MySQL......: **" echo -e "\tDatabase Type............: MySQL"
fi fi
echo "" echo ""
if [[ "${DB_TYPE}" = "mysql" ]]; then
if $USE_MYSQL_CREDENTIAL_ARGS ; then
echo -e "\tMYSQL_CREDENTIAL_ARGS....: $MYSQL_CREDENTIAL_ARGS"
else
echo -e "\tRoot password MySQL......: **"
fi
echo ""
fi
echo -e "\tDatabase Name............: $DB_NAME" echo -e "\tDatabase Name............: $DB_NAME"
echo -e "\tDatabase User............: $DB_USER" echo -e "\tDatabase User............: $DB_USER"
echo -e "\tDatabase Password........: $DB_PASS" echo -e "\tDatabase Password........: $DB_PASS"
@ -519,19 +584,60 @@ if $nginx_installed ; then
echo -e "\033[85G[ \033[32mYES\033[m ]" echo -e "\033[85G[ \033[32mYES\033[m ]"
else else
echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]" echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi fi
_failed=false _failed=false
echononl "Check if MySQL Database Service is installed.." if [[ "${DB_TYPE}" = "mysql" ]]; then
if $(dpkg -s mysql-server > "$log_file" 2>&1) ; then echononl "Check if MySQL Database Service is installed.."
if $(dpkg -s mysql-server > "$log_file" 2>&1) ; then
mysql_server_installed=true mysql_server_installed=true
else else
mysql_server_installed=false mysql_server_installed=false
fi fi
if $mysql_server_installed ; then if $mysql_server_installed ; then
echo -e "\033[85G[ \033[32mYES\033[m ]" echo -e "\033[85G[ \033[32mYES\033[m ]"
else else
echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]" echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi
else
echononl "Check if PostgreSQL Database Service is installed.."
if $(dpkg -s postgresql > "$log_file" 2>&1) ; then
postgresql_server_installed=true
else
postgresql_server_installed=false
fi
if $postgresql_server_installed ; then
echo -e "\033[85G[ \033[32mYES\033[m ]"
else
echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi
fi fi
@ -603,11 +709,13 @@ fi
blank_line blank_line
echononl "Create Database User '${DB_USER}' with Password '${DB_PASS}'.."
if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ if [[ "${DB_TYPE}" = "mysql" ]] ; then
echononl "Create MySQL Database User '${DB_USER}' with Password '${DB_PASS}'.."
if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '$DB_USER')" 2>/dev/null)" = 1 ]]; then "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '$DB_USER')" 2>/dev/null)" = 1 ]]; then
echo_skipped echo_skipped
else else
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '${DB_PASS}'" > "$log_file" 2>&1 "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '${DB_PASS}'" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
@ -616,14 +724,14 @@ else
else else
echo_ok echo_ok
fi fi
fi fi
echononl "Create Database '${DB_NAME}'.." echononl "Create MySQL Database '${DB_NAME}'.."
if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"SHOW DATABASES LIKE '${DB_NAME}'" 2>/dev/null)" = "${DB_NAME}" ]]; then "SHOW DATABASES LIKE '${DB_NAME}'" 2>/dev/null)" = "${DB_NAME}" ]]; then
echo_skipped echo_skipped
else else
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e "CREATE DATABASE ${DB_NAME}" > "$log_file" 2>&1 mysql $MYSQL_CREDENTIAL_ARGS -N -s -e "CREATE DATABASE ${DB_NAME}" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
echo_failed echo_failed
@ -631,26 +739,169 @@ else
else else
echo_ok echo_ok
fi fi
fi fi
echononl "Grant access privileges to the user '${DB_USER}'." echononl "Grant access privileges to the user '${DB_USER}'."
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"GRANT ALL PRIVILEGES ON ${DB_NAME}.* to '${DB_USER}'@'localhost';" > "$log_file" 2>&1 "GRANT ALL PRIVILEGES ON ${DB_NAME}.* to '${DB_USER}'@'localhost';" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
echo_failed echo_failed
error "$(cat "$log_file")" error "$(cat "$log_file")"
else else
echo_ok echo_ok
fi fi
echononl "FLUSH PRIVILEGES to dadabase engine .." echononl "FLUSH PRIVILEGES to dadabase engine .."
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \ mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"FLUSH PRIVILEGES" > "$log_file" 2>&1 "FLUSH PRIVILEGES" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
echo_failed echo_failed
error "$(cat "$log_file")" error "$(cat "$log_file")"
else else
echo_ok echo_ok
fi
else
# Check if PostgreSQL database '$DB_NAME' exists ..
#
count=$(su - postgres -c "psql -q -A -t -l" | grep -c -e "^$DB_NAME")
if [[ $count -eq 0 ]];then
database_exists=false
else
database_exists=true
fi
# sudo -u postgres psql -c "CREATE DATABASE ${DB_NAME};" > $log_file 2>&1
# sudo -u postgres psql -c "CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASS}';" > $log_file 2>&1
# sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} to ${DB_USER};" > $log_file 2>&1
# sudo -u postgres psql -c "ALTER DATABASE ${DB_NAME} OWNER TO ${DB_USER};" > $log_file 2>&1
# sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO ${DB_USER};" > $log_file 2>&1
echononl "Create PostgreSQL database '${DB_NAME}'.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "CREATE DATABASE ${DB_NAME};" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
echononl "Create PostgreSQL database user ${DB_USER}.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASS}';" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
echononl "Grant the user access to the Mattermost database.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} to ${DB_USER};" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
echononl "Change the owner of database '${DB_NAME}' to '${DB_USER}'.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "ALTER DATABASE ${DB_NAME} OWNER TO ${DB_USER};" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
echononl "Grant access to objects contained in the specified schema.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO ${DB_USER};" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
fi fi
@ -756,7 +1007,8 @@ echo -e "\033[37m\033[1mConfigure Mattermost - file '/opt/mattermost/config/conf
echo echo
echononl "Set up 'SqlSettings'.." echononl "Set up 'SqlSettings'.."
if ! $(grep -q -E "^\s*\"DriverName\":\s+mysql" /opt/mattermost/config/config.json 2> "$log_file") ; then if [[ "${DB_TYPE}" = "mysql" ]] ; then
if ! $(grep -q -E "^\s*\"DriverName\":\s+mysql" /opt/mattermost/config/config.json 2> "$log_file") ; then
_found=false _found=false
:> ${LOCK_DIR}/config.json :> ${LOCK_DIR}/config.json
@ -796,12 +1048,59 @@ EOF
echo_ok echo_ok
fi fi
else else
echo_skipped echo_skipped
fi
else
if ! $(grep -q -E "^\s*\"DriverName\":\s+postgres" /opt/mattermost/config/config.json 2> "$log_file") ; then
_found=false
:> ${LOCK_DIR}/config.json
:> $log_file
while IFS='' read -r _line || [[ -n $_line ]] ; do
if $_found && echo "$_line" | grep -iq -E "^\s*\"DriverName\":" 2> /dev/null ; then
cat <<EOF >> ${LOCK_DIR}/config.json 2> "$log_file"
"DriverName": "postgres",
EOF
elif $_found && echo "$_line" | grep -iq -E "^\s*\"DataSource\":" 2> /dev/null ; then
cat <<EOF >> ${LOCK_DIR}/config.json 2> "$log_file"
"DataSource": "postgres://${DB_USER}:${DB_PASS}@localhost:5432/${DB_NAME}?sslmode=disable\\u0026connect_timeout=100s",
EOF
else
echo "$_line" >> ${LOCK_DIR}/config.json 2> "$log_file"
fi
if ! $_found && echo "$_line" | grep -iq -E "^\s*\"SqlSettings\"" 2> /dev/null ; then
_found=true
fi
if $_found && echo "$_line" | grep -iq -E "^\s*\}," 2> /dev/null ; then
_found=false
fi
done < "/opt/mattermost/config/config.json"
cp -a "${LOCK_DIR}/config.json" /opt/mattermost/config/config.json >> "$log_file" 2>&1
if [[ -s "$log_file" ]] ; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
echo_skipped
fi
:
fi fi
echononl "Set up 'ServiceSettings'.." echononl "Set up 'ServiceSettings'.."
if ! $(grep -q -E "^\s*\"DriverName\":\s+mysql" /opt/mattermost/config/config.json 2> "$log_file") ; then if ! $(grep -q -E "^\s*\"SiteURL\":\s+\"https://${FQHN_HOSTNAME}\"" /opt/mattermost/config/config.json 2> "$log_file") ; then
_found=false _found=false
:> ${LOCK_DIR}/config.json :> ${LOCK_DIR}/config.json
@ -861,7 +1160,8 @@ echo -e "\033[37m\033[1mSetup Mattermost to use systemd for starting and stoppin
echo echo
echononl "Create a systemd unit file.." echononl "Create a systemd unit file.."
cat <<EOF > /etc/systemd/system//mattermost.service 2>"$log_file" if [[ "${DB_TYPE}" = "mysql" ]] ; then
cat <<EOF > /etc/systemd/system//mattermost.service 2>"$log_file"
[Unit] [Unit]
Description=Mattermost Description=Mattermost
After=network.target After=network.target
@ -872,6 +1172,7 @@ Requires=mysql.service
Type=notify Type=notify
ExecStart=/opt/mattermost/bin/mattermost ExecStart=/opt/mattermost/bin/mattermost
TimeoutStartSec=3600 TimeoutStartSec=3600
KillMode=mixed
Restart=always Restart=always
RestartSec=10 RestartSec=10
WorkingDirectory=/opt/mattermost WorkingDirectory=/opt/mattermost
@ -882,11 +1183,40 @@ LimitNOFILE=524288
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
EOF EOF
if [[ -s "$log_file" ]] ; then if [[ -s "$log_file" ]] ; then
echo_failed echo_failed
error "$(cat "$log_file")" error "$(cat "$log_file")"
else else
echo_ok echo_ok
fi
else
cat <<EOF > /etc/systemd/system//mattermost.service 2>"$log_file"
[Unit]
Description=Mattermost
After=network.target
[Service]
Type=notify
ExecStart=/opt/mattermost/bin/mattermost
TimeoutStartSec=3600
KillMode=mixed
Restart=always
RestartSec=10
WorkingDirectory=/opt/mattermost
User=mattermost
Group=mattermost
LimitNOFILE=49152
[Install]
WantedBy=multi-user.target
EOF
if [[ -s "$log_file" ]] ; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
fi fi
@ -964,6 +1294,8 @@ server {
server_name ${FQHN_HOSTNAME}; server_name ${FQHN_HOSTNAME};
http2_push_preload on; # Enable HTTP/2 Server Push
# Include location directive for Let's Encrypt ACME Challenge # Include location directive for Let's Encrypt ACME Challenge
# #
# Needed for (automated) updating certificate # Needed for (automated) updating certificate
@ -983,22 +1315,26 @@ server {
# #
ssl_dhparam /etc/nginx/ssl/dhparam.pem; ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Eable session resumption to improve https performance # Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC).
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 10m;
ssl_session_tickets off;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE
# omit SSLv3 because of POODLE
# omit TLSv1 TLSv1.1
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
# Enable TLSv1.3's 0-RTT. Use \$ssl_early_data when reverse proxying to
# prevent replay attacks.
#
# @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
ssl_early_data on;
# ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES) # ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES)
# Everything better than SHA1 (deprecated) # Everything better than SHA1 (deprecated)
# #
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
# Eable session resumption to improve https performance
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 10m;
ssl_session_tickets off;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
# #
add_header Strict-Transport-Security max-age=15768000; add_header Strict-Transport-Security max-age=15768000;
@ -1008,11 +1344,13 @@ server {
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
location ~ /api/v[0-9]+/(users/)?websocket$ { add_header X-Early-Data \$tls1_3_early_data;
location ~ /api/v[0-9]+/(users/)?websocket\$ {
proxy_set_header Upgrade \$http_upgrade; proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
client_max_body_size 50M; client_max_body_size 50M;
proxy_set_header Host \$http_host; proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme; proxy_set_header X-Forwarded-Proto \$scheme;
@ -1020,18 +1358,19 @@ server {
proxy_buffers 256 16k; proxy_buffers 256 16k;
proxy_buffer_size 16k; proxy_buffer_size 16k;
client_body_timeout 60; client_body_timeout 60;
send_timeout 300; send_timeout 300s;
lingering_timeout 5; lingering_timeout 5;
proxy_connect_timeout 90; proxy_connect_timeout 90s;
proxy_send_timeout 300; proxy_send_timeout 300s;
proxy_read_timeout 90s; proxy_read_timeout 90s;
proxy_http_version 1.1;
proxy_pass http://mm_backend; proxy_pass http://mm_backend;
} }
location / { location / {
client_max_body_size 50M; client_max_body_size 100M;
proxy_set_header Connection ""; proxy_set_header Connection "";
proxy_set_header Host \$http_host; proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr; proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme; proxy_set_header X-Forwarded-Proto \$scheme;
@ -1049,6 +1388,14 @@ server {
} }
} }
# This block is useful for debugging TLS v1.3. Please feel free to remove this
# and use the '\$ssl_early_data' variable exposed by NGINX directly should you
# wish to do so.
map \$ssl_early_data \$tls1_3_early_data {
"~." \$ssl_early_data;
default "";
}
EOF EOF
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
echo_failed echo_failed
@ -1203,6 +1550,41 @@ EOF
fi fi
_key="DB_TYPE"
_val="$DB_TYPE"
echononl "Update Parameter '$_key'.."
if $(grep -q -E "^\s*$_key=\"?$_val\"?\s*$" "$conf_file" 2> /dev/null) ; then
echo_skipped
elif $(grep -q -E "^\s*$_key=" "$conf_file" 2> /dev/null) ; then
perl -i -n -p -e "s/^\s*$_key=.*/${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
elif $(grep -q -E "^\s*#\s*${_key}" "$conf_file" 2> /dev/null) ; then
perl -i -n -p -e "s/^(\s*\#\s*$_key=.*)/\1\n${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
cat <<EOF >> "$conf_file" 2> "$log_file"
${_key}=${_val}
EOF
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
fi
_key="DB_NAME" _key="DB_NAME"
_val="$DB_NAME" _val="$DB_NAME"
echononl "Update Parameter '$_key'.." echononl "Update Parameter '$_key'.."