install/mattermost
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install-mattermost.sh: add support for postgreSQL.

Browse Source
This commit is contained in:
Christoph 2024-09-23 15:30:09 +02:00
parent ef78057ee0
commit ea7d6ba2a6
1 changed files with 518 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

654
install-mattermost.sh
View File

@ -1,5 +1,5 @@
#!/usr/bin/env bash
script_name="$(basename $(realpath $0))"
working_dir="$(dirname $(realpath $0))"
@ -205,6 +205,8 @@ DEFAULT_MATTERMOST_USER="mattermost"
DEFAULT_DB_NAME="mattermost"
DEFAULT_DB_USER="mattermost"
DEFAUTL_DB_TYPE="psql"
# generate random password
regexp_digit="([23456789].*){2}"
regexp_special_char="([-_%+].*){2}"
@ -242,6 +244,22 @@ fi
[[ -n "$FQHN_HOSTNAME" ]] && DEFAULT_FQHN_HOSTNAME="$FQHN_HOSTNAME"
if [[ -n "$DB_TYPE" ]] ; then
if [[ "${DB_TYPE,,}" = "postgres" ]] || [[ "${DB_TYPE,,}" = "postgresql" ]] || [[ "${DB_TYPE,,}" = "pgsql" ]] || [[ "${DB_TYPE,,}" = "psql" ]] ; then
DEFAULT_DB_TYPE=pgsql
elif [[ "${DB_TYPE,,}" = "mysql" ]] ; then
DEFAULT_DB_TYPE=mysql
else
fatal "Wrong or empty Database Type (DB_TYPE) - must be 'mysql' or 'pgsql'."
fi
else
DEFAULT_DB_TYPE=pgsql
fi
[[ -n "$DB_NAME" ]] && DEFAULT_DB_NAME="$DB_NAME"
[[ -n "$DB_USER" ]] && DEFAULT_DB_NAME="$DB_USER"
[[ -n "$DB_PASS" ]] && DEFAULT_DB_PASS="$DB_PASS"
@ -344,6 +362,45 @@ do
done
DB_TYPE=""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Choose Database Type"
echo ""
if [[ "$DEFAULT_DB_TYPE" = "mysql" ]]; then
echo -e "\033[3G\033[37m\033[1m[1] MySQL\033[m"
else
echo -e "\033[3G[1] MySQL"
fi
if [[ "$DEFAULT_DB_TYPE" = "pgsql" ]] ; then
echo -e "\033[3G[2] \033[37m\033[1mPostgeSQL\033[m"
else
echo -e "\033[3G[2] PostgeSQL"
fi
echo ""
echo "Type a number or press <RETURN> to choose highlighted value"
echo ""
echononl "Eingabe: "
while [ "$DB_TYPE" != "mysql" -a "$DB_TYPE" != "pgsql" ]; do
read OPTION
case $OPTION in
1)
DB_TYPE="mysql"
;;
2)
DB_TYPE="pgsql"
;;
'') DB_TYPE=$DEFAULT_DB_TYPE
;;
*)
echo ""
echo -e "\033[3GFalsche Eingabe ! [ 1 = MySQL ; 2 = PostgreSQL ] or type <RETURN>"
echo ""
echononl "Eingabe: "
;;
esac
done
DB_NAME=
@ -418,44 +475,44 @@ else
done
fi
if [[ -n "$MYSQL_CREDENTIAL_ARGS" ]] ; then
if ! $(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e 'quit' > /dev/null 2>&1) ; then
fatal "Parameter MYSQL_CREDENTIAL_ARGS is given, but a connection to MySQL Service failed.!"
fi
USE_MYSQL_CREDENTIAL_ARGS=true
else
USE_MYSQL_CREDENTIAL_ARGS=false
_MYSQL_ROOT_PW=""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Insert root password of MySQL Database Service"
echo ""
while [ "X${_MYSQL_ROOT_PW}" = "X" ]; do
echononl "Passworteingabe: "
read -s _MYSQL_ROOT_PW
if [ "X${_MYSQL_ROOT_PW}" = "X" ]; then
echo -e "\n\t\033[33m\033[1mPassworteingabe erforderlich!\033[m\n"
continue
if [[ "$DB_TYPE" = "mysql" ]] ; then
if [[ -n "$MYSQL_CREDENTIAL_ARGS" ]] ; then
if ! $(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e 'quit' > /dev/null 2>&1) ; then
fatal "Parameter MYSQL_CREDENTIAL_ARGS is given, but a connection to MySQL Service failed.!"
fi
if $(pgrep mysqld_safe > /dev/null 2>&1) || $(pgrep mysqld > /dev/null 2>&1); then
if $(mysql --user="root" --password="$_MYSQL_ROOT_PW" -N -s -e 'quit' > /dev/null 2>&1) ; then
MYSQL_ROOT_PW=$_MYSQL_ROOT_PW
else
echo -e "\n\t\033[33m\033[1mFalsches Passwort\033[m\n"
_MYSQL_ROOT_PW=""
USE_MYSQL_CREDENTIAL_ARGS=true
else
USE_MYSQL_CREDENTIAL_ARGS=false
_MYSQL_ROOT_PW=""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Insert root password of MySQL Database Service"
echo ""
while [ "X${_MYSQL_ROOT_PW}" = "X" ]; do
echononl "Passworteingabe: "
read -s _MYSQL_ROOT_PW
if [ "X${_MYSQL_ROOT_PW}" = "X" ]; then
echo -e "\n\t\033[33m\033[1mPassworteingabe erforderlich!\033[m\n"
continue
fi
else
fatal "MySQL seems not be running. Start MySQL Service and try installing mattermost again."
fi
done
if $(pgrep mysqld_safe > /dev/null 2>&1) || $(pgrep mysqld > /dev/null 2>&1); then
if $(mysql --user="root" --password="$_MYSQL_ROOT_PW" -N -s -e 'quit' > /dev/null 2>&1) ; then
MYSQL_ROOT_PW=$_MYSQL_ROOT_PW
else
echo -e "\n\t\033[33m\033[1mFalsches Passwort\033[m\n"
_MYSQL_ROOT_PW=""
fi
else
fatal "MySQL seems not be running. Start MySQL Service and try installing mattermost again."
fi
done
fi
fi
echo ""
echo ""
echo -e "\t\033[32mStart install script for Mattermost Server with the following parameters\033[m"
@ -469,12 +526,20 @@ echo -e "\tMattermost user..........: $MATTERMOST_USER"
echo -e "\tMattermost group.........: $MATTERMOST_GROUP"
echo ""
echo ""
if $USE_MYSQL_CREDENTIAL_ARGS ; then
echo -e "\tMYSQL_CREDENTIAL_ARGS....: $MYSQL_CREDENTIAL_ARGS"
if [[ "${DB_TYPE}" = "pgsql" ]] ; then
echo -e "\tDatabase Type............: PostgreSQL"
else
echo -e "\tRoot password MySQL......: **"
echo -e "\tDatabase Type............: MySQL"
fi
echo ""
if [[ "${DB_TYPE}" = "mysql" ]]; then
if $USE_MYSQL_CREDENTIAL_ARGS ; then
echo -e "\tMYSQL_CREDENTIAL_ARGS....: $MYSQL_CREDENTIAL_ARGS"
else
echo -e "\tRoot password MySQL......: **"
fi
echo ""
fi
echo -e "\tDatabase Name............: $DB_NAME"
echo -e "\tDatabase User............: $DB_USER"
echo -e "\tDatabase Password........: $DB_PASS"
@ -519,19 +584,60 @@ if $nginx_installed ; then
echo -e "\033[85G[ \033[32mYES\033[m ]"
else
echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi
_failed=false
echononl "Check if MySQL Database Service is installed.."
if $(dpkg -s mysql-server > "$log_file" 2>&1) ; then
mysql_server_installed=true
if [[ "${DB_TYPE}" = "mysql" ]]; then
echononl "Check if MySQL Database Service is installed.."
if $(dpkg -s mysql-server > "$log_file" 2>&1) ; then
mysql_server_installed=true
else
mysql_server_installed=false
fi
if $mysql_server_installed ; then
echo -e "\033[85G[ \033[32mYES\033[m ]"
else
echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi
else
mysql_server_installed=false
fi
if $mysql_server_installed ; then
echo -e "\033[85G[ \033[32mYES\033[m ]"
else
echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]"
echononl "Check if PostgreSQL Database Service is installed.."
if $(dpkg -s postgresql > "$log_file" 2>&1) ; then
postgresql_server_installed=true
else
postgresql_server_installed=false
fi
if $postgresql_server_installed ; then
echo -e "\033[85G[ \033[32mYES\033[m ]"
else
echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi
fi
@ -556,15 +662,15 @@ if ! $nginx_installed || ! $mysql_server_installed ; then
if ! $cert_present ; then
fatal "Prerequisites are a correct installation of the NGINX Web Service as well
as a correct installation of the MySQL database service.
It's also highly recommended to have a valid certificate for your
fatal "Prerequisites are a correct installation of the NGINX Web Service as well
as a correct installation of the MySQL database service.
It's also highly recommended to have a valid certificate for your
FQHN Hostname '${FQHN_HOSTNAME}'."
else
fatal "Prerequisites are a correct installation of the NGINX Web Service as well
fatal "Prerequisites are a correct installation of the NGINX Web Service as well
as a correct installation of the MySQL database service."
fi
@ -603,54 +709,199 @@ fi
blank_line
echononl "Create Database User '${DB_USER}' with Password '${DB_PASS}'.."
if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '$DB_USER')" 2>/dev/null)" = 1 ]]; then
echo_skipped
else
if [[ "${DB_TYPE}" = "mysql" ]] ; then
echononl "Create MySQL Database User '${DB_USER}' with Password '${DB_PASS}'.."
if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '$DB_USER')" 2>/dev/null)" = 1 ]]; then
echo_skipped
else
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '${DB_PASS}'" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
fi
echononl "Create MySQL Database '${DB_NAME}'.."
if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"SHOW DATABASES LIKE '${DB_NAME}'" 2>/dev/null)" = "${DB_NAME}" ]]; then
echo_skipped
else
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e "CREATE DATABASE ${DB_NAME}" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
fi
echononl "Grant access privileges to the user '${DB_USER}'."
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '${DB_PASS}'" > "$log_file" 2>&1
"GRANT ALL PRIVILEGES ON ${DB_NAME}.* to '${DB_USER}'@'localhost';" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
fi
echononl "Create Database '${DB_NAME}'.."
if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"SHOW DATABASES LIKE '${DB_NAME}'" 2>/dev/null)" = "${DB_NAME}" ]]; then
echo_skipped
else
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e "CREATE DATABASE ${DB_NAME}" > "$log_file" 2>&1
echononl "FLUSH PRIVILEGES to dadabase engine .."
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"FLUSH PRIVILEGES" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
fi
echononl "Grant access privileges to the user '${DB_USER}'."
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"GRANT ALL PRIVILEGES ON ${DB_NAME}.* to '${DB_USER}'@'localhost';" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
echononl "FLUSH PRIVILEGES to dadabase engine .."
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"FLUSH PRIVILEGES" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
# Check if PostgreSQL database '$DB_NAME' exists ..
#
count=$(su - postgres -c "psql -q -A -t -l" | grep -c -e "^$DB_NAME")
if [[ $count -eq 0 ]];then
database_exists=false
else
database_exists=true
fi
# sudo -u postgres psql -c "CREATE DATABASE ${DB_NAME};" > $log_file 2>&1
# sudo -u postgres psql -c "CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASS}';" > $log_file 2>&1
# sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} to ${DB_USER};" > $log_file 2>&1
# sudo -u postgres psql -c "ALTER DATABASE ${DB_NAME} OWNER TO ${DB_USER};" > $log_file 2>&1
# sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO ${DB_USER};" > $log_file 2>&1
echononl "Create PostgreSQL database '${DB_NAME}'.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "CREATE DATABASE ${DB_NAME};" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
echononl "Create PostgreSQL database user ${DB_USER}.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASS}';" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
echononl "Grant the user access to the Mattermost database.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} to ${DB_USER};" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
echononl "Change the owner of database '${DB_NAME}' to '${DB_USER}'.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "ALTER DATABASE ${DB_NAME} OWNER TO ${DB_USER};" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
echononl "Grant access to objects contained in the specified schema.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO ${DB_USER};" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
fi
@ -756,52 +1007,100 @@ echo -e "\033[37m\033[1mConfigure Mattermost - file '/opt/mattermost/config/conf
echo
echononl "Set up 'SqlSettings'.."
if ! $(grep -q -E "^\s*\"DriverName\":\s+mysql" /opt/mattermost/config/config.json 2> "$log_file") ; then
if [[ "${DB_TYPE}" = "mysql" ]] ; then
if ! $(grep -q -E "^\s*\"DriverName\":\s+mysql" /opt/mattermost/config/config.json 2> "$log_file") ; then
_found=false
:> ${LOCK_DIR}/config.json
:> $log_file
_found=false
:> ${LOCK_DIR}/config.json
:> $log_file
while IFS='' read -r _line || [[ -n $_line ]] ; do
while IFS='' read -r _line || [[ -n $_line ]] ; do
if $_found && echo "$_line" | grep -iq -E "^\s*\"DriverName\":" 2> /dev/null ; then
cat <<EOF >> ${LOCK_DIR}/config.json 2> "$log_file"
"DriverName": "mysql",
if $_found && echo "$_line" | grep -iq -E "^\s*\"DriverName\":" 2> /dev/null ; then
cat <<EOF >> ${LOCK_DIR}/config.json 2> "$log_file"
"DriverName": "mysql",
EOF
elif $_found && echo "$_line" | grep -iq -E "^\s*\"DataSource\":" 2> /dev/null ; then
cat <<EOF >> ${LOCK_DIR}/config.json 2> "$log_file"
"DataSource": "${DB_USER}:${DB_PASS}@tcp(localhost:3306)/${DB_NAME}?charset=utf8mb4,utf8\\u0026readTimeout=30s\\u0026writeTimeout=30s",
elif $_found && echo "$_line" | grep -iq -E "^\s*\"DataSource\":" 2> /dev/null ; then
cat <<EOF >> ${LOCK_DIR}/config.json 2> "$log_file"
"DataSource": "${DB_USER}:${DB_PASS}@tcp(localhost:3306)/${DB_NAME}?charset=utf8mb4,utf8\\u0026readTimeout=30s\\u0026writeTimeout=30s",
EOF
else
echo "$_line" >> ${LOCK_DIR}/config.json 2> "$log_file"
fi
if ! $_found && echo "$_line" | grep -iq -E "^\s*\"SqlSettings\"" 2> /dev/null ; then
_found=true
fi
if $_found && echo "$_line" | grep -iq -E "^\s*\}," 2> /dev/null ; then
_found=false
fi
done < "/opt/mattermost/config/config.json"
cp -a "${LOCK_DIR}/config.json" /opt/mattermost/config/config.json >> "$log_file" 2>&1
if [[ -s "$log_file" ]] ; then
echo_failed
error "$(cat "$log_file")"
else
echo "$_line" >> ${LOCK_DIR}/config.json 2> "$log_file"
echo_ok
fi
if ! $_found && echo "$_line" | grep -iq -E "^\s*\"SqlSettings\"" 2> /dev/null ; then
_found=true
fi
if $_found && echo "$_line" | grep -iq -E "^\s*\}," 2> /dev/null ; then
_found=false
fi
done < "/opt/mattermost/config/config.json"
cp -a "${LOCK_DIR}/config.json" /opt/mattermost/config/config.json >> "$log_file" 2>&1
if [[ -s "$log_file" ]] ; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
echo_skipped
fi
else
echo_skipped
if ! $(grep -q -E "^\s*\"DriverName\":\s+postgres" /opt/mattermost/config/config.json 2> "$log_file") ; then
_found=false
:> ${LOCK_DIR}/config.json
:> $log_file
while IFS='' read -r _line || [[ -n $_line ]] ; do
if $_found && echo "$_line" | grep -iq -E "^\s*\"DriverName\":" 2> /dev/null ; then
cat <<EOF >> ${LOCK_DIR}/config.json 2> "$log_file"
"DriverName": "postgres",
EOF
elif $_found && echo "$_line" | grep -iq -E "^\s*\"DataSource\":" 2> /dev/null ; then
cat <<EOF >> ${LOCK_DIR}/config.json 2> "$log_file"
"DataSource": "postgres://${DB_USER}:${DB_PASS}@localhost:5432/${DB_NAME}?sslmode=disable\\u0026connect_timeout=100s",
EOF
else
echo "$_line" >> ${LOCK_DIR}/config.json 2> "$log_file"
fi
if ! $_found && echo "$_line" | grep -iq -E "^\s*\"SqlSettings\"" 2> /dev/null ; then
_found=true
fi
if $_found && echo "$_line" | grep -iq -E "^\s*\}," 2> /dev/null ; then
_found=false
fi
done < "/opt/mattermost/config/config.json"
cp -a "${LOCK_DIR}/config.json" /opt/mattermost/config/config.json >> "$log_file" 2>&1
if [[ -s "$log_file" ]] ; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
echo_skipped
fi
:
fi
echononl "Set up 'ServiceSettings'.."
if ! $(grep -q -E "^\s*\"DriverName\":\s+mysql" /opt/mattermost/config/config.json 2> "$log_file") ; then
if ! $(grep -q -E "^\s*\"SiteURL\":\s+\"https://${FQHN_HOSTNAME}\"" /opt/mattermost/config/config.json 2> "$log_file") ; then
_found=false
:> ${LOCK_DIR}/config.json
@ -833,7 +1132,7 @@ EOF
done < "/opt/mattermost/config/config.json"
cp -a "${LOCK_DIR}/config.json" /opt/mattermost/config/config.json >> "$log_file" 2>&1
if [[ -s "$log_file" ]] ; then
echo_failed
error "$(cat "$log_file")"
@ -861,7 +1160,8 @@ echo -e "\033[37m\033[1mSetup Mattermost to use systemd for starting and stoppin
echo
echononl "Create a systemd unit file.."
cat <<EOF > /etc/systemd/system//mattermost.service 2>"$log_file"
if [[ "${DB_TYPE}" = "mysql" ]] ; then
cat <<EOF > /etc/systemd/system//mattermost.service 2>"$log_file"
[Unit]
Description=Mattermost
After=network.target
@ -872,6 +1172,7 @@ Requires=mysql.service
Type=notify
ExecStart=/opt/mattermost/bin/mattermost
TimeoutStartSec=3600
KillMode=mixed
Restart=always
RestartSec=10
WorkingDirectory=/opt/mattermost
@ -882,11 +1183,40 @@ LimitNOFILE=524288
[Install]
WantedBy=multi-user.target
EOF
if [[ -s "$log_file" ]] ; then
echo_failed
error "$(cat "$log_file")"
if [[ -s "$log_file" ]] ; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
echo_ok
cat <<EOF > /etc/systemd/system//mattermost.service 2>"$log_file"
[Unit]
Description=Mattermost
After=network.target
[Service]
Type=notify
ExecStart=/opt/mattermost/bin/mattermost
TimeoutStartSec=3600
KillMode=mixed
Restart=always
RestartSec=10
WorkingDirectory=/opt/mattermost
User=mattermost
Group=mattermost
LimitNOFILE=49152
[Install]
WantedBy=multi-user.target
EOF
if [[ -s "$log_file" ]] ; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
fi
@ -964,6 +1294,8 @@ server {
server_name ${FQHN_HOSTNAME};
http2_push_preload on; # Enable HTTP/2 Server Push
# Include location directive for Let's Encrypt ACME Challenge
#
# Needed for (automated) updating certificate
@ -983,22 +1315,26 @@ server {
#
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Eable session resumption to improve https performance
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 10m;
ssl_session_tickets off;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE
# omit SSLv3 because of POODLE
# omit TLSv1 TLSv1.1
# Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC).
ssl_protocols TLSv1.2 TLSv1.3;
# Enable TLSv1.3's 0-RTT. Use \$ssl_early_data when reverse proxying to
# prevent replay attacks.
#
# @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
ssl_early_data on;
# ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES)
# Everything better than SHA1 (deprecated)
#
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# Eable session resumption to improve https performance
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 10m;
ssl_session_tickets off;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
#
add_header Strict-Transport-Security max-age=15768000;
@ -1008,11 +1344,13 @@ server {
ssl_stapling on;
ssl_stapling_verify on;
location ~ /api/v[0-9]+/(users/)?websocket$ {
add_header X-Early-Data \$tls1_3_early_data;
location ~ /api/v[0-9]+/(users/)?websocket\$ {
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host \$http_host;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
@ -1020,18 +1358,19 @@ server {
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
send_timeout 300s;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_connect_timeout 90s;
proxy_send_timeout 300s;
proxy_read_timeout 90s;
proxy_http_version 1.1;
proxy_pass http://mm_backend;
}
location / {
client_max_body_size 50M;
client_max_body_size 100M;
proxy_set_header Connection "";
proxy_set_header Host \$http_host;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
@ -1049,6 +1388,14 @@ server {
}
}
# This block is useful for debugging TLS v1.3. Please feel free to remove this
# and use the '\$ssl_early_data' variable exposed by NGINX directly should you
# wish to do so.
map \$ssl_early_data \$tls1_3_early_data {
"~." \$ssl_early_data;
default "";
}
EOF
if [[ $? -ne 0 ]]; then
echo_failed
@ -1203,6 +1550,41 @@ EOF
fi
_key="DB_TYPE"
_val="$DB_TYPE"
echononl "Update Parameter '$_key'.."
if $(grep -q -E "^\s*$_key=\"?$_val\"?\s*$" "$conf_file" 2> /dev/null) ; then
echo_skipped
elif $(grep -q -E "^\s*$_key=" "$conf_file" 2> /dev/null) ; then
perl -i -n -p -e "s/^\s*$_key=.*/${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
elif $(grep -q -E "^\s*#\s*${_key}" "$conf_file" 2> /dev/null) ; then
perl -i -n -p -e "s/^(\s*\#\s*$_key=.*)/\1\n${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
cat <<EOF >> "$conf_file" 2> "$log_file"
${_key}=${_val}
EOF
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
fi
_key="DB_NAME"
_val="$DB_NAME"
echononl "Update Parameter '$_key'.."
@ -1712,7 +2094,7 @@ else
fi
fi
info "To ensure, your system is fully prepared for installing Jitsi Meet, it is
info "To ensure, your system is fully prepared for installing Jitsi Meet, it is
recommend to \033[1mreboot the system before installing Jitsi Meet\033[m."
clean_up 0