diff --git a/install_nextcloud.sh b/install_nextcloud.sh index 8ecb872..040a815 100755 --- a/install_nextcloud.sh +++ b/install_nextcloud.sh @@ -750,7 +750,7 @@ fi if [[ "${os_dist,,}" = "debian" ]] ; then declare -a dpkg_pkg_colabora_online=() - check_package="loolwsd" + check_package="coolwsd" if ! $(dpkg -l "$check_package" 2> /devnull | grep -q -E "^ii\s+${check_package}\s+" 2>/dev/null) ; then echo "" echo " ColaboraOnline service seems not to be installed." @@ -766,7 +766,7 @@ if [[ "${os_dist,,}" = "debian" ]] ; then if [[ ${OK,,} = "yes" ]] ; then INSTALL_COLABORA_SERVICE=true - dpkg_pkg_colabora_online+=("loolwsd") + dpkg_pkg_colabora_online+=("coolwsd") dpkg_pkg_colabora_online+=("code-brand") else INSTALL_COLABORA_SERVICE=false @@ -1438,14 +1438,14 @@ if ! $INSTALL_COLABORA_SERVICE ; then fi else - echononl "Backup configuration directory for loolwsd.." - if [[ -d "/etc/loolwsd" ]] ; then + echononl "Backup configuration directory for coolwsd.." + if [[ -d "/etc/coolwsd" ]] ; then echo "" >> $log_file - echo "# - Backup existing directory '/etc/loolwsd'.." >> $log_file - echo "mv \"/etc/loolwsd\" \"/etc/loolwsd.${backup_date}\"" >> $log_file + echo "# - Backup existing directory '/etc/coolwsd'.." >> $log_file + echo "mv \"/etc/coolwsd\" \"/etc/coolwsd.${backup_date}\"" >> $log_file - mv "/etc/loolwsd" "/etc/loolwsd.${backup_date}" >> $log_file 2>&1 + mv "/etc/coolwsd" "/etc/coolwsd.${backup_date}" >> $log_file 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else @@ -1604,21 +1604,21 @@ EOF [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi - LOOLWDS_USER="$(stat -c "%U" /etc/loolwsd/loolwsd.xml)" + COOLWSD_USER="$(stat -c "%U" /etc/coolwsd/coolwsd.xml)" echo "" >> $log_file - echo "LOOLWDS_USER=$LOOLWDS_USER" >> $log_file + echo "COOLWSD_USER=$COOLWSD_USER" >> $log_file echo "" >> $log_file - # - Add loolwsd user to group 'ssl-cert' + # - Add coolwsd user to group 'ssl-cert' # - echo "" >> $log_file - echo "# - Add loolwsd user '${LOOLWDS_USER}' to group ${SSL_CERT_GROUP}" >> $log_file + echo "# - Add coolwsd user '${COOLWSD_USER}' to group ${SSL_CERT_GROUP}" >> $log_file echo "# -" >> $log_file - echononl "Add loolwsd user '${LOOLWDS_USER}' to group ${SSL_CERT_GROUP}.." + echononl "Add coolwsd user '${COOLWSD_USER}' to group ${SSL_CERT_GROUP}.." - if ! $(grep -E "^${SSL_CERT_GROUP}:" /etc/group 2> /dev/null | grep -q "$LOOLWDS_USER" 2> /dev/null) ; then - usermod -a -G "${SSL_CERT_GROUP}" "$LOOLWDS_USER" >> $log_file 2>&1 + if ! $(grep -E "^${SSL_CERT_GROUP}:" /etc/group 2> /dev/null | grep -q "$COOLWSD_USER" 2> /dev/null) ; then + usermod -a -G "${SSL_CERT_GROUP}" "$COOLWSD_USER" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else @@ -1630,10 +1630,10 @@ EOF fi - # - Symlimk Snakeoil Cert '/etc/loolwsd/cert.pem' --> '/etc/ssl/certs/ssl-cert-snakeoil.pem' + # - Symlimk Snakeoil Cert '/etc/coolwsd/cert.pem' --> '/etc/ssl/certs/ssl-cert-snakeoil.pem' # - _symlink_src="/etc/ssl/certs/ssl-cert-snakeoil.pem" - _symlink_dst="/etc/loolwsd/cert.pem" + _symlink_dst="/etc/coolwsd/cert.pem" echo "" >> $log_file echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file echo "# -" >> $log_file @@ -1657,10 +1657,10 @@ EOF [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi - # - Symlimk Snakeoil Cert '/etc/loolwsd/ca-chain.cert.pem' --> '/etc/ssl/certs/ssl-cert-snakeoil.pem' + # - Symlimk Snakeoil Cert '/etc/coolwsd/ca-chain.cert.pem' --> '/etc/ssl/certs/ssl-cert-snakeoil.pem' # - _symlink_src="/etc/ssl/certs/ssl-cert-snakeoil.pem" - _symlink_dst="/etc/loolwsd/ca-chain.cert.pem" + _symlink_dst="/etc/coolwsd/ca-chain.cert.pem" echo "" >> $log_file echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file echo "# -" >> $log_file @@ -1684,10 +1684,10 @@ EOF [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi - # - Symlimk Snakeoil Cert '/etc/loolwsd/key.pem' --> '/etc/ssl/private/ssl-cert-snakeoil.key' + # - Symlimk Snakeoil Cert '/etc/coolwsd/key.pem' --> '/etc/ssl/private/ssl-cert-snakeoil.key' # - _symlink_src="/etc/ssl/private/ssl-cert-snakeoil.key" - _symlink_dst="/etc/loolwsd/key.pem" + _symlink_dst="/etc/coolwsd/key.pem" echo "" >> $log_file echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file echo "# -" >> $log_file @@ -1713,17 +1713,17 @@ EOF blank_line - # - Restart 'loolwsd' service + # - Restart 'coolwsd' service # - echo "" >> $log_file - echo "# - Start 'loolwsd' service" >> $log_file + echo "# - Start 'coolwsd' service" >> $log_file echo "# -" >> $log_file - echononl "Start 'loolwsd' service.." + echononl "Start 'coolwsd' service.." if $systemd_supported ; then - echo "systemctl start loolwsd" >> $log_file + echo "systemctl start coolwsd" >> $log_file sleep 2 - systemctl start loolwsd >> $log_file 2>&1 + systemctl start coolwsd >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok @@ -1742,8 +1742,8 @@ EOF fi else - echo "/etc/init.d/loolwsd start" >> $log_file - /etc/init.d/loolwsd restart>> $log_file 2>&1 + echo "/etc/init.d/coolwsd start" >> $log_file + /etc/init.d/coolwsd restart>> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok @@ -1832,28 +1832,37 @@ EOF # keep the host ProxyPreserveHost On - # static html, js, images, etc. served from loolwsd - # loleaflet is the client part of Collabora Online - ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0 - ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet + # static html, js, images, etc. served from coolwsd + # browser is the client part of Collabora Online + ProxyPass /browser https://127.0.0.1:9980/browser retry=0 + ProxyPassReverse /browser https://127.0.0.1:9980/browser + # WOPI discovery URL ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0 ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery + # Capabilities ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0 ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities # Main websocket - ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/\$1/ws nocanon + ProxyPassMatch "/cool/(.*)/ws$" wss://127.0.0.1:9980/cool/$1/ws nocanon + # Admin Console websocket - ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws + ProxyPass /cool/adminws wss://127.0.0.1:9980/cool/adminws + # Download as, Fullscreen presentation and Image upload operations - ProxyPass /lool https://127.0.0.1:9980/lool - ProxyPassReverse /lool https://127.0.0.1:9980/lool + ProxyPass /cool https://127.0.0.1:9980/cool + ProxyPassReverse /cool https://127.0.0.1:9980/cool + + + # Compatibility with integrations that use the /lool/convert-to endpoint + ProxyPass /lool https://127.0.0.1:9980/cool + ProxyPassReverse /lool https://127.0.0.1:9980/cool SSLEngine on @@ -2009,65 +2018,91 @@ EOF echononl "Create nginx vhost entry for '$HOSTNAME_CO'" cat< "${nginx_vhost_dir}/${HOSTNAME_CO}.conf" 2>> $log_file - # --- $HOSTNAME_CO +# --- $HOSTNAME_CO - # --- - # see: https://www.collaboraoffice.com/code/nginx-reverse-proxy/ - # --- +# --- +# see: https://www.collaboraoffice.com/code/nginx-reverse-proxy/ +# --- - server { - listen 443 ssl; - listen [::]:443 ssl; +server { + listen 80; + listen [::]:80; + server_name co-01.oopen.de; - server_name ${HOSTNAME_CO}; + # Enforce HTTPS + return 301 https://\$server_name\$request_uri; +} - root /var/www/${HOSTNAME_CO}; +# --- +# see: https://www.collaboraoffice.com/code/nginx-reverse-proxy/ +# --- - ssl_certificate ${server_cert}; - ssl_certificate_key ${server_key}; +server { + listen 443 ssl; + listen [::]:443 ssl; - # static files - location ^~ /loleaflet { - proxy_pass https://localhost:9980; - proxy_set_header Host \$http_host; - } + server_name ${HOSTNAME_CO}; - # WOPI discovery URL - location ^~ /hosting/discovery { - proxy_pass https://localhost:9980; - proxy_set_header Host \$http_host; - } + root /var/www/${HOSTNAME_CO}; - # Capabilities - location ^~ /hosting/capabilities { - proxy_pass https://localhost:9980; - proxy_set_header Host \$http_host; - } + ssl_certificate ${server_cert}; + ssl_certificate_key ${server_key}; - # main websocket - location ~ ^/lool/(.*)/ws$ { - proxy_pass https://localhost:9980; - proxy_set_header Upgrade \$http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host \$http_host; - proxy_read_timeout 36000s; - } - # download, presentation and image upload - location ~ ^/lool { - proxy_pass https://localhost:9980; - proxy_set_header Host \$http_host; - } + # Include location directive for Let's Encrypt ACME Challenge + # + # Needed for (automated) updating certificate + # + include snippets/letsencrypt-acme-challenge.conf; - # Admin Console websocket - location ^~ /lool/adminws { - proxy_pass https://localhost:9980; - proxy_set_header Upgrade \$http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host \$http_host; - proxy_read_timeout 36000s; - } + # set max upload size + client_max_body_size 512M; + fastcgi_buffers 64 4K; + + + # static files + location ^~ /browser { + proxy_pass https://localhost:9980; + proxy_set_header Host \$http_host; } + + # WOPI discovery URL + location ^~ /hosting/discovery { + proxy_pass https://localhost:9980; + proxy_set_header Host \$http_host; + } + + # Capabilities + location ^~ /hosting/capabilities { + proxy_pass https://localhost:9980; + proxy_set_header Host \$http_host; + } + + # main websocket + location ~ ^/cool/(.*)/ws$ { + proxy_pass https://localhost:9980; + proxy_set_header Upgrade \$http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host \$http_host; + proxy_read_timeout 36000s; + } + + # download, presentation and image upload + # we accept 'lool' to be backward compatible + location ~ ^/(c|l)ool { + proxy_pass https://localhost:9980; + proxy_set_header Host \$http_host; + } + + # Admin Console websocket + location ^~ /cool/adminws { + proxy_pass https://localhost:9980; + proxy_set_header Upgrade \$http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host \$http_host; + proxy_read_timeout 36000s; + } +} EOF if [ "$?" = 0 ]; then echo_ok @@ -2313,15 +2348,15 @@ EOF echo "" >> $log_file - echo "# - Setup script 'check_cert_loolwsd.sh'" >> $log_file + echo "# - Setup script 'check_cert_coolwsd.sh'" >> $log_file echo "# -" >> $log_file - echononl "Setup script 'check_cert_loolwsd.sh'" + echononl "Setup script 'check_cert_coolwsd.sh'" _failed=false - if [[ -f "/root/bin/nextcloud/conf/check_cert_loolwsd.conf.sample" ]]; then - if [[ ! -f "/root/bin/nextcloud/conf/check_cert_loolwsd.conf" ]]; then - cp -a "/root/bin/nextcloud/conf/check_cert_loolwsd.conf.sample" \ - "/root/bin/nextcloud/conf/check_cert_loolwsd.conf" + if [[ -f "/root/bin/nextcloud/conf/check_cert_coolwsd.conf.sample" ]]; then + if [[ ! -f "/root/bin/nextcloud/conf/check_cert_coolwsd.conf" ]]; then + cp -a "/root/bin/nextcloud/conf/check_cert_coolwsd.conf.sample" \ + "/root/bin/nextcloud/conf/check_cert_coolwsd.conf" if [[ $? -ne 0 ]] ; then _failed=true fi @@ -2329,10 +2364,10 @@ EOF cat << EOF >> $log_file perl -i -n -p -e "s/^\\s*HOSTNAME_CO\\s*=.*/HOSTNAME_CO=\"${HOSTNAME_CO}\"" \\ - /root/bin/nextcloud/conf/check_cert_loolwsd.conf + /root/bin/nextcloud/conf/check_cert_coolwsd.conf EOF perl -i -n -p -e "s/^\s*HOSTNAME_CO\s*=.*/HOSTNAME_CO="${HOSTNAME_CO}"/" \ - /root/bin/nextcloud/conf/check_cert_loolwsd.conf >> "$log_file" 2>&1 + /root/bin/nextcloud/conf/check_cert_coolwsd.conf >> "$log_file" 2>&1 if [[ $? -ne 0 ]]; then _failed=true @@ -2340,13 +2375,13 @@ EOF if $_failed ; then echo_failed - error "Failed to setup script 'check_cert_loolwsd.sh'." + error "Failed to setup script 'check_cert_coolwsd.sh'." else echo_ok - echononl "Initial run of script 'check_cert_loolwsd.sh'.." - if [[ -x "/root/bin/nextcloud/check_cert_loolwsd.sh" ]]; then - /root/bin/nextcloud/check_cert_loolwsd.sh + echononl "Initial run of script 'check_cert_coolwsd.sh'.." + if [[ -x "/root/bin/nextcloud/check_cert_coolwsd.sh" ]]; then + /root/bin/nextcloud/check_cert_coolwsd.sh if [[ $? -eq 0 ]]; then echo_ok @@ -2355,29 +2390,29 @@ EOF fi else echo_skipped - warn "Cannot find script '/root/bin/nextcloud/check_cert_loolwsd.sh'" + warn "Cannot find script '/root/bin/nextcloud/check_cert_coolwsd.sh'" fi fi else echo_skipped - warn "Cannot find sample configuration file '/root/bin/nextcloud/conf/check_cert_loolwsd.conf.sample'" + warn "Cannot find sample configuration file '/root/bin/nextcloud/conf/check_cert_coolwsd.conf.sample'" echo "# -" >> $log_file - echo "# - Cannot find sample configuration file '/root/bin/nextcloud/conf/check_cert_loolwsd.conf.sample'" >> $log_file - echo "# - Skip configuration of script '/root/bin/nextcloud/check_cert_loolwsd.sh'" >> $log_file + echo "# - Cannot find sample configuration file '/root/bin/nextcloud/conf/check_cert_coolwsd.conf.sample'" >> $log_file + echo "# - Skip configuration of script '/root/bin/nextcloud/check_cert_coolwsd.sh'" >> $log_file echo "# -" >> $log_file fi echononl "Create cronjob for checcking/renewing lollwsd certs.." - if [[ -x "/root/bin/nextcloud/check_cert_loolwsd.sh" ]] ; then + if [[ -x "/root/bin/nextcloud/check_cert_coolwsd.sh" ]] ; then _crontab_tmp_file=/tmp/crontab_root.$$ crontab -l > $_crontab_tmp_file 2> /dev/null - if ! grep -q -E "/root/bin/nextcloud/check_cert_loolwsd.sh" $_crontab_tmp_file 2> /dev/null ; then + if ! grep -q -E "/root/bin/nextcloud/check_cert_coolwsd.sh" $_crontab_tmp_file 2> /dev/null ; then echo "" >> $_crontab_tmp_file - echo "# - Check if certificates for loolwsd service are up to date" >> $_crontab_tmp_file + echo "# - Check if certificates for coolwsd service are up to date" >> $_crontab_tmp_file echo "# -" >> $_crontab_tmp_file - echo "17 05 * * * /root/bin/nextcloud/check_cert_loolwsd.sh" >> $_crontab_tmp_file + echo "17 05 * * * /root/bin/nextcloud/check_cert_coolwsd.sh" >> $_crontab_tmp_file crontab $_crontab_tmp_file if [[ $? -eq 0 ]]; then echo_done @@ -2390,7 +2425,7 @@ EOF fi else echo_skipped - warn "Script '/root/bin/nextcloud/check_cert_loolwsd.sh' not found'." + warn "Script '/root/bin/nextcloud/check_cert_coolwsd.sh' not found'." fi fi