From 6794456d04db8bbcd27ec52dffde3c82d4b69427 Mon Sep 17 00:00:00 2001 From: Christoph Date: Thu, 14 Feb 2019 18:27:56 +0100 Subject: [PATCH] New: create vhost configuration for the nextcloud service. --- .gitignore | 1 + install_nextcloud.sh | 416 +++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 404 insertions(+), 13 deletions(-) diff --git a/.gitignore b/.gitignore index e7029d3..f632b68 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ BAK/* +*.sql .*.swp *.tar.bz2 *.tar.gz diff --git a/install_nextcloud.sh b/install_nextcloud.sh index c43a132..5235882 100755 --- a/install_nextcloud.sh +++ b/install_nextcloud.sh @@ -275,8 +275,10 @@ fi [[ -z "$SSL_CERT_GROUP" ]] && SSL_CERT_GROUP="$DEFAULT_SSL_CERT_GROUP" -DEFAULT_IPV4_CO="$(ip a | grep " inet " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)" -DEFAULT_IPV6_CO="$(ip a | grep " inet6 " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)" +DEFAULT_IPV4="$(ip a | grep " inet " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)" +DEFAULT_IPV6="$(ip a | grep " inet6 " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)" +DEFAULT_IPV4_CO="$DEFAULT_IPV4" +DEFAULT_IPV6_CO="$DEFAULT_IPV6" @@ -329,24 +331,90 @@ if [[ ! -d "${WEB_DIRS_ROOT}/$WEBSITE" ]] ; then echo " Insert Website Base Directory." echo "" echo "" - WEB_BASE_DIR= - echononl "\033[1mWebsite Base Directory:\033[m " - read WEB_BASE_DIR - while [[ "X$WEB_BASE_DIR" = "X" ]] ; do - echo -e "\n \033[33m\033[1mWebsites Base Directory is required!\033[m\n" - echononl "\033[1mWebsites Base Directory:\033[m " + if [[ -n "$DEFAULT_WEB_BASE_DIR" ]] ; then + echononl "\033[1mWebsite Base Directory [$DEFAULT_WEB_BASE_DIR]:\033[m " read WEB_BASE_DIR - done + if [[ "X$WEB_BASE_DIR" = "X" ]]; then + WEB_BASE_DIR="$DEFAULT_WEB_BASE_DIR" + fi + else + + WEB_BASE_DIR= + echononl "\033[1mWebsite Base Directory:\033[m " + read WEB_BASE_DIR + + while [[ "X$WEB_BASE_DIR" = "X" ]] ; do + echo -e "\n \033[33m\033[1mWebsites Base Directory is required!\033[m\n" + echononl "\033[1mWebsites Base Directory:\033[m " + read WEB_BASE_DIR + done + + fi else WEB_BASE_DIR="${WEB_DIRS_ROOT}/$WEBSITE" fi -if [[ ! -d "${WEB_BASE_DIR}" ]]; then - fatal "Website '$WEBSITE' seems not to be existent at this server.\n\n \033[37m\033[1mCreate Website first!\033[m" + +# - IPv4/IPv6 Address for nextclud service +# - +if [[ -n "$(dig +short "$WEBSITE" A)" ]]; then + DEFAULT_IPV4="$(dig +short "$WEBSITE" A)" fi +if [[ -n "$(dig +short "$WEBSITE" AAAA)" ]]; then + DEFAULT_IPV6="$(dig +short "$WEBSITE" AAAA)" +fi + +echo "" +echo -e " \033[32m--\033[m" +echo "" +echo " Insert IPv4 address for Nextcloud Service.." +echo "" +echo "" +if [[ -n "$DEFAULT_IPV4" ]]; then + echononl "IPv4 address Nextcloud Service [${DEFAULT_IPV4}]: " + read IPV4 + if [[ "X${IPV4}" = "X" ]]; then + IPV4=$DEFAULT_IPV4 + fi +else + echononl "IPv4 address Nextcloud Service: " + read IPV4 + while [[ "X$IPV4" = "X" ]] ; do + echo -e "\n \033[33m\033[1mIPv4 address Nextcloud Service is required!\033[m\n" + echononl "\033[1mIPv4 address Nextcloud Service:\033[m " + read IPV4 + done +fi + +echo "" +echo -e " \033[32m--\033[m" +echo "" +echo " Insert IPv6 address for Nextcloud Service.." +echo "" +echo "" +if [[ -n "$DEFAULT_IPV6" ]]; then + echononl "IPv6 address Nextcloud Service [${DEFAULT_IPV6}]: " + read IPV6 + if [[ "X${IPV6}" = "X" ]]; then + IPV6=$DEFAULT_IPV6 + fi +else + echononl "IPv6 address Nextcloud Service: " + read IPV6 + while [[ "X$IPV6" = "X" ]] ; do + echo -e "\n \033[33m\033[1mIPv6 address Nextcloud Service is required!\033[m\n" + echononl "\033[1mIPv6 address Nextcloud Service:\033[m " + read IPV6 + done +fi + +#if [[ ! -d "${WEB_BASE_DIR}" ]]; then +# fatal "Website '$WEBSITE' seems not to be existent at this server.\n\n \033[37m\033[1mCreate Website first!\033[m" +#fi + echo "" echo -e " \033[32m--\033[m" @@ -883,6 +951,8 @@ echo " Admin user name......................: $ADMIN_USER" echo " Passord for admin user...............: $ADMIN_PASS" echo "" echo " Website..............................: $WEBSITE" +echo " IPv4 Address Nextcloud Service.......: $IPV4" +echo " IPv6 Address Nextcloud Service.......: $IPV6" echo "" echo " Web base directory...................: $WEB_BASE_DIR" echo "" @@ -963,6 +1033,8 @@ echo "# - Admin user name......................: $ADMIN_USER" >> $log_file echo "# - Passord for admin user...............: $ADMIN_PASS" >> $log_file echo "# -" >> $log_file echo "# - Website..............................: $WEBSITE" >> $log_file +echo "# - IPv4 Address Nextcloud Service.......: $IPV4" >> $log_file +echo "# - IPv6 Address Nextcloud Service.......: $IPV6" >> $log_file echo "# -" >> $log_file echo "# - Web base directory...................: $WEB_BASE_DIR" >> $log_file echo "# -" >> $log_file @@ -1000,6 +1072,8 @@ echo "ADMIN_USER=$ADMIN_USER" >> $log_file echo "ADMIN_PASS=$ADMIN_PASS" >> $log_file echo "WEBSITE=$WEBSITE" >> $log_file echo "WEB_BASE_DIR=$WEB_BASE_DIR" >> $log_file +echo "IPV4=$IPV4" >> $log_file +echo "IPV6=$IPV6" >> $log_file echo "SRC_BASE_DIR=$SRC_BASE_DIR" >> $log_file echo "HTTP_USER=$HTTP_USER" >> $log_file echo "HTTP_GROUP=$HTTP_GROUP" >> $log_file @@ -1754,13 +1828,19 @@ if [[ "$DATABASE_TYPE" = "mysql" ]] ; then checks_all_is_fine=false + if [[ ! -d "${WEB_BASE_DIR}" ]]; then + _backup_dst_dir="$working_dir" + else + _backup_dst_dir="$WEB_BASE_DIR" + fi + echo "" >> $log_file echo "# - Backup database '$DATABASE_NAME'" >> $log_file echo "# -" >> $log_file echononl "Backup database '$DATABASE_NAME' .." - echo "mysqldump -h $DATABASE_HOST -u $DATABASE_NAME -p$DATABASE_PASS --opt $DATABASE_NAME > ${WEB_BASE_DIR}/${DATABASE_NAME}.${backup_date}.sql" >> $log_file - mysqldump -h $DATABASE_HOST -u $DATABASE_NAME -p$DATABASE_PASS --opt $DATABASE_NAME > ${WEB_BASE_DIR}/${DATABASE_NAME}.${backup_date}.sql 2>> $log_file + echo "mysqldump -h $DATABASE_HOST -u $DATABASE_NAME -p$DATABASE_PASS --opt $DATABASE_NAME > ${_backup_dst_dir}/${DATABASE_NAME}.${backup_date}.sql" >> $log_file + mysqldump -h $DATABASE_HOST -u $DATABASE_NAME -p$DATABASE_PASS --opt $DATABASE_NAME > ${_backup_dst_dir}/${DATABASE_NAME}.${backup_date}.sql 2>> $log_file if [[ $? -eq 0 ]] ; then echo_ok @@ -2062,6 +2142,38 @@ echo "# - Create needed directories" >> $log_file echo "# -----" >> $log_file +# - Create websites base directory +# - +echo "" >> $log_file +echo "# - Create websites base directory '${WEB_BASE_DIR}'" >> $log_file +echo "# -" >> $log_file +echononl "Create websites base directory '${WEB_BASE_DIR}'.." +if [[ ! -d "$WEB_BASE_DIR" ]] ; then + + echo "mkdir \"$WEB_BASE_DIR\"" >> $log_file + mkdir "$WEB_BASE_DIR" >> $log_file 2>&1 + + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + + fi +else + echo_skipped +fi + + # - Create Installation Directory # - echo "" >> $log_file @@ -3489,6 +3601,284 @@ fi +# ----- +# - Configure apache2 for the new cloud system +# ----- + +echo "" +echo "" +echo -e "\033[37m\033[1mConfigure apache2 for the new cloud system..\033[m" +echo "" + +echo "" >> $log_file +echo "" >> $log_file +echo "# -----" >> $log_file +echo "# - Configure apache2 for the new cloud system" >> $log_file +echo "# -----" >> $log_file + + +# - Create Apache2 vhost configuration for ColaboraOnline service +# - +if [[ -e "/var/lib/dehydrated/certs/${WEBSITE}/fullchain.pem" ]]; then + server_cert="/var/lib/dehydrated/certs/${WEBSITE}/fullchain.pem" + server_key="/var/lib/dehydrated/certs/${WEBSITE}/privkey.pem" +else + server_cert="/usr/local/apache2/conf/server-bundle.crt" + server_key="/usr/local/apache2/conf/server.key" +fi + +if [[ -d "$apache_vhost_dir" ]] ; then + + # - Backup apache vhost file if exists + # - + if [[ -f "${apache_vhost_dir}/${WEBSITE}.conf.static" ]]; then + + echo "" >> $log_file + echo "# - Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf.static'" >> $log_file + echo "# -" >> $log_file + echononl "Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf.static'" >> $log_file + + echo "mv \"${apache_vhost_dir}/${WEBSITE}.conf.static\" \"${apache_vhost_dir}/${WEBSITE}.conf.static.$backup_date\"" >> $log_file + mv "${apache_vhost_dir}/${WEBSITE}.conf.static" "${apache_vhost_dir}/${WEBSITE}.conf.static.$backup_date" >> $log_file 2>&1 + + if [ "$?" = 0 ]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + + fi + + fi + + + echo "" >> $log_file + echo "# - Create apache vhost entry for '$WEBSITE'" >> $log_file + echo "# -" >> $log_file + echononl "Create apache vhost entry for '$WEBSITE'" + + cat< "${apache_vhost_dir}/${WEBSITE}.conf.static" 2>> $log_file +# --- $WEBSITE + + + + ServerAdmin admin@oopen.de + + ServerName $WEBSITE + + RewriteEngine on + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] + + CustomLog /var/log/apache2/ip_requests.log base_requests + + CustomLog /var/www/cloud-01.oopen.de/logs/${WEBSITE}-access.log combined + ErrorLog /var/www/cloud-01.oopen.de/logs/${WEBSITE}-error.log + + + + + + ServerAdmin admin@oopen.de + + ServerName ${WEBSITE} + + #ProxyErrorOverride On + + + SetHandler "proxy:unix:/tmp/php-${PHP_VERSION}-fpm.www.sock|fcgi://127.0.0.1" + + + + DirectoryIndex index.php index.html index.htm + + + DocumentRoot ${WEB_BASE_DIR}/htdocs + + Require all granted + AllowOverride All + Options FollowSymLinks MultiViews + + + # - HTTP Strict Transport Security (HSTS) + # - + # - HSTS tells a browser that the website should only be accessed through + # - a secure connection. The HSTS header will be remembered by a standard + # compliant browser for max-age seconds. + # - + # - Remember this settings for 1/2 year + # - + #Header add Strict-Transport-Security "max-age=15768000" + Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" + + # - Referrer-Policy + # - + # - See: https://scotthelme.co.uk/a-new-security-header-referrer-policy/ + # - https://www.w3.org/TR/referrer-policy/ + # - + # - Referrer Policy is a new header that allows a site to control how + # - much information the browser includes with navigations away from + # - a document and should be set by all sites. + # - + # - The HTTP referer (originally a misspelling of referrer[1]) is an HTTP header + # - field that identifies the address of the webpage (i.e. the URI or IRI) that + # - linked to the resource being requested. By checking the referrer, the new + # - webpage can see where the request originated. + # - + # - For a complete list and explanation of values, see urls above + # - + # - Example: "no-referrer-when-downgrade" + # - The browser will not send the referrer header when navigating + # - from HTTPS to HTTP, but will always send the full URL in the + # - referrer header when navigating from HTTP to any origin. It + # - doesn't matter whether the source and destination are the same + # - site or not, only the scheme. + # - + Header set Referrer-Policy "strict-origin-when-cross-origin" + + SSLEngine on + + SSLCertificateFile /var/lib/dehydrated/certs/cloud-01.oopen.de/fullchain.pem + SSLCertificateKeyFile /var/lib/dehydrated/certs/cloud-01.oopen.de/privkey.pem + + + CustomLog /var/log/apache2/ip_requests.log base_requests + + CustomLog /var/www/cloud-01.oopen.de/logs/${WEBSITE}-access.log combined + ErrorLog /var/www/cloud-01.oopen.de/logs/${WEBSITE}-error.log + + +EOF + if [ "$?" = 0 ]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + fi + + + # - Remove symlink for apache vhost file (if exists) + # - + if [[ -h "${apache_vhost_dir}/${WEBSITE}.conf" ]]; then + + echo "" >> $log_file + echo "# - Remove existing Symlink '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file + echo "# -" >> $log_file + echononl "Remove existing Symlink '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file + + echo "rm -f \"${apache_vhost_dir}/${WEBSITE}.conf\"" >> $log_file + rm -f "${apache_vhost_dir}/${WEBSITE}.conf" >> $log_file 2>&1 + + if [ "$?" = 0 ]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + fi + + fi + + + # - Backup apache vhost file if exists + # - + if [[ -f "${apache_vhost_dir}/${WEBSITE}.conf" ]]; then + + echo "" >> $log_file + echo "# - Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file + echo "# -" >> $log_file + echononl "Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file + + echo "mv \"${apache_vhost_dir}/${WEBSITE}.conf\" \"${apache_vhost_dir}/${WEBSITE}.conf.$backup_date\"" >> $log_file + mv "${apache_vhost_dir}/${WEBSITE}.conf" "${apache_vhost_dir}/${WEBSITE}.conf.$backup_date" >> $log_file 2>&1 + + if [ "$?" = 0 ]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + fi + + fi + + + # - Symlimk Apache VHost file '${WEBSITE}.conf' --> '${WEBSITE}.conf.static' + # - + _symlink_src="${WEBSITE}.conf.static" + _symlink_dst="${apache_vhost_dir}/${WEBSITE}.conf" + echo "" >> $log_file + echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file + echo "# -" >> $log_file + echononl "Symlink '${_symlink_dst}' --> ${_symlink_src}" + ln -s "$_symlink_src" "$_symlink_dst" >> $log_file 2>&1 + if [ "$?" = 0 ]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + + fi +else + echo_failed + error "Cant find apache2's vhost directory!" + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + +fi + + + # ----- # - Install/Enable some more nextcloud apps # -----