install/nextcloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

New: create vhost configuration for the nextcloud service.

Browse Source
This commit is contained in:
Christoph 2019-02-14 18:27:56 +01:00
parent d5cde8c230
commit 6794456d04
2 changed files with 404 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,4 +1,5 @@
BAK/* BAK/*
*.sql
.*.swp .*.swp
*.tar.bz2 *.tar.bz2
*.tar.gz *.tar.gz

416
install_nextcloud.sh
View File

@ -275,8 +275,10 @@ fi
[[ -z "$SSL_CERT_GROUP" ]] && SSL_CERT_GROUP="$DEFAULT_SSL_CERT_GROUP" [[ -z "$SSL_CERT_GROUP" ]] && SSL_CERT_GROUP="$DEFAULT_SSL_CERT_GROUP"
DEFAULT_IPV4_CO="$(ip a | grep " inet " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)" DEFAULT_IPV4="$(ip a | grep " inet " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)"
DEFAULT_IPV6_CO="$(ip a | grep " inet6 " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)" DEFAULT_IPV6="$(ip a | grep " inet6 " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)"
DEFAULT_IPV4_CO="$DEFAULT_IPV4"
DEFAULT_IPV6_CO="$DEFAULT_IPV6"
@ -329,24 +331,90 @@ if [[ ! -d "${WEB_DIRS_ROOT}/$WEBSITE" ]] ; then
echo " Insert Website Base Directory." echo " Insert Website Base Directory."
echo "" echo ""
echo "" echo ""
WEB_BASE_DIR=
echononl "\033[1mWebsite Base Directory:\033[m "
read WEB_BASE_DIR
while [[ "X$WEB_BASE_DIR" = "X" ]] ; do if [[ -n "$DEFAULT_WEB_BASE_DIR" ]] ; then
echo -e "\n \033[33m\033[1mWebsites Base Directory is required!\033[m\n" echononl "\033[1mWebsite Base Directory [$DEFAULT_WEB_BASE_DIR]:\033[m "
echononl "\033[1mWebsites Base Directory:\033[m "
read WEB_BASE_DIR read WEB_BASE_DIR
done if [[ "X$WEB_BASE_DIR" = "X" ]]; then
WEB_BASE_DIR="$DEFAULT_WEB_BASE_DIR"
fi
else
WEB_BASE_DIR=
echononl "\033[1mWebsite Base Directory:\033[m "
read WEB_BASE_DIR
while [[ "X$WEB_BASE_DIR" = "X" ]] ; do
echo -e "\n \033[33m\033[1mWebsites Base Directory is required!\033[m\n"
echononl "\033[1mWebsites Base Directory:\033[m "
read WEB_BASE_DIR
done
fi
else else
WEB_BASE_DIR="${WEB_DIRS_ROOT}/$WEBSITE" WEB_BASE_DIR="${WEB_DIRS_ROOT}/$WEBSITE"
fi fi
if [[ ! -d "${WEB_BASE_DIR}" ]]; then
fatal "Website '$WEBSITE' seems not to be existent at this server.\n\n \033[37m\033[1mCreate Website first!\033[m" # - IPv4/IPv6 Address for nextclud service
# -
if [[ -n "$(dig +short "$WEBSITE" A)" ]]; then
DEFAULT_IPV4="$(dig +short "$WEBSITE" A)"
fi fi
if [[ -n "$(dig +short "$WEBSITE" AAAA)" ]]; then
DEFAULT_IPV6="$(dig +short "$WEBSITE" AAAA)"
fi
echo ""
echo -e " \033[32m--\033[m"
echo ""
echo " Insert IPv4 address for Nextcloud Service.."
echo ""
echo ""
if [[ -n "$DEFAULT_IPV4" ]]; then
echononl "IPv4 address Nextcloud Service [${DEFAULT_IPV4}]: "
read IPV4
if [[ "X${IPV4}" = "X" ]]; then
IPV4=$DEFAULT_IPV4
fi
else
echononl "IPv4 address Nextcloud Service: "
read IPV4
while [[ "X$IPV4" = "X" ]] ; do
echo -e "\n \033[33m\033[1mIPv4 address Nextcloud Service is required!\033[m\n"
echononl "\033[1mIPv4 address Nextcloud Service:\033[m "
read IPV4
done
fi
echo ""
echo -e " \033[32m--\033[m"
echo ""
echo " Insert IPv6 address for Nextcloud Service.."
echo ""
echo ""
if [[ -n "$DEFAULT_IPV6" ]]; then
echononl "IPv6 address Nextcloud Service [${DEFAULT_IPV6}]: "
read IPV6
if [[ "X${IPV6}" = "X" ]]; then
IPV6=$DEFAULT_IPV6
fi
else
echononl "IPv6 address Nextcloud Service: "
read IPV6
while [[ "X$IPV6" = "X" ]] ; do
echo -e "\n \033[33m\033[1mIPv6 address Nextcloud Service is required!\033[m\n"
echononl "\033[1mIPv6 address Nextcloud Service:\033[m "
read IPV6
done
fi
#if [[ ! -d "${WEB_BASE_DIR}" ]]; then
# fatal "Website '$WEBSITE' seems not to be existent at this server.\n\n \033[37m\033[1mCreate Website first!\033[m"
#fi
echo "" echo ""
echo -e " \033[32m--\033[m" echo -e " \033[32m--\033[m"
@ -883,6 +951,8 @@ echo " Admin user name......................: $ADMIN_USER"
echo " Passord for admin user...............: $ADMIN_PASS" echo " Passord for admin user...............: $ADMIN_PASS"
echo "" echo ""
echo " Website..............................: $WEBSITE" echo " Website..............................: $WEBSITE"
echo " IPv4 Address Nextcloud Service.......: $IPV4"
echo " IPv6 Address Nextcloud Service.......: $IPV6"
echo "" echo ""
echo " Web base directory...................: $WEB_BASE_DIR" echo " Web base directory...................: $WEB_BASE_DIR"
echo "" echo ""
@ -963,6 +1033,8 @@ echo "# - Admin user name......................: $ADMIN_USER" >> $log_file
echo "# - Passord for admin user...............: $ADMIN_PASS" >> $log_file echo "# - Passord for admin user...............: $ADMIN_PASS" >> $log_file
echo "# -" >> $log_file echo "# -" >> $log_file
echo "# - Website..............................: $WEBSITE" >> $log_file echo "# - Website..............................: $WEBSITE" >> $log_file
echo "# - IPv4 Address Nextcloud Service.......: $IPV4" >> $log_file
echo "# - IPv6 Address Nextcloud Service.......: $IPV6" >> $log_file
echo "# -" >> $log_file echo "# -" >> $log_file
echo "# - Web base directory...................: $WEB_BASE_DIR" >> $log_file echo "# - Web base directory...................: $WEB_BASE_DIR" >> $log_file
echo "# -" >> $log_file echo "# -" >> $log_file
@ -1000,6 +1072,8 @@ echo "ADMIN_USER=$ADMIN_USER" >> $log_file
echo "ADMIN_PASS=$ADMIN_PASS" >> $log_file echo "ADMIN_PASS=$ADMIN_PASS" >> $log_file
echo "WEBSITE=$WEBSITE" >> $log_file echo "WEBSITE=$WEBSITE" >> $log_file
echo "WEB_BASE_DIR=$WEB_BASE_DIR" >> $log_file echo "WEB_BASE_DIR=$WEB_BASE_DIR" >> $log_file
echo "IPV4=$IPV4" >> $log_file
echo "IPV6=$IPV6" >> $log_file
echo "SRC_BASE_DIR=$SRC_BASE_DIR" >> $log_file echo "SRC_BASE_DIR=$SRC_BASE_DIR" >> $log_file
echo "HTTP_USER=$HTTP_USER" >> $log_file echo "HTTP_USER=$HTTP_USER" >> $log_file
echo "HTTP_GROUP=$HTTP_GROUP" >> $log_file echo "HTTP_GROUP=$HTTP_GROUP" >> $log_file
@ -1754,13 +1828,19 @@ if [[ "$DATABASE_TYPE" = "mysql" ]] ; then
checks_all_is_fine=false checks_all_is_fine=false
if [[ ! -d "${WEB_BASE_DIR}" ]]; then
_backup_dst_dir="$working_dir"
else
_backup_dst_dir="$WEB_BASE_DIR"
fi
echo "" >> $log_file echo "" >> $log_file
echo "# - Backup database '$DATABASE_NAME'" >> $log_file echo "# - Backup database '$DATABASE_NAME'" >> $log_file
echo "# -" >> $log_file echo "# -" >> $log_file
echononl "Backup database '$DATABASE_NAME' .." echononl "Backup database '$DATABASE_NAME' .."
echo "mysqldump -h $DATABASE_HOST -u $DATABASE_NAME -p$DATABASE_PASS --opt $DATABASE_NAME > ${WEB_BASE_DIR}/${DATABASE_NAME}.${backup_date}.sql" >> $log_file echo "mysqldump -h $DATABASE_HOST -u $DATABASE_NAME -p$DATABASE_PASS --opt $DATABASE_NAME > ${_backup_dst_dir}/${DATABASE_NAME}.${backup_date}.sql" >> $log_file
mysqldump -h $DATABASE_HOST -u $DATABASE_NAME -p$DATABASE_PASS --opt $DATABASE_NAME > ${WEB_BASE_DIR}/${DATABASE_NAME}.${backup_date}.sql 2>> $log_file mysqldump -h $DATABASE_HOST -u $DATABASE_NAME -p$DATABASE_PASS --opt $DATABASE_NAME > ${_backup_dst_dir}/${DATABASE_NAME}.${backup_date}.sql 2>> $log_file
if [[ $? -eq 0 ]] ; then if [[ $? -eq 0 ]] ; then
echo_ok echo_ok
@ -2062,6 +2142,38 @@ echo "# - Create needed directories" >> $log_file
echo "# -----" >> $log_file echo "# -----" >> $log_file
# - Create websites base directory
# -
echo "" >> $log_file
echo "# - Create websites base directory '${WEB_BASE_DIR}'" >> $log_file
echo "# -" >> $log_file
echononl "Create websites base directory '${WEB_BASE_DIR}'.."
if [[ ! -d "$WEB_BASE_DIR" ]] ; then
echo "mkdir \"$WEB_BASE_DIR\"" >> $log_file
mkdir "$WEB_BASE_DIR" >> $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
else
echo_skipped
fi
# - Create Installation Directory # - Create Installation Directory
# - # -
echo "" >> $log_file echo "" >> $log_file
@ -3489,6 +3601,284 @@ fi
# -----
# - Configure apache2 for the new cloud system
# -----
echo ""
echo ""
echo -e "\033[37m\033[1mConfigure apache2 for the new cloud system..\033[m"
echo ""
echo "" >> $log_file
echo "" >> $log_file
echo "# -----" >> $log_file
echo "# - Configure apache2 for the new cloud system" >> $log_file
echo "# -----" >> $log_file
# - Create Apache2 vhost configuration for ColaboraOnline service
# -
if [[ -e "/var/lib/dehydrated/certs/${WEBSITE}/fullchain.pem" ]]; then
server_cert="/var/lib/dehydrated/certs/${WEBSITE}/fullchain.pem"
server_key="/var/lib/dehydrated/certs/${WEBSITE}/privkey.pem"
else
server_cert="/usr/local/apache2/conf/server-bundle.crt"
server_key="/usr/local/apache2/conf/server.key"
fi
if [[ -d "$apache_vhost_dir" ]] ; then
# - Backup apache vhost file if exists
# -
if [[ -f "${apache_vhost_dir}/${WEBSITE}.conf.static" ]]; then
echo "" >> $log_file
echo "# - Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf.static'" >> $log_file
echo "# -" >> $log_file
echononl "Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf.static'" >> $log_file
echo "mv \"${apache_vhost_dir}/${WEBSITE}.conf.static\" \"${apache_vhost_dir}/${WEBSITE}.conf.static.$backup_date\"" >> $log_file
mv "${apache_vhost_dir}/${WEBSITE}.conf.static" "${apache_vhost_dir}/${WEBSITE}.conf.static.$backup_date" >> $log_file 2>&1
if [ "$?" = 0 ]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
fi
echo "" >> $log_file
echo "# - Create apache vhost entry for '$WEBSITE'" >> $log_file
echo "# -" >> $log_file
echononl "Create apache vhost entry for '$WEBSITE'"
cat<<EOF > "${apache_vhost_dir}/${WEBSITE}.conf.static" 2>> $log_file
# --- $WEBSITE
<VirtualHost ${IPV4}:80 [${IPV6}]:80>
ServerAdmin admin@oopen.de
ServerName $WEBSITE
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
CustomLog /var/log/apache2/ip_requests.log base_requests
CustomLog /var/www/cloud-01.oopen.de/logs/${WEBSITE}-access.log combined
ErrorLog /var/www/cloud-01.oopen.de/logs/${WEBSITE}-error.log
</VirtualHost>
<VirtualHost ${IPV4}:443 [${IPV6}]:443>
ServerAdmin admin@oopen.de
ServerName ${WEBSITE}
#ProxyErrorOverride On
<FilesMatch \.php\$>
SetHandler "proxy:unix:/tmp/php-${PHP_VERSION}-fpm.www.sock|fcgi://127.0.0.1"
</FilesMatch>
<IfModule dir_module>
DirectoryIndex index.php index.html index.htm
</IfModule>
DocumentRoot ${WEB_BASE_DIR}/htdocs
<Directory "${WEB_BASE_DIR}/htdocs">
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
</Directory>
# - HTTP Strict Transport Security (HSTS)
# -
# - HSTS tells a browser that the website should only be accessed through
# - a secure connection. The HSTS header will be remembered by a standard
# compliant browser for max-age seconds.
# -
# - Remember this settings for 1/2 year
# -
#Header add Strict-Transport-Security "max-age=15768000"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
# - Referrer-Policy
# -
# - See: https://scotthelme.co.uk/a-new-security-header-referrer-policy/
# - https://www.w3.org/TR/referrer-policy/
# -
# - Referrer Policy is a new header that allows a site to control how
# - much information the browser includes with navigations away from
# - a document and should be set by all sites.
# -
# - The HTTP referer (originally a misspelling of referrer[1]) is an HTTP header
# - field that identifies the address of the webpage (i.e. the URI or IRI) that
# - linked to the resource being requested. By checking the referrer, the new
# - webpage can see where the request originated.
# -
# - For a complete list and explanation of values, see urls above
# -
# - Example: "no-referrer-when-downgrade"
# - The browser will not send the referrer header when navigating
# - from HTTPS to HTTP, but will always send the full URL in the
# - referrer header when navigating from HTTP to any origin. It
# - doesn't matter whether the source and destination are the same
# - site or not, only the scheme.
# -
Header set Referrer-Policy "strict-origin-when-cross-origin"
SSLEngine on
SSLCertificateFile /var/lib/dehydrated/certs/cloud-01.oopen.de/fullchain.pem
SSLCertificateKeyFile /var/lib/dehydrated/certs/cloud-01.oopen.de/privkey.pem
CustomLog /var/log/apache2/ip_requests.log base_requests
CustomLog /var/www/cloud-01.oopen.de/logs/${WEBSITE}-access.log combined
ErrorLog /var/www/cloud-01.oopen.de/logs/${WEBSITE}-error.log
</VirtualHost>
EOF
if [ "$?" = 0 ]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
# - Remove symlink for apache vhost file (if exists)
# -
if [[ -h "${apache_vhost_dir}/${WEBSITE}.conf" ]]; then
echo "" >> $log_file
echo "# - Remove existing Symlink '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file
echo "# -" >> $log_file
echononl "Remove existing Symlink '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file
echo "rm -f \"${apache_vhost_dir}/${WEBSITE}.conf\"" >> $log_file
rm -f "${apache_vhost_dir}/${WEBSITE}.conf" >> $log_file 2>&1
if [ "$?" = 0 ]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
fi
# - Backup apache vhost file if exists
# -
if [[ -f "${apache_vhost_dir}/${WEBSITE}.conf" ]]; then
echo "" >> $log_file
echo "# - Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file
echo "# -" >> $log_file
echononl "Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file
echo "mv \"${apache_vhost_dir}/${WEBSITE}.conf\" \"${apache_vhost_dir}/${WEBSITE}.conf.$backup_date\"" >> $log_file
mv "${apache_vhost_dir}/${WEBSITE}.conf" "${apache_vhost_dir}/${WEBSITE}.conf.$backup_date" >> $log_file 2>&1
if [ "$?" = 0 ]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
fi
# - Symlimk Apache VHost file '${WEBSITE}.conf' --> '${WEBSITE}.conf.static'
# -
_symlink_src="${WEBSITE}.conf.static"
_symlink_dst="${apache_vhost_dir}/${WEBSITE}.conf"
echo "" >> $log_file
echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file
echo "# -" >> $log_file
echononl "Symlink '${_symlink_dst}' --> ${_symlink_src}"
ln -s "$_symlink_src" "$_symlink_dst" >> $log_file 2>&1
if [ "$?" = 0 ]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
else
echo_failed
error "Cant find apache2's vhost directory!"
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
# ----- # -----
# - Install/Enable some more nextcloud apps # - Install/Enable some more nextcloud apps
# ----- # -----