From 7d7ca25baa169912f5f3e19114645fd8daabb0a6 Mon Sep 17 00:00:00 2001 From: Christoph Date: Wed, 31 Mar 2021 04:18:22 +0200 Subject: [PATCH] Add support for nginx webserver. --- FILES/Apache2/cloud-site-name.conf.php-fpm | 90 ++ .../colaboraonline-site-name.conf.static | 58 + FILES/Nginx/full-qualified-site-name.conf | 191 +++ conf/install_nextcloud.conf.sample | 11 + install_nextcloud.sh | 1349 ++++++++++++----- 5 files changed, 1330 insertions(+), 369 deletions(-) create mode 100644 FILES/Apache2/cloud-site-name.conf.php-fpm create mode 100644 FILES/Apache2/colaboraonline-site-name.conf.static create mode 100644 FILES/Nginx/full-qualified-site-name.conf diff --git a/FILES/Apache2/cloud-site-name.conf.php-fpm b/FILES/Apache2/cloud-site-name.conf.php-fpm new file mode 100644 index 0000000..b44d4da --- /dev/null +++ b/FILES/Apache2/cloud-site-name.conf.php-fpm @@ -0,0 +1,90 @@ +# --- + +:80 [IPV6-ADDRESS]:80> + + ServerAdmin admin@oopen.de + + ServerName + + RewriteEngine on + RewriteCond %{HTTPS} !=on + RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] + + CustomLog /var/log/apache2/ip_requests.log base_requests + + CustomLog /var/log/apache2/-access.log combined + ErrorLog /var/log/apache2/-error.log + + + +:443 [IPV6-ADDRESS]:443> + + ServerAdmin admin@oopen.de + + ServerName + + #ProxyErrorOverride On + + + SetHandler "proxy:unix:/tmp/php-7.4-fpm.www.sock|fcgi://127.0.0.1" + + + + DirectoryIndex index.php index.html index.htm + + + DocumentRoot /var/www//htdocs + /htdocs"> + Require all granted + AllowOverride All + Options FollowSymLinks MultiViews + + + # - HTTP Strict Transport Security (HSTS) + # - + # - HSTS tells a browser that the website should only be accessed through + # - a secure connection. The HSTS header will be remembered by a standard + # compliant browser for max-age seconds. + # - + # - Remember this settings for 1/2 year + # - + #Header add Strict-Transport-Security "max-age=15768000" + Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" + + # - Referrer-Policy + # - + # - See: https://scotthelme.co.uk/a-new-security-header-referrer-policy/ + # - https://www.w3.org/TR/referrer-policy/ + # - + # - Referrer Policy is a new header that allows a site to control how + # - much information the browser includes with navigations away from + # - a document and should be set by all sites. + # - + # - The HTTP referer (originally a misspelling of referrer[1]) is an HTTP header + # - field that identifies the address of the webpage (i.e. the URI or IRI) that + # - linked to the resource being requested. By checking the referrer, the new + # - webpage can see where the request originated. + # - + # - For a complete list and explanation of values, see urls above + # - + # - Example: "no-referrer-when-downgrade" + # - The browser will not send the referrer header when navigating + # - from HTTPS to HTTP, but will always send the full URL in the + # - referrer header when navigating from HTTP to any origin. It + # - doesn't matter whether the source and destination are the same + # - site or not, only the scheme. + # - + Header always set Referrer-Policy "strict-origin-when-cross-origin" + + SSLEngine on + + SSLCertificateFile /var/lib/dehydrated/certs//fullchain.pem + SSLCertificateKeyFile /var/lib/dehydrated/certs//privkey.pem + + + CustomLog /var/log/apache2/ip_requests.log base_requests + + CustomLog /var/log/apache2/-access.log combined + ErrorLog /var/log/apache2/-error.log + + diff --git a/FILES/Apache2/colaboraonline-site-name.conf.static b/FILES/Apache2/colaboraonline-site-name.conf.static new file mode 100644 index 0000000..6712cac --- /dev/null +++ b/FILES/Apache2/colaboraonline-site-name.conf.static @@ -0,0 +1,58 @@ +:443 [IPV6-ADDRESS]:443> + + ServerName + + Options -Indexes + + # Encoded slashes need to be allowed + AllowEncodedSlashes NoDecode + + # Container uses a unique non-signed certificate + SSLProxyEngine On + SSLProxyVerify None + SSLProxyCheckPeerCN Off + SSLProxyCheckPeerName Off + + # keep the host + ProxyPreserveHost On + + # static html, js, images, etc. served from loolwsd + # loleaflet is the client part of Collabora Online + ProxyPass /loleaflet https://localhost:9980/loleaflet retry=0 + ProxyPassReverse /loleaflet https://localhost:9980/loleaflet + + # WOPI discovery URL + ProxyPass /hosting/discovery https://localhost:9980/hosting/discovery retry=0 + ProxyPassReverse /hosting/discovery https://localhost:9980/hosting/discovery + + # Capabilities + ProxyPass /hosting/capabilities https://localhost:9980/hosting/capabilities retry=0 + ProxyPassReverse /hosting/capabilities https://localhost:9980/hosting/capabilities + + # Main websocket + ProxyPassMatch "/lool/(.*)/ws$" wss://localhost:9980/lool/$1/ws nocanon + + # Admin Console websocket + ProxyPass /lool/adminws wss://localhost:9980/lool/adminws + + # Download as, Fullscreen presentation and Image upload operations + ProxyPass /lool https://localhost:9980/lool + ProxyPassReverse /lool https://localhost:9980/lool + + + # Endpoint with information about availability of various features + ProxyPass /hosting/capabilities https://localhost:9980/hosting/capabilities retry=0 + ProxyPassReverse /hosting/capabilities https://localhost:9980/hosting/capabilities + + + SSLEngine on + + SSLCertificateFile /var/lib/dehydrated/certs//fullchain.pem + SSLCertificateKeyFile /var/lib/dehydrated/certs//privkey.pem + + CustomLog /var/log/apache2/ip_requests.log base_requests + + CustomLog /var/log/apache2/.log combined + ErrorLog /var/log/apache2/-error.log + + diff --git a/FILES/Nginx/full-qualified-site-name.conf b/FILES/Nginx/full-qualified-site-name.conf new file mode 100644 index 0000000..df73724 --- /dev/null +++ b/FILES/Nginx/full-qualified-site-name.conf @@ -0,0 +1,191 @@ +# --- + +# --- +# see: https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html +# --- + + +upstream php-handler { + server unix:/tmp/php-7.4-fpm.www.sock; +} + +server { + listen 80; + listen [::]:80; + server_name ; + + # Enforce HTTPS + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name ; + + # Include location directive for Let's Encrypt ACME Challenge + # + # Needed for (automated) updating certificate + # + include snippets/letsencrypt-acme-challenge.conf; + + + # Use Mozilla's guidelines for SSL/TLS settings + # https://mozilla.github.io/server-side-tls/ssl-config-generator/ + ssl_certificate /var/lib/dehydrated/certs//fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs//privkey.pem; + + + # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits + # + # To generate a dhparam.pem file, run in a terminal + # openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048 + # + ssl_dhparam /etc/nginx/ssl/dhparam.pem; + + # Eable session resumption to improve https performance + ssl_session_cache shared:MozSSL:50m; + ssl_session_timeout 1d; + ssl_session_tickets off; + + #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE + # omit SSLv3 because of POODLE + # omit TLSv1 TLSv1.1 + ssl_protocols TLSv1.2 TLSv1.3; + + # ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES) + # Everything better than SHA1 (deprecated) + # + #ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES'; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + + ssl_prefer_server_ciphers off; + + # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + + # set max upload size + client_max_body_size 512M; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. + #pagespeed off; + + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www//htdocs; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The following 6 rules are borrowed from `.htaccess` + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + # Anything else is dynamically handled by Nextcloud + location ^~ /.well-known { return 301 /index.php$uri; } + + try_files $uri $uri/ =404; + } + + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + set $path_info $fastcgi_path_info; + + try_files $fastcgi_script_name =404; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + fastcgi_param HTTPS on; + + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls + fastcgi_pass php-handler; + + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ \.(?:css|js|svg|gif)$ { + try_files $uri /index.php$request_uri; + expires 6M; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets + } + + location ~ \.woff2?$ { + try_files $uri /index.php$request_uri; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets + } + + location / { + try_files $uri $uri/ /index.php$request_uri; + } +} diff --git a/conf/install_nextcloud.conf.sample b/conf/install_nextcloud.conf.sample index c6a0fd3..cba18c4 100644 --- a/conf/install_nextcloud.conf.sample +++ b/conf/install_nextcloud.conf.sample @@ -28,6 +28,17 @@ #WEB_DIRS_ROOT="/var/www" +# - WEBSERVER_SOFTWARE +# - +# - Installed Webserver Software. Possoble values are: +# - - apache +# - - nginx +# - +# - Default: nginx +# - +#WEBSERVER_SOFTWARE="nginx" + + # - Webservers user # - # - The script wil determin the webservers user, so you don't need to diff --git a/install_nextcloud.sh b/install_nextcloud.sh index 90195ed..a4bd369 100755 --- a/install_nextcloud.sh +++ b/install_nextcloud.sh @@ -254,6 +254,9 @@ DEFAULT_WEB_DIRS_ROOT="/var/www" DEFAULT_PHP_ENGINE="FPM" DEFAULT_DATABASE_TYPE="mysql" DEFAULT_DATABASE_HOST="localhost" +DEFAULT_WEBSERVER_SOFTWARE="apache2" +DEFAULT_HTTP_USER="www-data" +DEFAULT_HTTP_GROUP="www-data" if [[ -f "$conf_file" ]]; then @@ -275,6 +278,12 @@ fi [[ -z "$SSL_CERT_GROUP" ]] && SSL_CERT_GROUP="$DEFAULT_SSL_CERT_GROUP" +if [[ -z "$WEBSERVER_SOFTWARE" ]] ; then + WEBSERVER_SOFTWARE="$DEFAULT_WEBSERVER_SOFTWARE" +elif [[ "$WEBSERVER_SOFTWARE" != "apache2" ]] && [[ "$WEBSERVER_SOFTWARE" != "nginx" ]] ; then + WEBSERVER_SOFTWARE="$DEFAULT_WEBSERVER_SOFTWARE" +fi + DEFAULT_IPV4="$(ip a | grep " inet " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)" DEFAULT_IPV6="$(ip a | grep " inet6 " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)" DEFAULT_IPV4_CO="$DEFAULT_IPV4" @@ -844,6 +853,52 @@ if $INSTALL_COLABORA_SERVICE ; then fi +_WEBSERVER_SOFTWARE="$WEBSERVER_SOFTWARE" +WEBSERVER_SOFTWARE="" +_default_val="" +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo " Which Webserver is installed?" +echo "" +echo "" +if [[ "$_WEBSERVER_SOFTWARE" = "apache2" ]] ; then + echo -e " \033[37m\033[1m[1] Apache2\033[m" + echo " [2] Nginx" + _default_val="apache2" +else + echo " [1] Apache2" + echo -e " \033[37m\033[1m[2] Nginx\033[m" + _default_val="nginx" +fi +echo "" +echononl "Choose a number or press for highlighted value: " +while [[ "$WEBSERVER_SOFTWARE" != "apache2" && "$WEBSERVER_SOFTWARE" != "nginx" ]] ; do + read OPTION + case $OPTION in + 1) WEBSERVER_SOFTWARE="apache2" + ;; + 2) WEBSERVER_SOFTWARE="nginx" + ;; + '') WEBSERVER_SOFTWARE="$_default_val" + ;; + *) WEBSERVER_SOFTWARE="" + echo "" + echo -e "\tWrong entry! [ 1 = Apache2 ; 2 = Nginx ] or type " + echo "" + echononl " Reentry: " + ;; + esac +done +apache2_installed=false +nginx_installed=false +if [[ "$WEBSERVER_SOFTWARE" = "apache2" ]] ; then + apache2_installed=true +else + nginx_installed=true +fi + + # ---------- # Some checks # ---------- @@ -863,73 +918,83 @@ else fi fi -# - Determin user/group of the webserver -# - -httpd_binary="$(which httpd)" -if [ -z "$httpd_binary" ]; then - httpd_binary="$(ps -axu | grep httpd | grep -e "^root" | grep -v grep | awk '{print$11}')" +if $apache2_installed ; then + # - Determin user/group of the webserver + # - + httpd_binary="$(which httpd)" if [ -z "$httpd_binary" ]; then - if [ -x "/usr/local/apache2/bin/httpd" ]; then - httpd_binary="/usr/local/apache2/bin/httpd" + httpd_binary="$(ps -axu | grep httpd | grep -e "^root" | grep -v grep | awk '{print$11}')" + if [ -z "$httpd_binary" ]; then + if [ -x "/usr/local/apache2/bin/httpd" ]; then + httpd_binary="/usr/local/apache2/bin/httpd" + fi fi fi -fi -if [ -x "$httpd_binary" ];then + if [ -x "$httpd_binary" ];then - # - Determin websever user + # - Determin websever user + # - + _HTTP_USER="`$httpd_binary -t -D DUMP_RUN_CFG | grep -i -e "^User" | awk '{print$2}' | cut -d\"=\" -f2 | tr -d '"'`" + _HTTP_GROUP="`$httpd_binary -t -D DUMP_RUN_CFG | grep -i -e "^Group" | awk '{print$2}' | cut -d\"=\" -f2 | tr -d '"'`" + + # - Is webserver running ? + # - + PID=$(ps aux | grep "$(realpath $httpd_binary)" | grep -e "^root" | grep -v grep | awk '{print$2}') + if [[ "X${PID}X" = "XX" ]] ;then + IS_HTTPD_RUNNING=false + else + IS_HTTPD_RUNNING=true + fi + fi + + if [[ -n "$_HTTP_USER" ]] ; then + if [[ -n "$HTTP_USER" ]] && [[ "$_HTTP_USER" != "$HTTP_USER" ]]; then + warn "The script has determined \033[1;37m${_HTTP_USER}\033[m as Webservers user. This\n value differs from the value given in your configuration file, \n which is \033[1;37m${HTTP_USER}\033[m and takes precedence." + else + HTTP_USER=$_HTTP_USER + fi + else + [[ -n "$HTTP_USER" ]] || HTTP_USER=$DEFAULT_HTTP_USER + fi + if [[ -n "$_HTTP_GROUP" ]] ; then + if [[ -n "$HTTP_GROUP" ]] && [[ "$_HTTP_GROUP" != "$HTTP_GROUP" ]]; then + warn "The script has determined \033[1;37m${_HTTP_GROUP}\033[m as Webservers group. This\n value differs from the value given in your configuration file, \n which is \033[1;37m${HTTP_GROUP}\033[m and takes precedence." + else + HTTP_GROUP=$_HTTP_GROUP + fi + else + [[ -n "$HTTP_GROUP" ]] || HTTP_GROUP=$DEFAULT_HTTP_GROUP + fi + + # - Determin ServerRoot Directory # - - _HTTP_USER="`$httpd_binary -t -D DUMP_RUN_CFG | grep -i -e "^User" | awk '{print$2}' | cut -d\"=\" -f2 | tr -d '"'`" - _HTTP_GROUP="`$httpd_binary -t -D DUMP_RUN_CFG | grep -i -e "^Group" | awk '{print$2}' | cut -d\"=\" -f2 | tr -d '"'`" - - # - Is webserver running ? - # - - PID=$(ps aux | grep "$(realpath $httpd_binary)" | grep -e "^root" | grep -v grep | awk '{print$2}') - if [[ "X${PID}X" = "XX" ]] ;then - IS_HTTPD_RUNNING=false - else - IS_HTTPD_RUNNING=true - fi -fi - -if [[ -n "$_HTTP_USER" ]] ; then - if [[ -n "$HTTP_USER" ]] && [[ "$_HTTP_USER" != "$HTTP_USER" ]]; then - warn "The script has determined \033[1;37m${_HTTP_USER}\033[m as Webservers user. This\n value differs from the value given in your configuration file, \n which is \033[1;37m${HTTP_USER}\033[m and takes precedence." - else - HTTP_USER=$_HTTP_USER - fi -else - [[ -n "$HTTP_USER" ]] || HTTP_USER=$DEFAULT_HTTP_USER -fi -if [[ -n "$_HTTP_GROUP" ]] ; then - if [[ -n "$HTTP_GROUP" ]] && [[ "$_HTTP_GROUP" != "$HTTP_GROUP" ]]; then - warn "The script has determined \033[1;37m${_HTTP_GROUP}\033[m as Webservers group. This\n value differs from the value given in your configuration file, \n which is \033[1;37m${HTTP_GROUP}\033[m and takes precedence." - else - HTTP_GROUP=$_HTTP_GROUP - fi -else - [[ -n "$HTTP_GROUP" ]] || HTTP_GROUP=$DEFAULT_HTTP_GROUP -fi - -# - Determin ServerRoot Directory -# - -apache_base_dir=`$_httpd_binary -t -D DUMP_RUN_CFG | grep ServerRoot | awk '{print$2}' | tr -d '"'` -if [ "`realpath /usr/local/apache2`" = "$apache_base_dir" ]; then - apache_base_dir="/usr/local/apache2" - _apache_base_dir_realpath="`realpath $apache_base_dir`" -elif [ -z "$apache_base_dir" ]; then - if [ -d "`realpath /usr/local/apache2`" ];then + apache_base_dir=`$_httpd_binary -t -D DUMP_RUN_CFG | grep ServerRoot | awk '{print$2}' | tr -d '"'` + if [ "`realpath /usr/local/apache2`" = "$apache_base_dir" ]; then apache_base_dir="/usr/local/apache2" _apache_base_dir_realpath="`realpath $apache_base_dir`" + elif [ -z "$apache_base_dir" ]; then + if [ -d "`realpath /usr/local/apache2`" ];then + apache_base_dir="/usr/local/apache2" + _apache_base_dir_realpath="`realpath $apache_base_dir`" + fi + else + _apache_base_dir_realpath=$apache_base_dir + fi + + if [[ ! -d "${_apache_base_dir_realpath}/conf/vhosts" ]] ; then + warn "No Apache VHost directory found." + apache_vhost_dir="" + else + apache_vhost_dir="${_apache_base_dir_realpath}/conf/vhosts" fi else - _apache_base_dir_realpath=$apache_base_dir -fi - -if [[ ! -d "${_apache_base_dir_realpath}/conf/vhosts" ]] ; then - warn "No Apache VHost directory found." - apache_vhost_dir="" -else - apache_vhost_dir="${_apache_base_dir_realpath}/conf/vhosts" + #if [[ -z "$(which nginx)" ]] ; then + # fatal "Nginx service binary not found" + #fi + [[ -z "$HTTP_USER" ]] && HTTP_USER="$DEFAULT_HTTP_USER" + [[ -z "$HTTP_GROUP" ]] && HTTP_GROUP="$DEFAULT_HTTP_GROUP" + nginx_vhost_dir="/etc/nginx/sites-available" + nginx_vhost_enabled_dir="/etc/nginx/sites-enabled" fi @@ -958,6 +1023,16 @@ echo " Web base directory...................: $WEB_BASE_DIR" echo "" echo " Source directory for source archiv...: $SRC_BASE_DIR" echo "" +if $apache2_installed ; then + echo " Webserver Type.......................: Apache2" + echo " Apache Vhost Directory...............: $apache_vhost_dir" +elif $nginx_installed ; then + echo " Webserver Type.......................: Nginx" + echo " Nginx VHost directory................: $nginx_vhost_dir" +else + fatal "Webserver Type (apache2 or nginx) not given" +fi + echo " Webserver user.......................: $HTTP_USER" echo " Webserver group......................: $HTTP_GROUP" echo "" @@ -1039,6 +1114,13 @@ echo "# -" >> $log_file echo "# - Web base directory...................: $WEB_BASE_DIR" >> $log_file echo "# -" >> $log_file echo "# - Source directory for source archiv...: $SRC_BASE_DIR" >> $log_file +if $apache2_installed ; then + echo "# - Webserver Type.......................: Apache2" >> $log_file + echo " # -Apache Vhost Directory...............: $apache_vhost_dir" >> $log_file +elif $nginx_installed ; then + echo "# - Webserver Type.......................: Nginx" >> $log_file + echo "# - Nginx VHost directory................: $nginx_vhost_dir" >> $log_file +fi echo "# -" >> $log_file echo "# - Webserver user.......................: $HTTP_USER" >> $log_file echo "# - Webserver group......................: $HTTP_GROUP" >> $log_file @@ -1075,6 +1157,11 @@ echo "WEB_BASE_DIR=$WEB_BASE_DIR" >> $log_file echo "IPV4=$IPV4" >> $log_file echo "IPV6=$IPV6" >> $log_file echo "SRC_BASE_DIR=$SRC_BASE_DIR" >> $log_file +if $apache2_installed ; then + echo "apache_vhost_dir=$apache_vhost_dir" +elif $nginx_installed ; then + echo "nginx_vhost_dir=$nginx_vhost_dir" +fi echo "HTTP_USER=$HTTP_USER" >> $log_file echo "HTTP_GROUP=$HTTP_GROUP" >> $log_file echo "PHP_VERSION=$PHP_VERSION" >> $log_file @@ -1618,46 +1705,48 @@ EOF blank_line - # - Create Apache2 vhost configuration for ColaboraOnline service - # - - if [[ -e "/var/lib/dehydrated/certs/${HOSTNAME_CO}/fullchain.pem" ]]; then - server_cert="/var/lib/dehydrated/certs/${HOSTNAME_CO}/fullchain.pem" - server_key="/var/lib/dehydrated/certs/${HOSTNAME_CO}/privkey.pem" - else - server_cert="/usr/local/apache2/conf/server-bundle.crt" - server_key="/usr/local/apache2/conf/server.key" - fi + if $apache2_installed ; then - if [[ -d "$apache_vhost_dir" ]] ; then - - # - Backup apache vhost file if exists + # - Create Apache2 vhost configuration for ColaboraOnline service # - - if [[ -f "${apache_vhost_dir}/${HOSTNAME_CO}.conf.static" ]]; then - - echo "" >> $log_file - echo "# - Backup existing file '${apache_vhost_dir}/${HOSTNAME_CO}.conf.static'" >> $log_file - echo "# -" >> $log_file - echononl "Backup existing file '${apache_vhost_dir}/${HOSTNAME_CO}.conf.static'" >> $log_file - - echo "mv \"${apache_vhost_dir}/${HOSTNAME_CO}.conf.static\" \"${apache_vhost_dir}/${HOSTNAME_CO}.conf.static.$backup_date\"" >> $log_file - mv "${apache_vhost_dir}/${HOSTNAME_CO}.conf.static" "${apache_vhost_dir}/${HOSTNAME_CO}.conf.static.$backup_date" >> $log_file 2>&1 - - if [ "$?" = 0 ]; then - echo_ok - else - echo_failed - error "For more informations see log output at '$log_file'." - fi - + if [[ -e "/var/lib/dehydrated/certs/${HOSTNAME_CO}/fullchain.pem" ]]; then + server_cert="/var/lib/dehydrated/certs/${HOSTNAME_CO}/fullchain.pem" + server_key="/var/lib/dehydrated/certs/${HOSTNAME_CO}/privkey.pem" + else + server_cert="/usr/local/apache2/conf/server-bundle.crt" + server_key="/usr/local/apache2/conf/server.key" fi + if [[ -d "$apache_vhost_dir" ]] ; then - echo "" >> $log_file - echo "# - Create apache vhost entry for (lokal) ColaboraOnline service" >> $log_file - echo "# -" >> $log_file - echononl "Create apache vhost entry for (lokal) ColaboraOnline service" + # - Backup apache vhost file if exists + # - + if [[ -f "${apache_vhost_dir}/${HOSTNAME_CO}.conf.static" ]]; then - cat< "${apache_vhost_dir}/${HOSTNAME_CO}.conf.static" 2>> $log_file + echo "" >> $log_file + echo "# - Backup existing file '${apache_vhost_dir}/${HOSTNAME_CO}.conf.static'" >> $log_file + echo "# -" >> $log_file + echononl "Backup existing file '${apache_vhost_dir}/${HOSTNAME_CO}.conf.static'" >> $log_file + + echo "mv \"${apache_vhost_dir}/${HOSTNAME_CO}.conf.static\" \"${apache_vhost_dir}/${HOSTNAME_CO}.conf.static.$backup_date\"" >> $log_file + mv "${apache_vhost_dir}/${HOSTNAME_CO}.conf.static" "${apache_vhost_dir}/${HOSTNAME_CO}.conf.static.$backup_date" >> $log_file 2>&1 + + if [ "$?" = 0 ]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + fi + + fi + + + echo "" >> $log_file + echo "# - Create apache vhost entry for (lokal) ColaboraOnline service" >> $log_file + echo "# -" >> $log_file + echononl "Create apache vhost entry for (lokal) ColaboraOnline service" + + cat< "${apache_vhost_dir}/${HOSTNAME_CO}.conf.static" 2>> $log_file ServerName $HOSTNAME_CO @@ -1712,26 +1801,6 @@ EOF EOF - if [ "$?" = 0 ]; then - echo_ok - else - echo_failed - error "For more informations see log output at '$log_file'." - fi - - - # - Remove symlink for apache vhost file (if exists) - # - - if [[ -h "${apache_vhost_dir}/${HOSTNAME_CO}.conf" ]]; then - - echo "" >> $log_file - echo "# - Remove existing Symlink '${apache_vhost_dir}/${HOSTNAME_CO}.conf'" >> $log_file - echo "# -" >> $log_file - echononl "Remove existing Symlink '${apache_vhost_dir}/${HOSTNAME_CO}.conf'" >> $log_file - - echo "rm -f \"${apache_vhost_dir}/${HOSTNAME_CO}.conf\"" >> $log_file - rm -f "${apache_vhost_dir}/${HOSTNAME_CO}.conf" >> $log_file 2>&1 - if [ "$?" = 0 ]; then echo_ok else @@ -1739,21 +1808,60 @@ EOF error "For more informations see log output at '$log_file'." fi - fi + + # - Remove symlink for apache vhost file (if exists) + # - + if [[ -h "${apache_vhost_dir}/${HOSTNAME_CO}.conf" ]]; then + + echo "" >> $log_file + echo "# - Remove existing Symlink '${apache_vhost_dir}/${HOSTNAME_CO}.conf'" >> $log_file + echo "# -" >> $log_file + echononl "Remove existing Symlink '${apache_vhost_dir}/${HOSTNAME_CO}.conf'" >> $log_file + + echo "rm -f \"${apache_vhost_dir}/${HOSTNAME_CO}.conf\"" >> $log_file + rm -f "${apache_vhost_dir}/${HOSTNAME_CO}.conf" >> $log_file 2>&1 + + if [ "$?" = 0 ]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + fi + + fi - # - Backup apache vhost file if exists - # - - if [[ -f "${apache_vhost_dir}/${HOSTNAME_CO}.conf" ]]; then + # - Backup apache vhost file if exists + # - + if [[ -f "${apache_vhost_dir}/${HOSTNAME_CO}.conf" ]]; then + echo "" >> $log_file + echo "# - Backup existing file '${apache_vhost_dir}/${HOSTNAME_CO}.conf'" >> $log_file + echo "# -" >> $log_file + echononl "Backup existing file '${apache_vhost_dir}/${HOSTNAME_CO}.conf'" >> $log_file + + echo "mv \"${apache_vhost_dir}/${HOSTNAME_CO}.conf\" \"${apache_vhost_dir}/${HOSTNAME_CO}.conf.$backup_date\"" >> $log_file + mv "${apache_vhost_dir}/${HOSTNAME_CO}.conf" "${apache_vhost_dir}/${HOSTNAME_CO}.conf.$backup_date" >> $log_file 2>&1 + + if [ "$?" = 0 ]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + fi + + fi + + + # - Symlimk Apache VHost file '${HOSTNAME_CO}.conf' --> '${HOSTNAME_CO}.conf.static' + # - + _symlink_src="${HOSTNAME_CO}.conf.static" + _symlink_dst="${apache_vhost_dir}/${HOSTNAME_CO}.conf" echo "" >> $log_file - echo "# - Backup existing file '${apache_vhost_dir}/${HOSTNAME_CO}.conf'" >> $log_file + echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file echo "# -" >> $log_file - echononl "Backup existing file '${apache_vhost_dir}/${HOSTNAME_CO}.conf'" >> $log_file - - echo "mv \"${apache_vhost_dir}/${HOSTNAME_CO}.conf\" \"${apache_vhost_dir}/${HOSTNAME_CO}.conf.$backup_date\"" >> $log_file - mv "${apache_vhost_dir}/${HOSTNAME_CO}.conf" "${apache_vhost_dir}/${HOSTNAME_CO}.conf.$backup_date" >> $log_file 2>&1 - + echononl "Symlink '${_symlink_dst}' --> ${_symlink_src}" + ln -s "$_symlink_src" "$_symlink_dst" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else @@ -1761,27 +1869,11 @@ EOF error "For more informations see log output at '$log_file'." fi + COLABORA_SERVICE_INSTALLED=true fi - - - # - Symlimk Apache VHost file '${HOSTNAME_CO}.conf' --> '${HOSTNAME_CO}.conf.static' - # - - _symlink_src="${HOSTNAME_CO}.conf.static" - _symlink_dst="${apache_vhost_dir}/${HOSTNAME_CO}.conf" - echo "" >> $log_file - echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file - echo "# -" >> $log_file - echononl "Symlink '${_symlink_dst}' --> ${_symlink_src}" - ln -s "$_symlink_src" "$_symlink_dst" >> $log_file 2>&1 - if [ "$?" = 0 ]; then - echo_ok - else - echo_failed - error "For more informations see log output at '$log_file'." - fi - - COLABORA_SERVICE_INSTALLED=true - fi + else + warn "ColaboraOnline for webserver 'Nginx' not yet implemented" + fi # if $apache2_installed fi @@ -1855,53 +1947,108 @@ else fi -# - Stop Apache Webserver -# - -echo "" >> $log_file -echo "# - Stop Apache Webserver" >> $log_file -echo "# -" >> $log_file -echononl "Stop Apache Webserver.." -if $systemd_supported ; then +if $apache2_installed ; then - echo "systemctl stop apache2" >> $log_file - systemctl stop apache2 >> $log_file 2>&1 + # - Stop Apache Webserver + # - + echo "" >> $log_file + echo "# - Stop Apache Webserver" >> $log_file + echo "# -" >> $log_file + echononl "Stop Apache Webserver.." + if $systemd_supported ; then - if [[ $? -eq 0 ]]; then - echo_ok - else - echo_failed - error "For more informations see log output at '$log_file'." + echo "systemctl stop apache2" >> $log_file + systemctl stop apache2 >> $log_file 2>&1 - echononl "continue anyway [yes/no]: " - read OK - OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" - while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do - echononl "Wrong entry! - repeat [yes/no]: " + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " read OK - done - [[ $OK = "yes" ]] || fatal "Interupted by user" + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interupted by user" + fi + else + + echo "/etc/init.d/apache2 stop" >> $log_file + /etc/init.d/apache2 stop >> $log_file 2>&1 + + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interupted by user" + + fi fi -else - echo "/etc/init.d/apache2 stop" >> $log_file - /etc/init.d/apache2 stop >> $log_file 2>&1 +elif $nginx_installed ; then - if [[ $? -eq 0 ]]; then - echo_ok - else - echo_failed - error "For more informations see log output at '$log_file'." + # - Stop Nginx Webserver + # - + echo "" >> $log_file + echo "# - Stop Nginx Webserver" >> $log_file + echo "# -" >> $log_file + echononl "Stop Nginx Webserver.." + if $systemd_supported ; then - echononl "continue anyway [yes/no]: " - read OK - OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" - while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do - echononl "Wrong entry! - repeat [yes/no]: " + echo "systemctl stop nginx" >> $log_file + systemctl stop nginx >> $log_file 2>&1 + + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " read OK - done - [[ $OK = "yes" ]] || fatal "Interupted by user" + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interupted by user" + fi + else + + echo "/etc/init.d/nginx stop" >> $log_file + /etc/init.d/nginx stop >> $log_file 2>&1 + + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interupted by user" + + fi fi fi @@ -3710,18 +3857,26 @@ fi # ----- -# - Configure apache2 for the new cloud system +# - Configure apache2/nginx for the new cloud system # ----- echo "" echo "" -echo -e "\033[37m\033[1mConfigure apache2 for the new cloud system..\033[m" +if $apache2_installed ; then + echo -e "\033[37m\033[1mConfigure apache2 for the new cloud system..\033[m" +elif $nginx_installed ; then + echo -e "\033[37m\033[1mConfigure nginx for the new cloud system..\033[m" +fi echo "" echo "" >> $log_file echo "" >> $log_file echo "# -----" >> $log_file -echo "# - Configure apache2 for the new cloud system" >> $log_file +if $apache2_installed ; then + echo "# - Configure apache2 for the new cloud system" >> $log_file +elif $nginx_installed ; then + echo "# - Configure nginx for the new cloud system" >> $log_file +fi echo "# -----" >> $log_file @@ -3735,46 +3890,79 @@ else server_key="/usr/local/apache2/conf/server.key" fi -if [[ -d "$apache_vhost_dir" ]] ; then +if $apache2_installed ; then - # - Backup apache vhost file if exists - # - - if [[ -f "${apache_vhost_dir}/${WEBSITE}.conf.php-fpm" ]]; then + if [[ -d "$apache_vhost_dir" ]] ; then - echo "" >> $log_file - echo "# - Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf.php-fpm'" >> $log_file - echo "# -" >> $log_file - echononl "Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf.php-fpm'" >> $log_file - - echo "mv \"${apache_vhost_dir}/${WEBSITE}.conf.php-fpm\" \"${apache_vhost_dir}/${WEBSITE}.conf.php-fpm.$backup_date\"" >> $log_file - mv "${apache_vhost_dir}/${WEBSITE}.conf.php-fpm" "${apache_vhost_dir}/${WEBSITE}.conf.php-fpm.$backup_date" >> $log_file 2>&1 + # - Remove symlink for apache vhost file (if exists) + # - + if [[ -h "${apache_vhost_dir}/${WEBSITE}.conf" ]]; then - if [ "$?" = 0 ]; then - echo_ok - else - echo_failed - error "For more informations see log output at '$log_file'." + echo "" >> $log_file + echo "# - Remove existing Symlink '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file + echo "# -" >> $log_file + echononl "Remove existing Symlink '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file + + echo "rm -f \"${apache_vhost_dir}/${WEBSITE}.conf\"" >> $log_file + rm -f "${apache_vhost_dir}/${WEBSITE}.conf" >> $log_file 2>&1 - echononl "continue anyway [yes/no]: " - read OK - OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" - while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do - echononl "Wrong entry! - repeat [yes/no]: " + if [ "$?" = 0 ]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " read OK - done - [[ $OK = "yes" ]] || fatal "Interrupted ny user." + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + fi + + fi # f [[ -h "${apache_vhost_dir}/${WEBSITE}.conf" ]] + + + # - Backup apache vhost file if exists + # - + if [[ -f "${apache_vhost_dir}/${WEBSITE}.conf.php-fpm" ]]; then + + echo "" >> $log_file + echo "# - Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf.php-fpm'" >> $log_file + echo "# -" >> $log_file + echononl "Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf.php-fpm'" >> $log_file + + echo "mv \"${apache_vhost_dir}/${WEBSITE}.conf.php-fpm\" \"${apache_vhost_dir}/${WEBSITE}.conf.php-fpm.$backup_date\"" >> $log_file + mv "${apache_vhost_dir}/${WEBSITE}.conf.php-fpm" "${apache_vhost_dir}/${WEBSITE}.conf.php-fpm.$backup_date" >> $log_file 2>&1 + + if [ "$?" = 0 ]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + + fi fi - fi + echo "" >> $log_file + echo "# - Create apache vhost entry for '$WEBSITE'" >> $log_file + echo "# -" >> $log_file + echononl "Create apache vhost entry for '$WEBSITE'" - echo "" >> $log_file - echo "# - Create apache vhost entry for '$WEBSITE'" >> $log_file - echo "# -" >> $log_file - echononl "Create apache vhost entry for '$WEBSITE'" - - cat< "${apache_vhost_dir}/${WEBSITE}.conf.php-fpm" 2>> $log_file + cat< "${apache_vhost_dir}/${WEBSITE}.conf.php-fpm" 2>> $log_file # --- $WEBSITE @@ -3866,35 +4054,6 @@ if [[ -d "$apache_vhost_dir" ]] ; then EOF - if [ "$?" = 0 ]; then - echo_ok - else - echo_failed - error "For more informations see log output at '$log_file'." - - echononl "continue anyway [yes/no]: " - read OK - OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" - while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do - echononl "Wrong entry! - repeat [yes/no]: " - read OK - done - [[ $OK = "yes" ]] || fatal "Interrupted ny user." - fi - - - # - Remove symlink for apache vhost file (if exists) - # - - if [[ -h "${apache_vhost_dir}/${WEBSITE}.conf" ]]; then - - echo "" >> $log_file - echo "# - Remove existing Symlink '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file - echo "# -" >> $log_file - echononl "Remove existing Symlink '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file - - echo "rm -f \"${apache_vhost_dir}/${WEBSITE}.conf\"" >> $log_file - rm -f "${apache_vhost_dir}/${WEBSITE}.conf" >> $log_file 2>&1 - if [ "$?" = 0 ]; then echo_ok else @@ -3911,21 +4070,308 @@ EOF [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi + + # - Symlimk Apache VHost file '${WEBSITE}.conf' --> '${WEBSITE}.conf.php-fpm' + # - + _symlink_src="${WEBSITE}.conf.php-fpm" + _symlink_dst="${apache_vhost_dir}/${WEBSITE}.conf" + echo "" >> $log_file + echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file + echo "# -" >> $log_file + echononl "Symlink '${_symlink_dst}' --> ${_symlink_src}" + ln -s "$_symlink_src" "$_symlink_dst" >> $log_file 2>&1 + if [ "$?" = 0 ]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + + fi + else + error "Cant find apache2's vhost directory!" + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + fi +elif $nginx_installed ; then + if [[ -d "$nginx_vhost_dir" ]]; then - # - Backup apache vhost file if exists - # - - if [[ -f "${apache_vhost_dir}/${WEBSITE}.conf" ]]; then + # - Remove symlink for nginx vhost file (if exists) + # - + if [[ -h "${nginx_vhost_enabled_dir}/${WEBSITE}.conf" ]]; then + + echo "" >> $log_file + echo "# - Remove existing Symlink '${nginx_vhost_enabled_dir}/${WEBSITE}.conf'" >> $log_file + echo "# -" >> $log_file + echononl "Remove existing Symlink '${nginx_vhost_enabled_dir}/${WEBSITE}.conf'" >> $log_file + + echo "rm -f \"${nginx_vhost_enabled_dir}/${WEBSITE}.conf\"" >> $log_file + rm -f "${nginx_vhost_enabled_dir}/${WEBSITE}.conf" >> $log_file 2>&1 + + if [ "$?" = 0 ]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + fi + + fi # f [[ -h "${nginx_vhost_dir}/${WEBSITE}.conf" ]] + + # - Backup nginx vhost file if exists + # - + if [[ -f "${nginx_vhost_dir}/${WEBSITE}.conf" ]]; then + + echo "" >> $log_file + echo "# - Backup existing file '${nginx_vhost_dir}/${WEBSITE}.conf'" >> $log_file + echo "# -" >> $log_file + echononl "Backup existing file '${nginx_vhost_dir}/${WEBSITE}.conf'" >> $log_file + + echo "mv \"${nginx_vhost_dir}/${WEBSITE}.conf\" \"${nginx_vhost_dir}/${WEBSITE}.conf.$backup_date\"" >> $log_file + mv "${nginx_vhost_dir}/${WEBSITE}.conf" "${nginx_vhost_dir}/${WEBSITE}.conf.$backup_date" >> $log_file 2>&1 + + if [ "$?" = 0 ]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + + fi + + fi echo "" >> $log_file - echo "# - Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file + echo "# - Create apache vhost entry for '$WEBSITE'" >> $log_file echo "# -" >> $log_file - echononl "Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file - - echo "mv \"${apache_vhost_dir}/${WEBSITE}.conf\" \"${apache_vhost_dir}/${WEBSITE}.conf.$backup_date\"" >> $log_file - mv "${apache_vhost_dir}/${WEBSITE}.conf" "${apache_vhost_dir}/${WEBSITE}.conf.$backup_date" >> $log_file 2>&1 + echononl "Create apache vhost entry for '$WEBSITE'" + cat< "${nginx_vhost_dir}/${WEBSITE}.conf" 2>> $log_file +# --- $WEBSITE + +# --- +# see: https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html +# --- + + +upstream php-handler { + server unix:/tmp/php-${PHP_VERSION}-fpm.www.sock; +} + +server { + listen 80; + listen [::]:80; + server_name $WEBSITE; + + # Enforce HTTPS + return 301 https://\$server_name\$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name ${WEBSITE}; + + # Include location directive for Let's Encrypt ACME Challenge + # + # Needed for (automated) updating certificate + # + include snippets/letsencrypt-acme-challenge.conf; + + + # Use Mozilla's guidelines for SSL/TLS settings + # https://mozilla.github.io/server-side-tls/ssl-config-generator/ + ssl_certificate /var/lib/dehydrated/certs/${WEBSITE}/fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs/${WEBSITE}/privkey.pem; + + + # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits + # + # To generate a dhparam.pem file, run in a terminal + # openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048 + # + ssl_dhparam /etc/nginx/ssl/dhparam.pem; + + # Eable session resumption to improve https performance + ssl_session_cache shared:MozSSL:50m; + ssl_session_timeout 1d; + ssl_session_tickets off; + + #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE + # omit SSLv3 because of POODLE + # omit TLSv1 TLSv1.1 + ssl_protocols TLSv1.2 TLSv1.3; + + # ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES) + # Everything better than SHA1 (deprecated) + # + #ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES'; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + + ssl_prefer_server_ciphers off; + + # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + + # set max upload size + client_max_body_size 512M; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the \`ngx_pagespeed\` module, uncomment this line to disable it. + #pagespeed off; + + # HTTP response headers borrowed from Nextcloud \`.htaccess\` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root /var/www/${WEBSITE}/htdocs; + + # Specify how to handle directories -- specifying \`/index.php\$request_uri\` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # \`/updater\`, \`/ocm-provider\`, \`/ocs-provider\`), and thus + # \`try_files \$uri \$uri/ /index.php\$request_uri\` + # always provides the desired behaviour. + index index.php index.html /index.php\$request_uri; + + # Rule borrowed from \`.htaccess\` to handle Microsoft DAV clients + location = / { + if ( \$http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/\$is_args\$args; + } + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Make a regex exception for \`/.well-known\` so that clients can still + # access it despite the existence of the regex rule + # \`location ~ /(\\.|autotest|...)\` which would otherwise handle requests + # for \`/.well-known\`. + location ^~ /.well-known { + # The following 6 rules are borrowed from \`.htaccess\` + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + # Anything else is dynamically handled by Nextcloud + location ^~ /.well-known { return 301 /index.php\$uri; } + + try_files \$uri \$uri/ =404; + } + + # Rules borrowed from \`.htaccess\` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends \`/index.php\` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:\$|/) { + fastcgi_split_path_info ^(.+?\.php)(/.*)\$; + set \$path_info \$fastcgi_path_info; + + try_files \$fastcgi_script_name =404; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + fastcgi_param PATH_INFO \$path_info; + fastcgi_param HTTPS on; + + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls + fastcgi_pass php-handler; + + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ \.(?:css|js|svg|gif)\$ { + try_files \$uri /index.php\$request_uri; + expires 6M; # Cache-Control policy borrowed from \`.htaccess\` + access_log off; # Optional: Don't log access to assets + } + + location ~ \.woff2?\$ { + try_files \$uri /index.php\$request_uri; + expires 7d; # Cache-Control policy borrowed from \`.htaccess\` + access_log off; # Optional: Don't log access to assets + } + + location / { + try_files \$uri \$uri/ /index.php\$request_uri; + } +} +EOF if [ "$?" = 0 ]; then echo_ok else @@ -3942,23 +4388,36 @@ EOF [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi - fi + # - Symlimk Nginx VHost file + # - + # - '${nginx_vhost_enabled_dir}/${WEBSITE}.conf' --> '${nginx_vhost_dir}/${WEBSITE}.conf' + # - + _symlink_src="${nginx_vhost_dir}/${WEBSITE}.conf" + _symlink_dst="${nginx_vhost_enabled_dir}/${WEBSITE}.conf" + echo "" >> $log_file + echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file + echo "# -" >> $log_file + echononl "Symlink '${_symlink_dst}' --> ${_symlink_src}" + ln -s "$_symlink_src" "$_symlink_dst" >> $log_file 2>&1 + if [ "$?" = 0 ]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." - # - Symlimk Apache VHost file '${WEBSITE}.conf' --> '${WEBSITE}.conf.php-fpm' - # - - _symlink_src="${WEBSITE}.conf.php-fpm" - _symlink_dst="${apache_vhost_dir}/${WEBSITE}.conf" - echo "" >> $log_file - echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file - echo "# -" >> $log_file - echononl "Symlink '${_symlink_dst}' --> ${_symlink_src}" - ln -s "$_symlink_src" "$_symlink_dst" >> $log_file 2>&1 - if [ "$?" = 0 ]; then - echo_ok + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + + fi else - echo_failed - error "For more informations see log output at '$log_file'." + error "Cant find nginx's vhost directory!" echononl "continue anyway [yes/no]: " read OK @@ -3970,20 +4429,7 @@ EOF [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi -else - echo_failed - error "Cant find apache2's vhost directory!" - - echononl "continue anyway [yes/no]: " - read OK - OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" - while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do - echononl "Wrong entry! - repeat [yes/no]: " - read OK - done - [[ $OK = "yes" ]] || fatal "Interrupted ny user." - -fi +fi # if $apache2_installed @@ -4272,6 +4718,110 @@ else fi +# - Install and enable nextcloud app 'documentserver_community' +# - +#_app="documentserver_community" +#echo "" >> $log_file +#echo "# -" >> $log_file +#echo "# - Install nextcloud app '$_app'" >> $log_file +#echononl "Install nextcloud app '$_app'.." +# +#echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:install \"$_app\"" >> $log_file +#sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:install "$_app" >> $log_file 2>&1 +# +#if [[ $? -eq 0 ]]; then +# echo_ok +#else +# echo_failed +# error "For more informations see log output at '$log_file'." +# +# echononl "continue anyway [yes/no]: " +# read OK +# OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" +# while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do +# echononl "Wrong entry! - repeat [yes/no]: " +# read OK +# done +# [[ $OK = "yes" ]] || fatal "Interrupted ny user." +#fi +# +#echo "" >> $log_file +#echo "# -" >> $log_file +#echo "# - Eanable nextcloud app '$_app'" >> $log_file +#echononl "Eanable nextcloud app '$_app'.." +# +#echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:enable \"$_app\"" >> $log_file +#sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:enable "$_app" >> $log_file 2>&1 +# +#if [[ $? -eq 0 ]]; then +# echo_ok +#else +# echo_failed +# error "For more informations see log output: \"$log_file\"." +# +# echononl "continue anyway [yes/no]: " +# read OK +# OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" +# while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do +# echononl "Wrong entry! - repeat [yes/no]: " +# read OK +# done +# [[ $OK = "yes" ]] || fatal "Interrupted ny user." +#fi + + +# - Install and enable nextcloud app 'onlyoffice' +# - +#_app="onlyoffice" +#echo "" >> $log_file +#echo "# -" >> $log_file +#echo "# - Install nextcloud app '$_app'" >> $log_file +#echononl "Install nextcloud app '$_app'.." +# +#echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:install \"$_app\"" >> $log_file +#sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:install "$_app" >> $log_file 2>&1 +# +#if [[ $? -eq 0 ]]; then +# echo_ok +#else +# echo_failed +# error "For more informations see log output at '$log_file'." +# +# echononl "continue anyway [yes/no]: " +# read OK +# OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" +# while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do +# echononl "Wrong entry! - repeat [yes/no]: " +# read OK +# done +# [[ $OK = "yes" ]] || fatal "Interrupted ny user." +#fi +# +#echo "" >> $log_file +#echo "# -" >> $log_file +#echo "# - Eanable nextcloud app '$_app'" >> $log_file +#echononl "Eanable nextcloud app '$_app'.." +# +#echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:enable \"$_app\"" >> $log_file +#sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:enable "$_app" >> $log_file 2>&1 +# +#if [[ $? -eq 0 ]]; then +# echo_ok +#else +# echo_failed +# error "For more informations see log output: \"$log_file\"." +# +# echononl "continue anyway [yes/no]: " +# read OK +# OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" +# while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do +# echononl "Wrong entry! - repeat [yes/no]: " +# read OK +# done +# [[ $OK = "yes" ]] || fatal "Interrupted ny user." +#fi + + blank_line if $COLABORA_SERVICE_INSTALLED ; then @@ -4358,54 +4908,54 @@ blank_line # - Install and enable nextcloud app 'bruteforcesettings' # - -_app="bruteforcesettings" -echo "" >> $log_file -echo "# -" >> $log_file -echo "# - Install nextcloud app '$_app'" >> $log_file -echononl "Install nextcloud app '$_app'.." - -echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:install \"$_app\"" >> $log_file -sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:install "$_app" >> $log_file 2>&1 - -if [[ $? -eq 0 ]]; then - echo_ok -else - echo_failed - error "For more informations see log output at '$log_file'." - - echononl "continue anyway [yes/no]: " - read OK - OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" - while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do - echononl "Wrong entry! - repeat [yes/no]: " - read OK - done - [[ $OK = "yes" ]] || fatal "Interrupted ny user." -fi - -echo "" >> $log_file -echo "# -" >> $log_file -echo "# - Eanable nextcloud app '$_app'" >> $log_file -echononl "Eanable nextcloud app '$_app'.." - -echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:enable \"$_app\"" >> $log_file -sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:enable "$_app" >> $log_file 2>&1 - -if [[ $? -eq 0 ]]; then - echo_ok -else - echo_failed - error "For more informations see log output at '$log_file'." - - echononl "continue anyway [yes/no]: " - read OK - OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" - while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do - echononl "Wrong entry! - repeat [yes/no]: " - read OK - done - [[ $OK = "yes" ]] || fatal "Interrupted ny user." -fi +#_app="bruteforcesettings" +#echo "" >> $log_file +#echo "# -" >> $log_file +#echo "# - Install nextcloud app '$_app'" >> $log_file +#echononl "Install nextcloud app '$_app'.." +# +#echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:install \"$_app\"" >> $log_file +#sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:install "$_app" >> $log_file 2>&1 +# +#if [[ $? -eq 0 ]]; then +# echo_ok +#else +# echo_failed +# error "For more informations see log output at '$log_file'." +# +# echononl "continue anyway [yes/no]: " +# read OK +# OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" +# while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do +# echononl "Wrong entry! - repeat [yes/no]: " + # read OK + ## done + # [[ $OK = "yes" ]] || fatal "Interrupted ny user." +fi## +# +#echo "" >> $log_file +#echo "# -" >> $log_file +#echo "# - Eanable nextcloud app '$_app'" >> $log_file +#echononl "Eanable nextcloud app '$_app'.." +# +#echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:enable \"$_app\"" >> $log_file +#sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:enable "$_app" >> $log_file 2>&1 +# +#if [[ $? -eq 0 ]]; then +# echo_ok +#else +# echo_failed +# error "For more informations see log output at '$log_file'." +# +# echononl "continue anyway [yes/no]: " +# read OK +# OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" +# while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do +# echononl "Wrong entry! - repeat [yes/no]: " +# read OK +# done +# [[ $OK = "yes" ]] || fatal "Interrupted ny user." +#fi @@ -4476,60 +5026,121 @@ else echo_skipped fi -# - Start Apache Webserver -# - -echononl "Start Apache Webserver.." -if $IS_HTTPD_RUNNING ; then +if $apache2_installed ; then - echo "" >> $log_file - echo "# - Restart Apache Webserver" >> $log_file - echo "# -" >> $log_file + # - Start Apache Webserver + # - + echononl "Start Apache Webserver.." + if $IS_HTTPD_RUNNING ; then - if $systemd_supported ; then + echo "" >> $log_file + echo "# - Restart Apache Webserver" >> $log_file + echo "# -" >> $log_file - echo "systemctl start apache2" >> $log_file - systemctl start apache2 >> $log_file 2>&1 + if $systemd_supported ; then - if [[ $? -eq 0 ]]; then - echo_ok - else - echo_failed - error "For more informations see log output at '$log_file'." + echo "systemctl start apache2" >> $log_file + systemctl start apache2 >> $log_file 2>&1 - echononl "continue anyway [yes/no]: " - read OK - OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" - while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do - echononl "Wrong entry! - repeat [yes/no]: " + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " read OK - done - [[ $OK = "yes" ]] || fatal "Interrupted ny user." + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + fi + else + + echo "/etc/init.d/apache2 start" >> $log_file + /etc/init.d/apache2 start >> $log_file 2>&1 + + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + fi fi else - - echo "/etc/init.d/apache2 start" >> $log_file - /etc/init.d/apache2 start >> $log_file 2>&1 - - if [[ $? -eq 0 ]]; then - echo_ok - else - echo_failed - error "For more informations see log output at '$log_file'." - - echononl "continue anyway [yes/no]: " - read OK - OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" - while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do - echononl "Wrong entry! - repeat [yes/no]: " - read OK - done - [[ $OK = "yes" ]] || fatal "Interrupted ny user." - fi + echo_skipped + warn "The webserver was not running, so it will be keept down!" fi -else - echo_skipped - warn "The webserver was not running, so it will be keept down!" -fi + +elif $nginx_installed ; then + + # - Start Nginx Webserver + # - + echononl "Start Nginx Webserver.." + if $IS_HTTPD_RUNNING ; then + + echo "" >> $log_file + echo "# - Start Nginx Webserver" >> $log_file + echo "# -" >> $log_file + + if $systemd_supported ; then + + echo "systemctl start nginx" >> $log_file + systemctl start nginx >> $log_file 2>&1 + + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + fi + else + + echo "/etc/init.d/nginx start" >> $log_file + /etc/init.d/nginx start >> $log_file 2>&1 + + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + error "For more informations see log output at '$log_file'." + + echononl "continue anyway [yes/no]: " + read OK + OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" + while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do + echononl "Wrong entry! - repeat [yes/no]: " + read OK + done + [[ $OK = "yes" ]] || fatal "Interrupted ny user." + fi + fi + else + echo_skipped + warn "The webserver was not running, so it will be keept down!" + fi + +fi #if $apache2_installed # - Flush and restart redis service