install/nextcloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for nginx webserver.

Browse Source
This commit is contained in:
Christoph 2021-03-31 04:18:22 +02:00
parent ee4e70cf3b
commit 7d7ca25baa
5 changed files with 1330 additions and 369 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
FILES/Apache2/cloud-site-name.conf.php-fpm Normal file
View File

@ -0,0 +1,90 @@
# --- <FULL-QUALIFIED-SITE-NAME>
<VirtualHost <IPV4-ADDRESS>:80 [IPV6-ADDRESS]:80>
ServerAdmin admin@oopen.de
ServerName <FULL-QUALIFIED-SITE-NAME>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
CustomLog /var/log/apache2/ip_requests.log base_requests
CustomLog /var/log/apache2/<FULL-QUALIFIED-SITE-NAME>-access.log combined
ErrorLog /var/log/apache2/<FULL-QUALIFIED-SITE-NAME>-error.log
</VirtualHost>
<VirtualHost <IPV4-ADDRESS>:443 [IPV6-ADDRESS]:443>
ServerAdmin admin@oopen.de
ServerName <FULL-QUALIFIED-SITE-NAME>
#ProxyErrorOverride On
<FilesMatch \.php$>
SetHandler "proxy:unix:/tmp/php-7.4-fpm.www.sock|fcgi://127.0.0.1"
</FilesMatch>
<IfModule dir_module>
DirectoryIndex index.php index.html index.htm
</IfModule>
DocumentRoot /var/www/<FULL-QUALIFIED-SITE-NAME>/htdocs
<Directory "/var/www/<FULL-QUALIFIED-SITE-NAME>/htdocs">
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
</Directory>
# - HTTP Strict Transport Security (HSTS)
# -
# - HSTS tells a browser that the website should only be accessed through
# - a secure connection. The HSTS header will be remembered by a standard
# compliant browser for max-age seconds.
# -
# - Remember this settings for 1/2 year
# -
#Header add Strict-Transport-Security "max-age=15768000"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
# - Referrer-Policy
# -
# - See: https://scotthelme.co.uk/a-new-security-header-referrer-policy/
# - https://www.w3.org/TR/referrer-policy/
# -
# - Referrer Policy is a new header that allows a site to control how
# - much information the browser includes with navigations away from
# - a document and should be set by all sites.
# -
# - The HTTP referer (originally a misspelling of referrer[1]) is an HTTP header
# - field that identifies the address of the webpage (i.e. the URI or IRI) that
# - linked to the resource being requested. By checking the referrer, the new
# - webpage can see where the request originated.
# -
# - For a complete list and explanation of values, see urls above
# -
# - Example: "no-referrer-when-downgrade"
# - The browser will not send the referrer header when navigating
# - from HTTPS to HTTP, but will always send the full URL in the
# - referrer header when navigating from HTTP to any origin. It
# - doesn't matter whether the source and destination are the same
# - site or not, only the scheme.
# -
Header always set Referrer-Policy "strict-origin-when-cross-origin"
SSLEngine on
SSLCertificateFile /var/lib/dehydrated/certs/<FULL-QUALIFIED-SITE-NAME>/fullchain.pem
SSLCertificateKeyFile /var/lib/dehydrated/certs/<FULL-QUALIFIED-SITE-NAME>/privkey.pem
CustomLog /var/log/apache2/ip_requests.log base_requests
CustomLog /var/log/apache2/<FULL-QUALIFIED-SITE-NAME>-access.log combined
ErrorLog /var/log/apache2/<FULL-QUALIFIED-SITE-NAME>-error.log
</VirtualHost>

58
FILES/Apache2/colaboraonline-site-name.conf.static Normal file
View File

@ -0,0 +1,58 @@
<VirtualHost <IPV4-ADDRESS>:443 [IPV6-ADDRESS]:443>
ServerName <FULL-QUALIFIED-SITE-NAME>
Options -Indexes
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of Collabora Online
ProxyPass /loleaflet https://localhost:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://localhost:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://localhost:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://localhost:9980/hosting/discovery
# Capabilities
ProxyPass /hosting/capabilities https://localhost:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities https://localhost:9980/hosting/capabilities
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://localhost:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://localhost:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://localhost:9980/lool
ProxyPassReverse /lool https://localhost:9980/lool
# Endpoint with information about availability of various features
ProxyPass /hosting/capabilities https://localhost:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities https://localhost:9980/hosting/capabilities
SSLEngine on
SSLCertificateFile /var/lib/dehydrated/certs/<FULL-QUALIFIED-SITE-NAME>/fullchain.pem
SSLCertificateKeyFile /var/lib/dehydrated/certs/<FULL-QUALIFIED-SITE-NAME>/privkey.pem
CustomLog /var/log/apache2/ip_requests.log base_requests
CustomLog /var/log/apache2/<FULL-QUALIFIED-SITE-NAME>.log combined
ErrorLog /var/log/apache2/<FULL-QUALIFIED-SITE-NAME>-error.log
</VirtualHost>

191
FILES/Nginx/full-qualified-site-name.conf Normal file
View File

@ -0,0 +1,191 @@
# --- <FULL-QUALIFIED-SITE-NAME>
# ---
# see: https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
# ---
upstream php-handler {
server unix:/tmp/php-7.4-fpm.www.sock;
}
server {
listen 80;
listen [::]:80;
server_name <FULL-QUALIFIED-SITE-NAME>;
# Enforce HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name <FULL-QUALIFIED-SITE-NAME>;
# Include location directive for Let's Encrypt ACME Challenge
#
# Needed for (automated) updating certificate
#
include snippets/letsencrypt-acme-challenge.conf;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
ssl_certificate /var/lib/dehydrated/certs/<FULL-QUALIFIED-SITE-NAME>/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/<FULL-QUALIFIED-SITE-NAME>/privkey.pem;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
#
# To generate a dhparam.pem file, run in a terminal
# openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048
#
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Eable session resumption to improve https performance
ssl_session_cache shared:MozSSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE
# omit SSLv3 because of POODLE
# omit TLSv1 TLSv1.1
ssl_protocols TLSv1.2 TLSv1.3;
# ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES)
# Everything better than SHA1 (deprecated)
#
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/<FULL-QUALIFIED-SITE-NAME>/htdocs;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The following 6 rules are borrowed from `.htaccess`
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
# Anything else is dynamically handled by Nextcloud
location ^~ /.well-known { return 301 /index.php$uri; }
try_files $uri $uri/ =404;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}

11
conf/install_nextcloud.conf.sample
View File

@ -28,6 +28,17 @@
#WEB_DIRS_ROOT="/var/www" #WEB_DIRS_ROOT="/var/www"
# - WEBSERVER_SOFTWARE
# -
# - Installed Webserver Software. Possoble values are:
# - - apache
# - - nginx
# -
# - Default: nginx
# -
#WEBSERVER_SOFTWARE="nginx"
# - Webservers user # - Webservers user
# - # -
# - The script wil determin the webservers user, so you don't need to # - The script wil determin the webservers user, so you don't need to

835
install_nextcloud.sh
View File

@ -254,6 +254,9 @@ DEFAULT_WEB_DIRS_ROOT="/var/www"
DEFAULT_PHP_ENGINE="FPM" DEFAULT_PHP_ENGINE="FPM"
DEFAULT_DATABASE_TYPE="mysql" DEFAULT_DATABASE_TYPE="mysql"
DEFAULT_DATABASE_HOST="localhost" DEFAULT_DATABASE_HOST="localhost"
DEFAULT_WEBSERVER_SOFTWARE="apache2"
DEFAULT_HTTP_USER="www-data"
DEFAULT_HTTP_GROUP="www-data"
if [[ -f "$conf_file" ]]; then if [[ -f "$conf_file" ]]; then
@ -275,6 +278,12 @@ fi
[[ -z "$SSL_CERT_GROUP" ]] && SSL_CERT_GROUP="$DEFAULT_SSL_CERT_GROUP" [[ -z "$SSL_CERT_GROUP" ]] && SSL_CERT_GROUP="$DEFAULT_SSL_CERT_GROUP"
if [[ -z "$WEBSERVER_SOFTWARE" ]] ; then
WEBSERVER_SOFTWARE="$DEFAULT_WEBSERVER_SOFTWARE"
elif [[ "$WEBSERVER_SOFTWARE" != "apache2" ]] && [[ "$WEBSERVER_SOFTWARE" != "nginx" ]] ; then
WEBSERVER_SOFTWARE="$DEFAULT_WEBSERVER_SOFTWARE"
fi
DEFAULT_IPV4="$(ip a | grep " inet " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)" DEFAULT_IPV4="$(ip a | grep " inet " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)"
DEFAULT_IPV6="$(ip a | grep " inet6 " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)" DEFAULT_IPV6="$(ip a | grep " inet6 " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)"
DEFAULT_IPV4_CO="$DEFAULT_IPV4" DEFAULT_IPV4_CO="$DEFAULT_IPV4"
@ -844,6 +853,52 @@ if $INSTALL_COLABORA_SERVICE ; then
fi fi
_WEBSERVER_SOFTWARE="$WEBSERVER_SOFTWARE"
WEBSERVER_SOFTWARE=""
_default_val=""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo " Which Webserver is installed?"
echo ""
echo ""
if [[ "$_WEBSERVER_SOFTWARE" = "apache2" ]] ; then
echo -e " \033[37m\033[1m[1] Apache2\033[m"
echo " [2] Nginx"
_default_val="apache2"
else
echo " [1] Apache2"
echo -e " \033[37m\033[1m[2] Nginx\033[m"
_default_val="nginx"
fi
echo ""
echononl "Choose a number or press <RETURN> for highlighted value: "
while [[ "$WEBSERVER_SOFTWARE" != "apache2" && "$WEBSERVER_SOFTWARE" != "nginx" ]] ; do
read OPTION
case $OPTION in
1) WEBSERVER_SOFTWARE="apache2"
;;
2) WEBSERVER_SOFTWARE="nginx"
;;
'') WEBSERVER_SOFTWARE="$_default_val"
;;
*) WEBSERVER_SOFTWARE=""
echo ""
echo -e "\tWrong entry! [ 1 = Apache2 ; 2 = Nginx ] or type <RETURN>"
echo ""
echononl " Reentry: "
;;
esac
done
apache2_installed=false
nginx_installed=false
if [[ "$WEBSERVER_SOFTWARE" = "apache2" ]] ; then
apache2_installed=true
else
nginx_installed=true
fi
# ---------- # ----------
# Some checks # Some checks
# ---------- # ----------
@ -863,6 +918,7 @@ else
fi fi
fi fi
if $apache2_installed ; then
# - Determin user/group of the webserver # - Determin user/group of the webserver
# - # -
httpd_binary="$(which httpd)" httpd_binary="$(which httpd)"
@ -931,6 +987,15 @@ if [[ ! -d "${_apache_base_dir_realpath}/conf/vhosts" ]] ; then
else else
apache_vhost_dir="${_apache_base_dir_realpath}/conf/vhosts" apache_vhost_dir="${_apache_base_dir_realpath}/conf/vhosts"
fi fi
else
#if [[ -z "$(which nginx)" ]] ; then
# fatal "Nginx service binary not found"
#fi
[[ -z "$HTTP_USER" ]] && HTTP_USER="$DEFAULT_HTTP_USER"
[[ -z "$HTTP_GROUP" ]] && HTTP_GROUP="$DEFAULT_HTTP_GROUP"
nginx_vhost_dir="/etc/nginx/sites-available"
nginx_vhost_enabled_dir="/etc/nginx/sites-enabled"
fi
DATA_DIR=${WEB_BASE_DIR}/data-${VERSION} DATA_DIR=${WEB_BASE_DIR}/data-${VERSION}
@ -958,6 +1023,16 @@ echo " Web base directory...................: $WEB_BASE_DIR"
echo "" echo ""
echo " Source directory for source archiv...: $SRC_BASE_DIR" echo " Source directory for source archiv...: $SRC_BASE_DIR"
echo "" echo ""
if $apache2_installed ; then
echo " Webserver Type.......................: Apache2"
echo " Apache Vhost Directory...............: $apache_vhost_dir"
elif $nginx_installed ; then
echo " Webserver Type.......................: Nginx"
echo " Nginx VHost directory................: $nginx_vhost_dir"
else
fatal "Webserver Type (apache2 or nginx) not given"
fi
echo " Webserver user.......................: $HTTP_USER" echo " Webserver user.......................: $HTTP_USER"
echo " Webserver group......................: $HTTP_GROUP" echo " Webserver group......................: $HTTP_GROUP"
echo "" echo ""
@ -1039,6 +1114,13 @@ echo "# -" >> $log_file
echo "# - Web base directory...................: $WEB_BASE_DIR" >> $log_file echo "# - Web base directory...................: $WEB_BASE_DIR" >> $log_file
echo "# -" >> $log_file echo "# -" >> $log_file
echo "# - Source directory for source archiv...: $SRC_BASE_DIR" >> $log_file echo "# - Source directory for source archiv...: $SRC_BASE_DIR" >> $log_file
if $apache2_installed ; then
echo "# - Webserver Type.......................: Apache2" >> $log_file
echo " # -Apache Vhost Directory...............: $apache_vhost_dir" >> $log_file
elif $nginx_installed ; then
echo "# - Webserver Type.......................: Nginx" >> $log_file
echo "# - Nginx VHost directory................: $nginx_vhost_dir" >> $log_file
fi
echo "# -" >> $log_file echo "# -" >> $log_file
echo "# - Webserver user.......................: $HTTP_USER" >> $log_file echo "# - Webserver user.......................: $HTTP_USER" >> $log_file
echo "# - Webserver group......................: $HTTP_GROUP" >> $log_file echo "# - Webserver group......................: $HTTP_GROUP" >> $log_file
@ -1075,6 +1157,11 @@ echo "WEB_BASE_DIR=$WEB_BASE_DIR" >> $log_file
echo "IPV4=$IPV4" >> $log_file echo "IPV4=$IPV4" >> $log_file
echo "IPV6=$IPV6" >> $log_file echo "IPV6=$IPV6" >> $log_file
echo "SRC_BASE_DIR=$SRC_BASE_DIR" >> $log_file echo "SRC_BASE_DIR=$SRC_BASE_DIR" >> $log_file
if $apache2_installed ; then
echo "apache_vhost_dir=$apache_vhost_dir"
elif $nginx_installed ; then
echo "nginx_vhost_dir=$nginx_vhost_dir"
fi
echo "HTTP_USER=$HTTP_USER" >> $log_file echo "HTTP_USER=$HTTP_USER" >> $log_file
echo "HTTP_GROUP=$HTTP_GROUP" >> $log_file echo "HTTP_GROUP=$HTTP_GROUP" >> $log_file
echo "PHP_VERSION=$PHP_VERSION" >> $log_file echo "PHP_VERSION=$PHP_VERSION" >> $log_file
@ -1618,6 +1705,8 @@ EOF
blank_line blank_line
if $apache2_installed ; then
# - Create Apache2 vhost configuration for ColaboraOnline service # - Create Apache2 vhost configuration for ColaboraOnline service
# - # -
if [[ -e "/var/lib/dehydrated/certs/${HOSTNAME_CO}/fullchain.pem" ]]; then if [[ -e "/var/lib/dehydrated/certs/${HOSTNAME_CO}/fullchain.pem" ]]; then
@ -1782,6 +1871,9 @@ EOF
COLABORA_SERVICE_INSTALLED=true COLABORA_SERVICE_INSTALLED=true
fi fi
else
warn "ColaboraOnline for webserver 'Nginx' not yet implemented"
fi # if $apache2_installed
fi fi
@ -1855,6 +1947,8 @@ else
fi fi
if $apache2_installed ; then
# - Stop Apache Webserver # - Stop Apache Webserver
# - # -
echo "" >> $log_file echo "" >> $log_file
@ -1905,6 +1999,59 @@ else
fi fi
fi fi
elif $nginx_installed ; then
# - Stop Nginx Webserver
# -
echo "" >> $log_file
echo "# - Stop Nginx Webserver" >> $log_file
echo "# -" >> $log_file
echononl "Stop Nginx Webserver.."
if $systemd_supported ; then
echo "systemctl stop nginx" >> $log_file
systemctl stop nginx >> $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interupted by user"
fi
else
echo "/etc/init.d/nginx stop" >> $log_file
/etc/init.d/nginx stop >> $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interupted by user"
fi
fi
fi
# ----- # -----
# - Some checks # - Some checks
@ -3710,18 +3857,26 @@ fi
# ----- # -----
# - Configure apache2 for the new cloud system # - Configure apache2/nginx for the new cloud system
# ----- # -----
echo "" echo ""
echo "" echo ""
if $apache2_installed ; then
echo -e "\033[37m\033[1mConfigure apache2 for the new cloud system..\033[m" echo -e "\033[37m\033[1mConfigure apache2 for the new cloud system..\033[m"
elif $nginx_installed ; then
echo -e "\033[37m\033[1mConfigure nginx for the new cloud system..\033[m"
fi
echo "" echo ""
echo "" >> $log_file echo "" >> $log_file
echo "" >> $log_file echo "" >> $log_file
echo "# -----" >> $log_file echo "# -----" >> $log_file
if $apache2_installed ; then
echo "# - Configure apache2 for the new cloud system" >> $log_file echo "# - Configure apache2 for the new cloud system" >> $log_file
elif $nginx_installed ; then
echo "# - Configure nginx for the new cloud system" >> $log_file
fi
echo "# -----" >> $log_file echo "# -----" >> $log_file
@ -3735,8 +3890,41 @@ else
server_key="/usr/local/apache2/conf/server.key" server_key="/usr/local/apache2/conf/server.key"
fi fi
if $apache2_installed ; then
if [[ -d "$apache_vhost_dir" ]] ; then if [[ -d "$apache_vhost_dir" ]] ; then
# - Remove symlink for apache vhost file (if exists)
# -
if [[ -h "${apache_vhost_dir}/${WEBSITE}.conf" ]]; then
echo "" >> $log_file
echo "# - Remove existing Symlink '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file
echo "# -" >> $log_file
echononl "Remove existing Symlink '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file
echo "rm -f \"${apache_vhost_dir}/${WEBSITE}.conf\"" >> $log_file
rm -f "${apache_vhost_dir}/${WEBSITE}.conf" >> $log_file 2>&1
if [ "$?" = 0 ]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
fi # f [[ -h "${apache_vhost_dir}/${WEBSITE}.conf" ]]
# - Backup apache vhost file if exists # - Backup apache vhost file if exists
# - # -
if [[ -f "${apache_vhost_dir}/${WEBSITE}.conf.php-fpm" ]]; then if [[ -f "${apache_vhost_dir}/${WEBSITE}.conf.php-fpm" ]]; then
@ -3883,68 +4071,6 @@ EOF
fi fi
# - Remove symlink for apache vhost file (if exists)
# -
if [[ -h "${apache_vhost_dir}/${WEBSITE}.conf" ]]; then
echo "" >> $log_file
echo "# - Remove existing Symlink '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file
echo "# -" >> $log_file
echononl "Remove existing Symlink '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file
echo "rm -f \"${apache_vhost_dir}/${WEBSITE}.conf\"" >> $log_file
rm -f "${apache_vhost_dir}/${WEBSITE}.conf" >> $log_file 2>&1
if [ "$?" = 0 ]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
fi
# - Backup apache vhost file if exists
# -
if [[ -f "${apache_vhost_dir}/${WEBSITE}.conf" ]]; then
echo "" >> $log_file
echo "# - Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file
echo "# -" >> $log_file
echononl "Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file
echo "mv \"${apache_vhost_dir}/${WEBSITE}.conf\" \"${apache_vhost_dir}/${WEBSITE}.conf.$backup_date\"" >> $log_file
mv "${apache_vhost_dir}/${WEBSITE}.conf" "${apache_vhost_dir}/${WEBSITE}.conf.$backup_date" >> $log_file 2>&1
if [ "$?" = 0 ]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
fi
# - Symlimk Apache VHost file '${WEBSITE}.conf' --> '${WEBSITE}.conf.php-fpm' # - Symlimk Apache VHost file '${WEBSITE}.conf' --> '${WEBSITE}.conf.php-fpm'
# - # -
_symlink_src="${WEBSITE}.conf.php-fpm" _symlink_src="${WEBSITE}.conf.php-fpm"
@ -3971,7 +4097,6 @@ EOF
fi fi
else else
echo_failed
error "Cant find apache2's vhost directory!" error "Cant find apache2's vhost directory!"
echononl "continue anyway [yes/no]: " echononl "continue anyway [yes/no]: "
@ -3984,6 +4109,327 @@ else
[[ $OK = "yes" ]] || fatal "Interrupted ny user." [[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi fi
elif $nginx_installed ; then
if [[ -d "$nginx_vhost_dir" ]]; then
# - Remove symlink for nginx vhost file (if exists)
# -
if [[ -h "${nginx_vhost_enabled_dir}/${WEBSITE}.conf" ]]; then
echo "" >> $log_file
echo "# - Remove existing Symlink '${nginx_vhost_enabled_dir}/${WEBSITE}.conf'" >> $log_file
echo "# -" >> $log_file
echononl "Remove existing Symlink '${nginx_vhost_enabled_dir}/${WEBSITE}.conf'" >> $log_file
echo "rm -f \"${nginx_vhost_enabled_dir}/${WEBSITE}.conf\"" >> $log_file
rm -f "${nginx_vhost_enabled_dir}/${WEBSITE}.conf" >> $log_file 2>&1
if [ "$?" = 0 ]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
fi # f [[ -h "${nginx_vhost_dir}/${WEBSITE}.conf" ]]
# - Backup nginx vhost file if exists
# -
if [[ -f "${nginx_vhost_dir}/${WEBSITE}.conf" ]]; then
echo "" >> $log_file
echo "# - Backup existing file '${nginx_vhost_dir}/${WEBSITE}.conf'" >> $log_file
echo "# -" >> $log_file
echononl "Backup existing file '${nginx_vhost_dir}/${WEBSITE}.conf'" >> $log_file
echo "mv \"${nginx_vhost_dir}/${WEBSITE}.conf\" \"${nginx_vhost_dir}/${WEBSITE}.conf.$backup_date\"" >> $log_file
mv "${nginx_vhost_dir}/${WEBSITE}.conf" "${nginx_vhost_dir}/${WEBSITE}.conf.$backup_date" >> $log_file 2>&1
if [ "$?" = 0 ]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
fi
echo "" >> $log_file
echo "# - Create apache vhost entry for '$WEBSITE'" >> $log_file
echo "# -" >> $log_file
echononl "Create apache vhost entry for '$WEBSITE'"
cat<<EOF > "${nginx_vhost_dir}/${WEBSITE}.conf" 2>> $log_file
# --- $WEBSITE
# ---
# see: https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
# ---
upstream php-handler {
server unix:/tmp/php-${PHP_VERSION}-fpm.www.sock;
}
server {
listen 80;
listen [::]:80;
server_name $WEBSITE;
# Enforce HTTPS
return 301 https://\$server_name\$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${WEBSITE};
# Include location directive for Let's Encrypt ACME Challenge
#
# Needed for (automated) updating certificate
#
include snippets/letsencrypt-acme-challenge.conf;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
ssl_certificate /var/lib/dehydrated/certs/${WEBSITE}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/${WEBSITE}/privkey.pem;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
#
# To generate a dhparam.pem file, run in a terminal
# openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 2048
#
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Eable session resumption to improve https performance
ssl_session_cache shared:MozSSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE
# omit SSLv3 because of POODLE
# omit TLSv1 TLSv1.1
ssl_protocols TLSv1.2 TLSv1.3;
# ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES)
# Everything better than SHA1 (deprecated)
#
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the \`ngx_pagespeed\` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud \`.htaccess\`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/${WEBSITE}/htdocs;
# Specify how to handle directories -- specifying \`/index.php\$request_uri\`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# \`/updater\`, \`/ocm-provider\`, \`/ocs-provider\`), and thus
# \`try_files \$uri \$uri/ /index.php\$request_uri\`
# always provides the desired behaviour.
index index.php index.html /index.php\$request_uri;
# Rule borrowed from \`.htaccess\` to handle Microsoft DAV clients
location = / {
if ( \$http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/\$is_args\$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for \`/.well-known\` so that clients can still
# access it despite the existence of the regex rule
# \`location ~ /(\\.|autotest|...)\` which would otherwise handle requests
# for \`/.well-known\`.
location ^~ /.well-known {
# The following 6 rules are borrowed from \`.htaccess\`
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
# Anything else is dynamically handled by Nextcloud
location ^~ /.well-known { return 301 /index.php\$uri; }
try_files \$uri \$uri/ =404;
}
# Rules borrowed from \`.htaccess\` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends \`/index.php\`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:\$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)\$;
set \$path_info \$fastcgi_path_info;
try_files \$fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_param PATH_INFO \$path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)\$ {
try_files \$uri /index.php\$request_uri;
expires 6M; # Cache-Control policy borrowed from \`.htaccess\`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?\$ {
try_files \$uri /index.php\$request_uri;
expires 7d; # Cache-Control policy borrowed from \`.htaccess\`
access_log off; # Optional: Don't log access to assets
}
location / {
try_files \$uri \$uri/ /index.php\$request_uri;
}
}
EOF
if [ "$?" = 0 ]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
# - Symlimk Nginx VHost file
# -
# - '${nginx_vhost_enabled_dir}/${WEBSITE}.conf' --> '${nginx_vhost_dir}/${WEBSITE}.conf'
# -
_symlink_src="${nginx_vhost_dir}/${WEBSITE}.conf"
_symlink_dst="${nginx_vhost_enabled_dir}/${WEBSITE}.conf"
echo "" >> $log_file
echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file
echo "# -" >> $log_file
echononl "Symlink '${_symlink_dst}' --> ${_symlink_src}"
ln -s "$_symlink_src" "$_symlink_dst" >> $log_file 2>&1
if [ "$?" = 0 ]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
else
error "Cant find nginx's vhost directory!"
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
fi # if $apache2_installed
@ -4272,6 +4718,110 @@ else
fi fi
# - Install and enable nextcloud app 'documentserver_community'
# -
#_app="documentserver_community"
#echo "" >> $log_file
#echo "# -" >> $log_file
#echo "# - Install nextcloud app '$_app'" >> $log_file
#echononl "Install nextcloud app '$_app'.."
#
#echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:install \"$_app\"" >> $log_file
#sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:install "$_app" >> $log_file 2>&1
#
#if [[ $? -eq 0 ]]; then
# echo_ok
#else
# echo_failed
# error "For more informations see log output at '$log_file'."
#
# echononl "continue anyway [yes/no]: "
# read OK
# OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
# while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
# echononl "Wrong entry! - repeat [yes/no]: "
# read OK
# done
# [[ $OK = "yes" ]] || fatal "Interrupted ny user."
#fi
#
#echo "" >> $log_file
#echo "# -" >> $log_file
#echo "# - Eanable nextcloud app '$_app'" >> $log_file
#echononl "Eanable nextcloud app '$_app'.."
#
#echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:enable \"$_app\"" >> $log_file
#sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:enable "$_app" >> $log_file 2>&1
#
#if [[ $? -eq 0 ]]; then
# echo_ok
#else
# echo_failed
# error "For more informations see log output: \"$log_file\"."
#
# echononl "continue anyway [yes/no]: "
# read OK
# OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
# while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
# echononl "Wrong entry! - repeat [yes/no]: "
# read OK
# done
# [[ $OK = "yes" ]] || fatal "Interrupted ny user."
#fi
# - Install and enable nextcloud app 'onlyoffice'
# -
#_app="onlyoffice"
#echo "" >> $log_file
#echo "# -" >> $log_file
#echo "# - Install nextcloud app '$_app'" >> $log_file
#echononl "Install nextcloud app '$_app'.."
#
#echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:install \"$_app\"" >> $log_file
#sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:install "$_app" >> $log_file 2>&1
#
#if [[ $? -eq 0 ]]; then
# echo_ok
#else
# echo_failed
# error "For more informations see log output at '$log_file'."
#
# echononl "continue anyway [yes/no]: "
# read OK
# OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
# while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
# echononl "Wrong entry! - repeat [yes/no]: "
# read OK
# done
# [[ $OK = "yes" ]] || fatal "Interrupted ny user."
#fi
#
#echo "" >> $log_file
#echo "# -" >> $log_file
#echo "# - Eanable nextcloud app '$_app'" >> $log_file
#echononl "Eanable nextcloud app '$_app'.."
#
#echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:enable \"$_app\"" >> $log_file
#sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:enable "$_app" >> $log_file 2>&1
#
#if [[ $? -eq 0 ]]; then
# echo_ok
#else
# echo_failed
# error "For more informations see log output: \"$log_file\"."
#
# echononl "continue anyway [yes/no]: "
# read OK
# OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
# while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
# echononl "Wrong entry! - repeat [yes/no]: "
# read OK
# done
# [[ $OK = "yes" ]] || fatal "Interrupted ny user."
#fi
blank_line blank_line
if $COLABORA_SERVICE_INSTALLED ; then if $COLABORA_SERVICE_INSTALLED ; then
@ -4358,54 +4908,54 @@ blank_line
# - Install and enable nextcloud app 'bruteforcesettings' # - Install and enable nextcloud app 'bruteforcesettings'
# - # -
_app="bruteforcesettings" #_app="bruteforcesettings"
echo "" >> $log_file #echo "" >> $log_file
echo "# -" >> $log_file #echo "# -" >> $log_file
echo "# - Install nextcloud app '$_app'" >> $log_file #echo "# - Install nextcloud app '$_app'" >> $log_file
echononl "Install nextcloud app '$_app'.." #echononl "Install nextcloud app '$_app'.."
#
echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:install \"$_app\"" >> $log_file #echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:install \"$_app\"" >> $log_file
sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:install "$_app" >> $log_file 2>&1 #sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:install "$_app" >> $log_file 2>&1
#
if [[ $? -eq 0 ]]; then #if [[ $? -eq 0 ]]; then
echo_ok # echo_ok
else #else
echo_failed # echo_failed
error "For more informations see log output at '$log_file'." # error "For more informations see log output at '$log_file'."
#
echononl "continue anyway [yes/no]: " # echononl "continue anyway [yes/no]: "
read OK # read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" # OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do # while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: " # echononl "Wrong entry! - repeat [yes/no]: "
read OK # read OK
done ## done
[[ $OK = "yes" ]] || fatal "Interrupted ny user." # [[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi fi##
#
echo "" >> $log_file #echo "" >> $log_file
echo "# -" >> $log_file #echo "# -" >> $log_file
echo "# - Eanable nextcloud app '$_app'" >> $log_file #echo "# - Eanable nextcloud app '$_app'" >> $log_file
echononl "Eanable nextcloud app '$_app'.." #echononl "Eanable nextcloud app '$_app'.."
#
echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:enable \"$_app\"" >> $log_file #echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:enable \"$_app\"" >> $log_file
sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:enable "$_app" >> $log_file 2>&1 #sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:enable "$_app" >> $log_file 2>&1
#
if [[ $? -eq 0 ]]; then #if [[ $? -eq 0 ]]; then
echo_ok # echo_ok
else #else
echo_failed # echo_failed
error "For more informations see log output at '$log_file'." # error "For more informations see log output at '$log_file'."
#
echononl "continue anyway [yes/no]: " # echononl "continue anyway [yes/no]: "
read OK # read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" # OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do # while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: " # echononl "Wrong entry! - repeat [yes/no]: "
read OK # read OK
done # done
[[ $OK = "yes" ]] || fatal "Interrupted ny user." # [[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi #fi
@ -4476,6 +5026,8 @@ else
echo_skipped echo_skipped
fi fi
if $apache2_installed ; then
# - Start Apache Webserver # - Start Apache Webserver
# - # -
echononl "Start Apache Webserver.." echononl "Start Apache Webserver.."
@ -4531,6 +5083,65 @@ else
warn "The webserver was not running, so it will be keept down!" warn "The webserver was not running, so it will be keept down!"
fi fi
elif $nginx_installed ; then
# - Start Nginx Webserver
# -
echononl "Start Nginx Webserver.."
if $IS_HTTPD_RUNNING ; then
echo "" >> $log_file
echo "# - Start Nginx Webserver" >> $log_file
echo "# -" >> $log_file
if $systemd_supported ; then
echo "systemctl start nginx" >> $log_file
systemctl start nginx >> $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
else
echo "/etc/init.d/nginx start" >> $log_file
/etc/init.d/nginx start >> $log_file 2>&1
if [[ $? -eq 0 ]]; then
echo_ok
else
echo_failed
error "For more informations see log output at '$log_file'."
echononl "continue anyway [yes/no]: "
read OK
OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')"
while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/no]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Interrupted ny user."
fi
fi
else
echo_skipped
warn "The webserver was not running, so it will be keept down!"
fi
fi #if $apache2_installed
# - Flush and restart redis service # - Flush and restart redis service
# - # -