#!/usr/bin/env bash script_name="$(basename $(realpath $0))" working_dir="$(dirname $(realpath $0))" conf_file="${working_dir}/conf/${script_name%%.*}.conf" declare -a unsorted_website_arr+ declare -a website_arr err_log="$(mktemp)" backup_date=$(date +%Y-%m-%d-%H%M) # ============= # --- Some functions # ============= clean_up() { if [[ -f "$_backup_crontab_file" ]]; then echononl "(Re)Install previously saved crontab from '$_backup_crontab_file'.." if [[ -n "$log_file" ]] ; then echo "" >> $log_file echo "# - (Re)Install previously saved crontab from '$_backup_crontab_file'" >> $log_file echo "# -" >> $log_file echo "crontab $_backup_crontab_file" >> $log_file crontab $_backup_crontab_file >> $log_file 2>&1 else crontab $_backup_crontab_file >> $err_log 2>&1 fi if [[ $? -eq 0 ]]; then echo_ok else echo_failed if [[ -n "$log_file" ]] ; then error "For more informations see log output at '$log_file'." fi fi fi # Perform program exit housekeeping rm -f $err_log blank_line exit $1 } is_number() { return $(test ! -z "${1##*[!0-9]*}" > /dev/null 2>&1); # - also possible # - #[[ ! -z "${1##*[!0-9]*}" ]] && return 0 || return 1 #return $([[ ! -z "${1##*[!0-9]*}" ]]) } echononl(){ echo X\\c > /tmp/shprompt$$ if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then echo -e -n " $*\\c" 1>&2 else echo -e -n " $*" 1>&2 fi rm /tmp/shprompt$$ } echo_done() { if $terminal ; then echo -e "\033[80G[ \033[32mdone\033[m ]" else echo " [ done ]" fi } echo_ok() { if $terminal ; then echo -e "\033[80G[ \033[32mok\033[m ]" else echo " [ ok ]" fi } echo_warning() { if $terminal ; then echo -e "\033[80G[ \033[33m\033[1mwarn\033[m ]" else echo " [ warning ]" fi } echo_failed(){ if $terminal ; then echo -e "\033[80G[ \033[1;31mfailed\033[m ]" else echo ' [ failed! ]' fi } echo_skipped() { if $terminal ; then echo -e "\033[80G[ \033[37mskipped\033[m ]" else echo " [ skipped ]" fi } fatal (){ echo "" echo "" if $terminal ; then echo -e " [ \033[31m\033[1mFatal\033[m ]: $*" echo "" echo -e " \033[31m\033[1m Script will be interrupted..\033[m\033[m" else echo "fatal: $*" echo "Script will be interrupted.." fi clean_up 1 } error(){ echo "" if $terminal ; then echo -e " [ \033[31m\033[1mFehler\033[m ]: $*" else echo "Error: $*" fi echo "" } warn (){ echo "" if $terminal ; then echo -e " [ \033[33m\033[1mWarning\033[m ]: $*" else echo "Warning: $*" fi echo "" } info (){ echo "" if $terminal ; then echo -e " [ \033[32m\033[1mInfo\033[m ]: $*" else echo "Info: $*" fi echo "" } detect_os_1 () { if $(which lsb_release > /dev/null 2>&1) ; then os_dist="$(lsb_release -i | awk '{print tolower($3)}')" os_version="$(lsb_release -r | awk '{print tolower($2)}')" os_codename="$(lsb_release -c | awk '{print tolower($2)}')" if [[ "$os_dist" = "debian" ]]; then if $(echo "$os_version" | grep -q '\.') ; then os_version=$(echo "$os_version" | cut --delimiter='.' -f1) fi fi elif [[ -e "/etc/os-release" ]]; then . /etc/os-release os_dist=$ID os_version=${VERSION_ID} fi # remove whitespace from os_dist and os_version os_dist="${os_dist// /}" os_version="${os_version// /}" } # - Check if a given array (parameter 2) contains a given string (parameter 1) # - containsElement () { local e for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done return 1 } trim() { local var="$*" var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters echo -n "$var" } blank_line() { if $terminal ; then echo "" fi } # ---------- # - Jobhandling # ---------- # - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM # - trap clean_up SIGHUP SIGINT SIGTERM # ---------- # - Some checks .. # ---------- if [[ -n "$1" ]]; then DEFAULT_WEBSITE="$1" if [[ -n "$2" ]]; then DEFAULT_VERSION="$2" fi fi # - Running in a terminal? # - if [[ -t 1 ]] ; then terminal=true else terminal=false fi # -Is systemd supported on this system? # - systemd_supported=false systemd=$(which systemd) systemctl=$(which systemctl) if [[ -n "$systemd" ]] && [[ -n "$systemctl" ]] ; then systemd_supported=true fi clear # ---------- # Read Configurations from $conf_file # ---------- # - Give your default values here # - DEFAULT_SSL_CERT_GROUP="$(stat -c "%G" /etc/ssl/private/ssl-cert-snakeoil.key)" DEFAULT_SRC_BASE_DIR="$working_dir" DEFAULT_ADMIN_USER="admin" DEFAULT_WEB_DIRS_ROOT="/var/www" DEFAULT_PHP_ENGINE="FPM" DEFAULT_DATABASE_TYPE="mysql" DEFAULT_DATABASE_HOST="localhost" DEFAULT_WEBSERVER_SOFTWARE="apache2" DEFAULT_HTTP_USER="www-data" DEFAULT_HTTP_GROUP="www-data" if [[ -f "$conf_file" ]]; then source "$conf_file" else warn "No configuration file '$conf_file' present.\n\n Loading default values.." fi [[ -z "$SRC_BASE_DIR" ]] && SRC_BASE_DIR="$DEFAULT_SRC_BASE_DIR" [[ -z "$WEB_DIRS_ROOT" ]] && WEB_DIRS_ROOT=$DEFAULT_WEB_DIRS_ROOT [[ -z "$PHP_ENGINE" ]] && PHP_ENGINE="$DEFAULT_PHP_ENGINE" [[ -z "$DATABASE_TYPE" ]] && DATABASE_TYPE="$DEFAULT_DATABASE_TYPE" [[ -z "$DATABASE_HOST" ]] && DATABASE_HOST="$DEFAULT_DATABASE_HOST" [[ -z "$ADMIN_USER" ]] && ADMIN_USER="$DEFAULT_ADMIN_USER" [[ -z "$SSL_CERT_GROUP" ]] && SSL_CERT_GROUP="$DEFAULT_SSL_CERT_GROUP" if [[ -z "$WEBSERVER_SOFTWARE" ]] ; then WEBSERVER_SOFTWARE="$DEFAULT_WEBSERVER_SOFTWARE" elif [[ "$WEBSERVER_SOFTWARE" != "apache2" ]] && [[ "$WEBSERVER_SOFTWARE" != "nginx" ]] ; then WEBSERVER_SOFTWARE="$DEFAULT_WEBSERVER_SOFTWARE" fi DEFAULT_IPV4="$(ip a | grep " inet " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)" DEFAULT_IPV6="$(ip a | grep " inet6 " | grep "scope global" | awk '{print$2}' | cut -d'/' -f1 | head -1 2> /dev/null)" DEFAULT_IPV4_CO="$DEFAULT_IPV4" DEFAULT_IPV6_CO="$DEFAULT_IPV6" # ========== # - Begin Main Script # ========== # ---------- # - Headline # ---------- if $terminal ; then echo "" echo -e "\033[1m----------\033[m" echo -e "\033[32m\033[1mRunning script \033[m\033[1m$script_name\033[32m .. \033[m" echo -e "\033[1m----------\033[m" fi echo "" echo " Insert the name of the website containing the nextcloud instance .." echo "" if [[ -n "$WEBSITE" ]] ;then DEFAULT_WEBSITE="$WEBSITE" fi WEBSITE= if [[ -n "$DEFAULT_WEBSITE" ]]; then echononl "\033[1mWebsite Name [${DEFAULT_WEBSITE}]:\033[m " read WEBSITE if [[ "X$WEBSITE" = "X" ]]; then WEBSITE="$DEFAULT_WEBSITE" fi else echononl "\033[1mWebsite Name:\033[m " read WEBSITE while [[ "X$WEBSITE" = "X" ]]; do echo -e "\n \033[33m\033[1mName of website is required!\033[m\n" echononl "\033[1mWebsite Name:\033[m " read WEBSITE done fi DEFAULT_WEB_BASE_DIR="${WEB_DIRS_ROOT}/$WEBSITE" if [[ ! -d "${WEB_DIRS_ROOT}/$WEBSITE" ]] ; then echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert Website Base Directory." echo "" echo "" if [[ -n "$DEFAULT_WEB_BASE_DIR" ]] ; then echononl "\033[1mWebsite Base Directory [$DEFAULT_WEB_BASE_DIR]:\033[m " read WEB_BASE_DIR if [[ "X$WEB_BASE_DIR" = "X" ]]; then WEB_BASE_DIR="$DEFAULT_WEB_BASE_DIR" fi else WEB_BASE_DIR= echononl "\033[1mWebsite Base Directory:\033[m " read WEB_BASE_DIR while [[ "X$WEB_BASE_DIR" = "X" ]] ; do echo -e "\n \033[33m\033[1mWebsites Base Directory is required!\033[m\n" echononl "\033[1mWebsites Base Directory:\033[m " read WEB_BASE_DIR done fi else WEB_BASE_DIR="${WEB_DIRS_ROOT}/$WEBSITE" fi # - IPv4/IPv6 Address for nextclud service # - if [[ -n "$(dig +short "$WEBSITE" A)" ]]; then DEFAULT_IPV4="$(dig +short "$WEBSITE" A)" fi if [[ -n "$(dig +short "$WEBSITE" AAAA)" ]]; then DEFAULT_IPV6="$(dig +short "$WEBSITE" AAAA)" fi echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert IPv4 address for Nextcloud Service.." echo "" echo "" if [[ -n "$DEFAULT_IPV4" ]]; then echononl "IPv4 address Nextcloud Service [${DEFAULT_IPV4}]: " read IPV4 if [[ "X${IPV4}" = "X" ]]; then IPV4=$DEFAULT_IPV4 fi else echononl "IPv4 address Nextcloud Service: " read IPV4 while [[ "X$IPV4" = "X" ]] ; do echo -e "\n \033[33m\033[1mIPv4 address Nextcloud Service is required!\033[m\n" echononl "\033[1mIPv4 address Nextcloud Service:\033[m " read IPV4 done fi echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert IPv6 address for Nextcloud Service.." echo "" echo "" if [[ -n "$DEFAULT_IPV6" ]]; then echononl "IPv6 address Nextcloud Service [${DEFAULT_IPV6}]: " read IPV6 if [[ "X${IPV6}" = "X" ]]; then IPV6=$DEFAULT_IPV6 fi else echononl "IPv6 address Nextcloud Service: " read IPV6 while [[ "X$IPV6" = "X" ]] ; do echo -e "\n \033[33m\033[1mIPv6 address Nextcloud Service is required!\033[m\n" echononl "\033[1mIPv6 address Nextcloud Service:\033[m " read IPV6 done fi #if [[ ! -d "${WEB_BASE_DIR}" ]]; then # fatal "Website '$WEBSITE' seems not to be existent at this server.\n\n \033[37m\033[1mCreate Website first!\033[m" #fi echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert (new) Nextcloud version number." echo "" echo "" if [[ -n "$VERSION" ]] ;then DEFAULT_VERSION="$VERSION" fi VERSION= if [[ -n "$DEFAULT_VERSION" ]]; then echononl "\033[1mNextcloud version number [${DEFAULT_VERSION}]:\033[m " read VERSION if [[ "X$VERSION" = "X" ]]; then VERSION="$DEFAULT_VERSION" fi else echononl "\033[1mNextcloud version number:\033[m " read VERSION while [[ "X$VERSION" = "X" ]]; do echo -e "\n \033[33m\033[1mNextcloud version number is required!\033[m\n" echononl "\033[1mNextcloud version number:\033[m " read VERSION done fi log_dir="${SRC_BASE_DIR}/log_nextcloud-${VERSION}" echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert admin username for the new Nextcloud installation." echo "" echo "" if [[ -n "$ADMIN_USER" ]] ;then DEFAULT_ADMIN_USER="$ADMIN_USER" fi ADMIN_USER= if [[ -n "$DEFAULT_ADMIN_USER" ]]; then echononl "\033[1mAdmin user name [${DEFAULT_ADMIN_USER}]:\033[m " read ADMIN_USER if [[ "X$ADMIN_USER" = "X" ]]; then ADMIN_USER="$DEFAULT_ADMIN_USER" fi else echononl "\033[1mAdmin user name:\033[m " read ADMIN_USER while [[ "X$ADMIN_USER" = "X" ]]; do echo -e "\n \033[33m\033[1mAdmin user name is required!\033[m\n" echononl "\033[1mAdmin user name:\033[m " read ADMIN_USER done fi echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert Password for admin user." echo "" echo "" _ADMIN_PASSWD_1="X" _ADMIN_PASSWD_2="Y" while [[ "$_ADMIN_PASSWD_1" != "$_ADMIN_PASSWD_2" ]] ; do echononl "\033[1mPassword for admin user:\033[m " read -s _ADMIN_PASSWD_1 blank_line if [[ "X$_ADMIN_PASSWD_1" = "X" ]]; then echo -e "\n \033[33m\033[1mPassword for admin user is required!\033[m\n" continue fi echononl "\033[1mRepeat password:\033[m " read -s _ADMIN_PASSWD_2 if [[ "$_ADMIN_PASSWD_1" != "$_ADMIN_PASSWD_2" ]]; then echo -e "\n\n \033[33m\033[1mPasswords did not match!\033[m\n" else ADMIN_PASS="$_ADMIN_PASSWD_1" fi done echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert Type of PHP engine." echo "" echo "" PHP_ENGINE= echononl "\033[1mPHP engine [$DEFAULT_PHP_ENGINE]:\033[m " read PHP_ENGINE if [[ "X$PHP_ENGINE" = "X" ]]; then PHP_ENGINE="$DEFAULT_PHP_ENGINE" fi echononl "Determin main PHP Version.." _php_version="$(php --version 2> /dev/null | head -1 | awk '{print$2}')" if [[ -n "$_php_version" ]] ; then DEFAULT_PHP_VERSION="$(echo $_php_version | cut -d '.' -f1,2)" if [[ -n "$DEFAULT_PHP_VERSION" ]]; then echo_ok else echo_failed fi else echo_failed fi if [[ "$PHP_ENGINE" = "FPM" ]] ; then echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert PHP (Main) Version." echo "" echo " Examples: 7.2 or 7.3" echo "" PHP_VERSION= if [[ -n "$DEFAULT_PHP_VERSION" ]] ;then echononl "\033[1mPHP Version [${DEFAULT_PHP_VERSION}]:\033[m " read PHP_VERSION if [[ -z "$(trim $PHP_VERSION)" ]]; then PHP_VERSION="$DEFAULT_PHP_VERSION" fi else echononl "\033[1mPHP Version:\033[m " read PHP_VERSION while [[ "X$PHP_VERSION" = "X" ]] ; do echo -e "\n \033[33m\033[1mPHP version number is required!\033[m\n" echononl "\033[1mPHP Version:\033[m " read PHP_VERSION done fi fi if [[ ! -d "/usr/local/php-$PHP_VERSION" ]]; then fatal "No Installation of PHP Version $PHP_VERSION found..\n\n \033[37m\033[1mInstall PHP version $PHP_VERSION first!\033[m" fi echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert Database type (mysql or postgres)." echo "" echo "" DATABASE_TYPE= echononl "\033[1mDatabase Type [${DEFAULT_DATABASE_TYPE}]:\033[m " read DATABASE_TYPE if [[ "X$DATABASE_TYPE" = "X" ]]; then DATABASE_TYPE="$DEFAULT_DATABASE_TYPE" fi echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert Database name." echo "" echo "" if [[ -n "$DATABASE_NAME" ]] ;then DEFAULT_DATABASE_NAME="$DATABASE_NAME" fi DATABASE_NAME= if [[ -n "$DEFAULT_DATABASE_NAME" ]]; then echononl "\033[1mDatabase Name [${DEFAULT_DATABASE_NAME}]:\033[m " read DATABASE_NAME if [[ "X$DATABASE_NAME" = "X" ]]; then DATABASE_NAME="$DEFAULT_DATABASE_NAME" fi else echononl "\033[1mDatabase Name:\033[m " read DATABASE_NAME while [[ "X$DATABASE_NAME" = "X" ]]; do echo -e "\n \033[33m\033[1mDatabase Name is required!\033[m\n" echononl "\033[1mDatabase Name:\033[m " read DATABASE_NAME done fi echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert Database host." echo "" echo "" DATABASE_HOST= echononl "\033[1mDatabase Host [${DEFAULT_DATABASE_HOST}]\033[m " read DATABASE_HOST if [[ "X$DATABASE_HOST" = "X" ]]; then DATABASE_HOST="$DEFAULT_DATABASE_HOST" fi echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert Database user." echo "" echo "" if [[ -n "$DATABASE_USER" ]] ;then DEFAULT_DATABASE_USER="$DATABASE_USER" fi DATABASE_USER= if [[ -n "$DEFAULT_DATABASE_USER" ]]; then echononl "\033[1mDatabase User [${DEFAULT_DATABASE_USER}]:\033[m " read DATABASE_USER if [[ "X$DATABASE_USER" = "X" ]]; then DATABASE_USER="$DEFAULT_DATABASE_USER" fi else echononl "\033[1mDatabase User:\033[m " read DATABASE_USER while [[ "X$DATABASE_USER" = "X" ]]; do echo -e "\n \033[33m\033[1mDatabase User is required!\033[m\n" echononl "\033[1mDatabase User:\033[m " read DATABASE_USER done fi echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert Database password." echo "" echo "" if [[ -n "$DATABASE_PASS" ]] ;then DEFAULT_DATABASE_PASS="$DATABASE_PASS" fi DATABASE_PASS= if [[ -n "$DEFAULT_DATABASE_PASS" ]]; then echononl "\033[1mDatabase Password [${DEFAULT_DATABASE_PASS}]:\033[m " read DATABASE_PASS if [[ "X$DATABASE_PASS" = "X" ]]; then DATABASE_PASS="$DEFAULT_DATABASE_PASS" fi else echononl "\033[1mDatabase Password:\033[m " read DATABASE_PASS while [[ "X$DATABASE_PASS" = "X" ]]; do echo -e "\n \033[33m\033[1mDatabase Password is required!\033[m\n" echononl "\033[1mDatabase Password:\033[m " read DATABASE_PASS done fi # - Enable encryption module? # - ENABLE_ENCRYPTION=false echo "" echo -e " \033[32m--\033[m" echo "" echo " Should the encryption module be switched on?" echo "" echo "" echononl "Enable encryption [yes/no]: " read OK while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done if [[ ${OK,,} = "yes" ]] ; then ENABLE_ENCRYPTION=true else ENABLE_ENCRYPTION=false fi # - Install redis-service? # - INSTALL_REDIS_SERVICE=false REDIS_SERVICE_INSTALLED=false declare -a dpkg_pkg_redis=() check_package="redis-server" if ! $(dpkg -l "$check_package" 2> /devnull | grep -q -E "^ii\s+${check_package}\s+" 2>/dev/null) ; then echo "" echo -e " \033[32m--\033[m" echo "" echo " redis service seems not to be installed." echo "" echo "" echononl "Install redis service [yes/no]: " read OK while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done if [[ ${OK,,} = "yes" ]] ; then INSTALL_REDIS_SERVICE=true dpkg_pkg_redis+=("redis-server") dpkg_pkg_redis+=("redis-tools") else INSTALL_REDIS_SERVICE=false fi else REDIS_SERVICE_INSTALLED=true fi # - Install ColaboraOnline? # - INSTALL_COLABORA_SERVICE=false COLABORA_SERVICE_INSTALLED=false # - Detect Detect OS distribution and Version # - echo "" echo -e " \033[32m--\033[m" echo "" echononl "Detect OS distribution and Version" detect_os_1 > /dev/null 2>&1 if [[ $? -gt 0 ]] ; then echo_failed else echo_ok fi if [[ "${os_dist,,}" = "debian" ]] ; then declare -a dpkg_pkg_colabora_online=() check_package="coolwsd" if ! $(dpkg -l "$check_package" 2> /devnull | grep -q -E "^ii\s+${check_package}\s+" 2>/dev/null) ; then echo "" echo " ColaboraOnline service seems not to be installed." echo "" echo "" echononl "Install ColaboraOnline service [yes/no]: " read OK while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done if [[ ${OK,,} = "yes" ]] ; then INSTALL_COLABORA_SERVICE=true dpkg_pkg_colabora_online+=("coolwsd") dpkg_pkg_colabora_online+=("code-brand") dpkg_pkg_colabora_online+=("collaboraofficebasis-de") dpkg_pkg_colabora_online+=("apparmor") else INSTALL_COLABORA_SERVICE=false fi else COLABORA_SERVICE_INSTALLED=true fi fi # - More information is needed if ColaboraOnline service is to be installed # - if $INSTALL_COLABORA_SERVICE || $COLABORA_SERVICE_INSTALLED ; then echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert hostname for ColaboraOnline Service.." echo "" echo "" HOSTNAME_CO= echononl "\033[1mHostname for ColaboraOnline Service:\033[m " read HOSTNAME_CO while [[ "X$HOSTNAME_CO" = "X" ]] ; do echo -e "\n \033[33m\033[1mHostname for ColaboraOnline Service is required!\033[m\n" echononl "\033[1mHostname for ColaboraOnline Service:\033[m " read HOSTNAME_CO done WOPI_URL="https://$HOSTNAME_CO" fi if $INSTALL_COLABORA_SERVICE ; then if [[ -n "$(dig +short "$HOSTNAME_CO" A)" ]]; then DEFAULT_IPV4_CO="$(dig +short "$HOSTNAME_CO" A)" fi if [[ -n "$(dig +short "$HOSTNAME_CO" AAAA)" ]]; then DEFAULT_IPV6_CO="$(dig +short "$HOSTNAME_CO" AAAA)" fi echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert IPv4 address for ColaboraOnline Service.." echo "" echo "" if [[ -n "$DEFAULT_IPV4_CO" ]]; then echononl "IPv4 address ColaboraOnline Service [${DEFAULT_IPV4_CO}]: " read IPV4_CO if [[ "X${IPV4_CO}" = "X" ]]; then IPV4_CO=$DEFAULT_IPV4_CO fi else echononl "IPv4 address ColaboraOnline Service: " read IPV4_CO while [[ "X$IPV4_CO" = "X" ]] ; do echo -e "\n \033[33m\033[1mIPv4 address ColaboraOnline Service is required!\033[m\n" echononl "\033[1mIPv4 address ColaboraOnline Service:\033[m " read IPV4_CO done fi echo "" echo -e " \033[32m--\033[m" echo "" echo " Insert IPv6 address for ColaboraOnline Service.." echo "" echo "" if [[ -n "$DEFAULT_IPV6_CO" ]]; then echononl "IPv6 address ColaboraOnline Service [${DEFAULT_IPV6_CO}]: " read IPV6_CO if [[ "X${IPV6_CO}" = "X" ]]; then IPV6_CO=$DEFAULT_IPV6_CO fi else echononl "IPv6 address ColaboraOnline Service: " read IPV6_CO while [[ "X$IPV6_CO" = "X" ]] ; do echo -e "\n \033[33m\033[1mIPv6 address ColaboraOnline Service is required!\033[m\n" echononl "\033[1mIPv6 address ColaboraOnline Service:\033[m " read IPV6_CO done fi fi _WEBSERVER_SOFTWARE="$WEBSERVER_SOFTWARE" WEBSERVER_SOFTWARE="" _default_val="" echo "" echo -e "\033[32m--\033[m" echo "" echo " Which Webserver is installed?" echo "" echo "" if [[ "$_WEBSERVER_SOFTWARE" = "apache2" ]] ; then echo -e " \033[37m\033[1m[1] Apache2\033[m" echo " [2] Nginx" _default_val="apache2" else echo " [1] Apache2" echo -e " \033[37m\033[1m[2] Nginx\033[m" _default_val="nginx" fi echo "" echononl "Choose a number or press for highlighted value: " while [[ "$WEBSERVER_SOFTWARE" != "apache2" && "$WEBSERVER_SOFTWARE" != "nginx" ]] ; do read OPTION case $OPTION in 1) WEBSERVER_SOFTWARE="apache2" ;; 2) WEBSERVER_SOFTWARE="nginx" ;; '') WEBSERVER_SOFTWARE="$_default_val" ;; *) WEBSERVER_SOFTWARE="" echo "" echo -e "\tWrong entry! [ 1 = Apache2 ; 2 = Nginx ] or type " echo "" echononl " Reentry: " ;; esac done apache2_installed=false nginx_installed=false if [[ "$WEBSERVER_SOFTWARE" = "apache2" ]] ; then apache2_installed=true else nginx_installed=true fi # ---------- # Some checks # ---------- # - Determin PHP binary # - php_binary="$(realpath "$(which php)")" if [[ -z "$php_binary" ]]; then if [[ -x "/usr/local/php/bin/php" ]]; then php_binary="/usr/local/php/bin/php" else fatal "No PHP binary present" fi else if [[ ! -x "$php_binary" ]]; then fatal "Found PHP binary '$php_binary', but this file is not executable!" fi fi if $apache2_installed ; then # - Determin user/group of the webserver # - httpd_binary="$(which httpd)" if [ -z "$httpd_binary" ]; then httpd_binary="$(ps -axu | grep httpd | grep -e "^root" | grep -v grep | awk '{print$11}')" if [ -z "$httpd_binary" ]; then if [ -x "/usr/local/apache2/bin/httpd" ]; then httpd_binary="/usr/local/apache2/bin/httpd" fi fi fi if [ -x "$httpd_binary" ];then # - Determin websever user # - _HTTP_USER="`$httpd_binary -t -D DUMP_RUN_CFG | grep -i -e "^User" | awk '{print$2}' | cut -d\"=\" -f2 | tr -d '"'`" _HTTP_GROUP="`$httpd_binary -t -D DUMP_RUN_CFG | grep -i -e "^Group" | awk '{print$2}' | cut -d\"=\" -f2 | tr -d '"'`" # - Is webserver running ? # - PID=$(ps aux | grep "$(realpath $httpd_binary)" | grep -e "^root" | grep -v grep | awk '{print$2}') if [[ "X${PID}X" = "XX" ]] ;then IS_HTTPD_RUNNING=false else IS_HTTPD_RUNNING=true fi fi if [[ -n "$_HTTP_USER" ]] ; then if [[ -n "$HTTP_USER" ]] && [[ "$_HTTP_USER" != "$HTTP_USER" ]]; then warn "The script has determined \033[1;37m${_HTTP_USER}\033[m as Webservers user. This\n value differs from the value given in your configuration file, \n which is \033[1;37m${HTTP_USER}\033[m and takes precedence." else HTTP_USER=$_HTTP_USER fi else [[ -n "$HTTP_USER" ]] || HTTP_USER=$DEFAULT_HTTP_USER fi if [[ -n "$_HTTP_GROUP" ]] ; then if [[ -n "$HTTP_GROUP" ]] && [[ "$_HTTP_GROUP" != "$HTTP_GROUP" ]]; then warn "The script has determined \033[1;37m${_HTTP_GROUP}\033[m as Webservers group. This\n value differs from the value given in your configuration file, \n which is \033[1;37m${HTTP_GROUP}\033[m and takes precedence." else HTTP_GROUP=$_HTTP_GROUP fi else [[ -n "$HTTP_GROUP" ]] || HTTP_GROUP=$DEFAULT_HTTP_GROUP fi # - Determin ServerRoot Directory # - apache_base_dir=`$_httpd_binary -t -D DUMP_RUN_CFG | grep ServerRoot | awk '{print$2}' | tr -d '"'` if [ "`realpath /usr/local/apache2`" = "$apache_base_dir" ]; then apache_base_dir="/usr/local/apache2" _apache_base_dir_realpath="`realpath $apache_base_dir`" elif [ -z "$apache_base_dir" ]; then if [ -d "`realpath /usr/local/apache2`" ];then apache_base_dir="/usr/local/apache2" _apache_base_dir_realpath="`realpath $apache_base_dir`" fi else _apache_base_dir_realpath=$apache_base_dir fi if [[ ! -d "${_apache_base_dir_realpath}/conf/vhosts" ]] ; then warn "No Apache VHost directory found." apache_vhost_dir="" else apache_vhost_dir="${_apache_base_dir_realpath}/conf/vhosts" fi else #if [[ -z "$(which nginx)" ]] ; then # fatal "Nginx service binary not found" #fi [[ -z "$HTTP_USER" ]] && HTTP_USER="$DEFAULT_HTTP_USER" [[ -z "$HTTP_GROUP" ]] && HTTP_GROUP="$DEFAULT_HTTP_GROUP" nginx_vhost_dir="/etc/nginx/sites-available" nginx_vhost_enabled_dir="/etc/nginx/sites-enabled" fi DATA_DIR=${WEB_BASE_DIR}/data INSTALL_DIR=${WEB_BASE_DIR}/nextcloud-${VERSION} echo "" echo "" echo -e "\033[32m--\033[m" echo -e "\033[1;32mStarting Nextcloud Installation for \033[1;37m${WEBSITE}\033[m" echo -e "\033[32m--\033[m" echo "" echo " Nextcloud verion.....................: $VERSION" echo " Nextcloud installation directory.....: $INSTALL_DIR" echo " Nextcloud data directory.............: $DATA_DIR" echo "" echo " Eenable Encryption...................: \033[33m${ENABLE_ENCRYPTION}\033[m" echo "" echo " Admin user name......................: $ADMIN_USER" echo " Passord for admin user...............: $ADMIN_PASS" echo "" echo " Website..............................: $WEBSITE" echo " IPv4 Address Nextcloud Service.......: $IPV4" echo " IPv6 Address Nextcloud Service.......: $IPV6" echo "" echo " Web base directory...................: $WEB_BASE_DIR" echo "" echo " Source directory for source archiv...: $SRC_BASE_DIR" echo "" if $apache2_installed ; then echo " Webserver Type.......................: Apache2" echo " Apache Vhost Directory...............: $apache_vhost_dir" elif $nginx_installed ; then echo " Webserver Type.......................: Nginx" echo " Nginx VHost directory................: $nginx_vhost_dir" else fatal "Webserver Type (apache2 or nginx) not given" fi echo " Webserver user.......................: $HTTP_USER" echo " Webserver group......................: $HTTP_GROUP" echo "" echo " PHP version..........................: $PHP_VERSION" echo " PHP Engine...........................: $PHP_ENGINE" echo "" echo " Databse name.........................: $DATABASE_NAME" echo " Database type........................: $DATABASE_TYPE" echo " Database user........................: $DATABASE_USER" echo " Database password....................: $DATABASE_PASS" echo "" echo -e " Install redis service?...............: \033[33m${INSTALL_REDIS_SERVICE}\033[m" echo -e " Install ColaboraOnline service.......: \033[33m${INSTALL_COLABORA_SERVICE}\033[m" if $INSTALL_COLABORA_SERVICE ; then echo " Hostname ColaboraOnline Service...: $HOSTNAME_CO" echo " IPv4 ColaboraOnline Service.......: $IPV4_CO" echo " IPv6 ColaboraOnline Service.......: $IPV6_CO" echo " Group of os installed certs.......: $SSL_CERT_GROUP" elif $COLABORA_SERVICE_INSTALLED ; then echo "" echo " Hostname ColaboraOnline Service......: $HOSTNAME_CO" fi echo "" echo "" echo "" echo -n " Type upper case 'YES' to continue executing with this parameters: " read OK if [[ "$OK" = "YES" ]] ; then echo "" echo "" echo -e "\033[1;32mGoing to install \033[1;37mNextcloud $VERSION\033[1;32m at \033[1;37m$(hostname -f)\033[m" echo "" else fatal "Abort by user request - Answer as not 'YES'" fi echo "" # - Create log directory" # - if [[ -d "${log_dir}" ]] ; then echononl "Backup existent log directory .." mv "${log_dir}" "${log_dir}.$backup_date" if [[ $? -eq 0 ]]; then echo_ok else echo_failed fatal "Cannot backup log directory '${log_dir}'!" fi fi echononl "Create log directory '${log_dir}' .." mkdir "${log_dir}" > /dev/null 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed fatal "Cannot create log directory '${log_dir}'!" fi log_file="${log_dir}/main.log" :> $log_file echo "# - Starte Nextcloud Installation mit folgenden Parametern:" >> ${log_dir}/main.log echo "# -" >> $log_file echo "# - Nextcloud verion.....................: $VERSION" >> $log_file echo "# - Nextcloud installation directory.....: $INSTALL_DIR" >> $log_file echo "# - Nextcloud data directory.............: $DATA_DIR" >> $log_file echo "# -" >> $log_file echo "# - Eenable Encryption...................: ${ENABLE_ENCRYPTION}" >> $log_file echo "# -" >> $log_file echo "# - Admin user name......................: $ADMIN_USER" >> $log_file echo "# - Passord for admin user...............: $ADMIN_PASS" >> $log_file echo "# -" >> $log_file echo "# - Website..............................: $WEBSITE" >> $log_file echo "# - IPv4 Address Nextcloud Service.......: $IPV4" >> $log_file echo "# - IPv6 Address Nextcloud Service.......: $IPV6" >> $log_file echo "# -" >> $log_file echo "# - Web base directory...................: $WEB_BASE_DIR" >> $log_file echo "# -" >> $log_file echo "# - Source directory for source archiv...: $SRC_BASE_DIR" >> $log_file if $apache2_installed ; then echo "# - Webserver Type.......................: Apache2" >> $log_file echo " # -Apache Vhost Directory...............: $apache_vhost_dir" >> $log_file elif $nginx_installed ; then echo "# - Webserver Type.......................: Nginx" >> $log_file echo "# - Nginx VHost directory................: $nginx_vhost_dir" >> $log_file fi echo "# -" >> $log_file echo "# - Webserver user.......................: $HTTP_USER" >> $log_file echo "# - Webserver group......................: $HTTP_GROUP" >> $log_file echo "# -" >> $log_file echo "# - PHP version..........................: $PHP_VERSION" >> $log_file echo "# - PHP Engine...........................: $PHP_ENGINE" >> $log_file echo "# -" >> $log_file echo "# - Databse name.........................: $DATABASE_NAME" >> $log_file echo "# - Database type........................: $DATABASE_TYPE" >> $log_file echo "# - Database user........................: $DATABASE_USER" >> $log_file echo "# - Database password....................: $DATABASE_PASS" >> $log_file echo "# -" >> $log_file echo "# - Install redis service?...............: $INSTALL_REDIS_SERVICE" >> $log_file echo "# - Install ColaboraOnline service.......: $INSTALL_COLABORA_SERVICE" >> $log_file if $INSTALL_COLABORA_SERVICE ; then echo "# - Hostname ColaboraOnline Service...: $HOSTNAME_CO" >> $log_file echo "# - IPv4 ColaboraOnline Service.......: $IPV4_CO" >> $log_file echo "# - IPv6 ColaboraOnline Service.......: $IPV6_CO" >> $log_file echo "# - Group of os installed certs.......: $SSL_CERT_GROUP" >> $log_file elif $COLABORA_SERVICE_INSTALLED ; then echo "# - Hostname ColaboraOnline Service...: $HOSTNAME_CO" >> $log_file fi echo "" >> $log_file echo "" >> $log_file echo "VERSION=$VERSION" >> $log_file echo "INSTALL_DIR=$INSTALL_DIR" >> $log_file echo "DATA_DIR=$DATA_DIR" >> $log_file echo "ADMIN_USER=$ADMIN_USER" >> $log_file echo "ADMIN_PASS=$ADMIN_PASS" >> $log_file echo "WEBSITE=$WEBSITE" >> $log_file echo "WEB_BASE_DIR=$WEB_BASE_DIR" >> $log_file echo "IPV4=$IPV4" >> $log_file echo "IPV6=$IPV6" >> $log_file echo "SRC_BASE_DIR=$SRC_BASE_DIR" >> $log_file if $apache2_installed ; then echo "apache_vhost_dir=$apache_vhost_dir" >> $log_file elif $nginx_installed ; then echo "nginx_vhost_dir=$nginx_vhost_dir" >> $log_file fi echo "HTTP_USER=$HTTP_USER" >> $log_file echo "HTTP_GROUP=$HTTP_GROUP" >> $log_file echo "PHP_VERSION=$PHP_VERSION" >> $log_file echo "PHP_ENGINE=$PHP_ENGINE" >> $log_file echo "DATABASE_NAME=$DATABASE_NAME" >> $log_file echo "DATABASE_TYPE=$DATABASE_TYPE" >> $log_file echo "DATABASE_USER=$DATABASE_USER" >> $log_file echo "DATABASE_PASS=$DATABASE_PASS" >> $log_file echo "INSTALL_REDIS_SERVICE=$INSTALL_REDIS_SERVICE" >> $log_file echo "INSTALL_COLABORA_SERVICE=$INSTALL_COLABORA_SERVICE" >> $log_file echo "" >> $log_file echo "HOSTNAME_CO=$HOSTNAME_CO" >> $log_file echo "IPV4_CO=$IPV4_CO" >> $log_file echo "IPV6_CO=$IPV6_CO" >> $log_file echo "SSL_CERT_GROUP=$SSL_CERT_GROUP" >> $log_file echo "" >> $log_file echo "" >> $log_file # ----- # - Install redis service # ----- echo "" echo "" echo -e "\033[37m\033[1mInstall redis service..\033[m" echo "" echo "" >> $log_file echo "" >> $log_file echo "# -----" >> $log_file echo "# - Install redis service" >> $log_file echo "# -----" >> $log_file if ! $INSTALL_REDIS_SERVICE ; then if $REDIS_SERVICE_INSTALLED ; then echo "# -" >> $log_file echo "# - Redis Service is already installed." >> $log_file info "Redis Service is already installed." else echo "# -" >> $log_file echo "# -Redis Service is NOT installed, but also NOT requested for installation!" >> $log_file warn "Redis Service is NOT installed, but also NOT requested for installation!" fi else for _debian_pkg in ${dpkg_pkg_redis[@]} ; do echononl "Installing $_debian_pkg .." if ! dpkg -l $_debian_pkg 2> /dev/null | grep -e "^ii" > /dev/null 2>&1 ; then echo "" >> $log_file echo "# - Installing $_debian_pkg" >> $log_file echo "# -" >> $log_file echo "DEBIAN_FRONTEND=noninteractive apt-get install -q -y $_debian_pkg" >> $log_file DEBIAN_FRONTEND=noninteractive apt-get install -q -y $_debian_pkg >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi else echo_skipped fi done fi # - Adjust parameter unixsocket # - redis_conf_file="/etc/redis/redis.conf" echo "" >> $log_file echo "# - Adjust configuration for 'unixsocket' (file: '$redis_conf_file')" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration for 'unixsocket' (file: '$redis_conf_file').." if ! $(grep -q -E "^\s*unixsocket\s+" "$redis_conf_file" 2> /dev/null ) ; then if $(grep -q -E "^\s*#\s*unixsocket\s+" "$redis_conf_file" 2> /dev/null ) ; then cat <> $log_file perl -i.ORIG -n -p -e "s/^(\s*#\s*unixsocket\s+(.*))/\1\nunixsocket \2/g" "$redis_conf_file" EOF perl -i.ORIG -n -p -e "s/^(\s*#\s*unixsocket\s+(.*))/\1\nunixsocket \2/g" "$redis_conf_file" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi else cat <> $log_file cat <> $redis_conf_file # Changed by $script_name at $backup_date # unixsocket /var/run/redis/redis.sock EOF END cat <> $redis_conf_file # Changed by $script_name at $backup_date # unixsocket /var/run/redis/redis.sock EOF if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi fi else echo_skipped fi # - Adjust parameter unixsocketperm # - _parameter="unixsocketperm" _value="770" echo "" >> $log_file echo "# - Adjust configuration for '${_parameter}' (file: '$redis_conf_file')" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration for '${_parameter}' (file: '$redis_conf_file').." if ! $(grep -q -E "^\s*${_parameter}\s+" "$redis_conf_file" 2> /dev/null ) ; then if $(grep -q -E "^\s*#\s*${_parameter}\s+" "$redis_conf_file" 2> /dev/null ) ; then cat <> $log_file perl -i.ORIG -n -p -e "s/^(\s*#\s*${_parameter}\s+.*)/\1\n${_parameter} ${_value}/g" "$redis_conf_file" EOF perl -i.ORIG -n -p -e "s/^(\s*#\s*${_parameter}\s+(.*))/\1\n${_parameter} ${_value}/g" "$redis_conf_file" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi else cat <> $log_file cat <> $redis_conf_file # Changed by $script_name at $backup_date # ${_parameter} 770 EOF END cat <> $redis_conf_file # Changed by $script_name at $backup_date # ${_parameter} 770 EOF if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi fi else echo_skipped fi echo "" >> $log_file echo "# - Restart redis service" >> $log_file echo "# -" >> $log_file echononl "Restart redis service.." if $systemd_supported ; then echo "systemctl restart redis-server" >> $log_file systemctl restart redis-server >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi else echo "/etc/init.d/redis-server restart" >> $log_file /etc/init.d/redis-server restart >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi fi REDIS_SOCKET="$(grep -E "^\s*unixsocket\s+" $redis_conf_file 2> /dev/null | awk '{print$2}' 2> /dev/null)" REDIS_GROUP="$(stat -c "%G" $REDIS_SOCKET)" echo "" >> $log_file echo "REDIS_SOCKET=$REDIS_SOCKET" >> $log_file echo "REDIS_GROUP=$REDIS_GROUP" >> $log_file echo "" >> $log_file # - Add webserver user to redis group # - echo "" >> $log_file echo "# - Add webserver user '${HTTP_USER}' to redis group ${REDIS_GROUP}" >> $log_file echo "# -" >> $log_file echononl "Add webserver user '${HTTP_USER}' to redis group ${REDIS_GROUP}.." if ! $(grep -E "^redis:" /etc/group 2> /dev/null | grep -q "$HTTP_USER" 2> /dev/null) ; then usermod -a -G "$REDIS_GROUP" "$HTTP_USER" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi else echo_skipped fi REDIS_SERVICE_INSTALLED=true # ----- # - Install Install ColaboraOnline Service # ----- echo "" echo "" echo -e "\033[37m\033[1mInstall ColaboraOnline Service..\033[m" echo "" echo "" >> $log_file echo "" >> $log_file echo "# -----" >> $log_file echo "# - Install ColaboraOnline Service" >> $log_file echo "# -----" >> $log_file if ! $INSTALL_COLABORA_SERVICE ; then if $COLABORA_SERVICE_INSTALLED ; then echo "# -" >> $log_file echo "# - ColaboraOnline Service is already installed." >> $log_file info "ColaboraOnline Service is already installed." else echo "# -" >> $log_file echo "# -ColaboraOnline Service is NOT installed, but also NOT requested for installation!" >> $log_file warn "ColaboraOnline Service is NOT installed, but also NOT requested for installation!" fi else echononl "Backup configuration directory for coolwsd.." if [[ -d "/etc/coolwsd" ]] ; then echo "" >> $log_file echo "# - Backup existing directory '/etc/coolwsd'.." >> $log_file echo "mv \"/etc/coolwsd\" \"/etc/coolwsd.${backup_date}\"" >> $log_file mv "/etc/coolwsd" "/etc/coolwsd.${backup_date}" >> $log_file 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi else echo_skipped fi blank_line # - Add key for ColaboraOnline Repository # - _failed=false echo "" >> $log_file echo "# - Add key for ColaboraOnline Repository" >> $log_file echo "# -" >> $log_file echononl "Add key for ColaboraOnline Repository.." #echo "wget -O /tmp/co-apt.key \\ #https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg" >> $log_file #wget -O /tmp/co-apt.key \ # https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg >> $log_file 2>&1 echo "wget -O /etc/apt/trusted.gpg.d/collaboraonline-release-keyring.gpg \\ https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg" >> $log_file wget -O /etc/apt/trusted.gpg.d/collaboraonline-release-keyring.gpg \ https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg >> $log_file 2>&1 if [[ "$?" -gt 0 ]]; then _failed=true echo_failed error "For more informations see log output at '$log_file'." else echo "" >> $log_file echo "apt-key add /tmp/co-apt.key" >> $log_file #apt-key add /tmp/co-apt.key >> $log_file 2>&1 #if [[ "$?" -eq 0 ]]; then # echo_ok #else # _failed=true # echo_failed #fi fi if $_failed ; then error "Something went wrong with adding repositoty key..." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Add Repository ColaboraOnline # - echo "" >> $log_file echo "# - Add debian Repository for ColaboraOnline" >> $log_file echo "# -" >> $log_file echononl "Add debian Repository for ColaboraOnline" # cat <> $log_file #cat < /etc/apt/sources.list.d/collaboraonline.list #deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian${os_version} ./ #EOF #END # cat < /etc/apt/sources.list.d/collaboraonline.list 2>> $log_file #deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian${os_version} ./ #EOF cat <> $log_file cat < /etc/apt/sources.list.d/collaboraonline.sources Types: deb URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb Suites: ./ Signed-By: /etc/apt/trusted.gpg.d/collaboraonline-release-keyring.gpg END cat < /etc/apt/sources.list.d/collaboraonline.sources 2>> $log_file Types: deb URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb Suites: ./ Signed-By: /etc/apt/trusted.gpg.d/collaboraonline-release-keyring.gpg EOF if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi # - Update package index files # - echo "" >> $log_file echo "# - Update package index files" >> $log_file echo "# -" >> $log_file echononl "Update package index files" echo "apt-get update" >> $log_file apt-get update >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Install ColaboraOnline packages # - _failed=false for _debian_pkg in ${dpkg_pkg_colabora_online[@]} ; do echononl "Installing $_debian_pkg .." if ! dpkg -l $_debian_pkg 2> /dev/null | grep -e "^ii" > /dev/null 2>&1 ; then echo "" >> $log_file echo "# - Installing $_debian_pkg" >> $log_file echo "# -" >> $log_file echo "DEBIAN_FRONTEND=noninteractive apt-get install -q -y $_debian_pkg" >> $log_file DEBIAN_FRONTEND=noninteractive apt-get install -q -y $_debian_pkg >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else _failed=true echo_failed error "For more informations see log output at '$log_file'." fi else echo_skipped fi done if $_failed ; then error "Something went wrong with installing debian packages (ColaboraOnline).." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi COOLWSD_USER="$(stat -c "%U" /etc/coolwsd/coolwsd.xml)" echo "" >> $log_file echo "COOLWSD_USER=$COOLWSD_USER" >> $log_file echo "" >> $log_file # - Add coolwsd user to group 'ssl-cert' # - echo "" >> $log_file echo "# - Add coolwsd user '${COOLWSD_USER}' to group ${SSL_CERT_GROUP}" >> $log_file echo "# -" >> $log_file echononl "Add coolwsd user '${COOLWSD_USER}' to group ${SSL_CERT_GROUP}.." if ! $(grep -E "^${SSL_CERT_GROUP}:" /etc/group 2> /dev/null | grep -q "$COOLWSD_USER" 2> /dev/null) ; then usermod -a -G "${SSL_CERT_GROUP}" "$COOLWSD_USER" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi else echo_skipped fi # - Symlimk Snakeoil Cert '/etc/coolwsd/cert.pem' --> '/etc/ssl/certs/ssl-cert-snakeoil.pem' # - _symlink_src="/etc/ssl/certs/ssl-cert-snakeoil.pem" _symlink_dst="/etc/coolwsd/cert.pem" echo "" >> $log_file echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file echo "# -" >> $log_file echo "ln -s \"$_symlink_src\" \"$_symlink_dst\"" >> $log_file echononl "Symlink '${_symlink_dst}' --> ${_symlink_src}" ln -s "$_symlink_src" "$_symlink_dst" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Symlimk Snakeoil Cert '/etc/coolwsd/ca-chain.cert.pem' --> '/etc/ssl/certs/ssl-cert-snakeoil.pem' # - _symlink_src="/etc/ssl/certs/ssl-cert-snakeoil.pem" _symlink_dst="/etc/coolwsd/ca-chain.cert.pem" echo "" >> $log_file echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file echo "# -" >> $log_file echo "ln -s \"$_symlink_src\" \"$_symlink_dst\"" >> $log_file echononl "Symlink '${_symlink_dst}' --> ${_symlink_src}" ln -s "$_symlink_src" "$_symlink_dst" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Symlimk Snakeoil Cert '/etc/coolwsd/key.pem' --> '/etc/ssl/private/ssl-cert-snakeoil.key' # - _symlink_src="/etc/ssl/private/ssl-cert-snakeoil.key" _symlink_dst="/etc/coolwsd/key.pem" echo "" >> $log_file echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file echo "# -" >> $log_file echo "ln -s \"$_symlink_src\" \"$_symlink_dst\"" >> $log_file echononl "Symlink '${_symlink_dst}' --> ${_symlink_src}" ln -s "$_symlink_src" "$_symlink_dst" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi blank_line # - Restart 'coolwsd' service # - echo "" >> $log_file echo "# - Start 'coolwsd' service" >> $log_file echo "# -" >> $log_file echononl "Start 'coolwsd' service.." if $systemd_supported ; then echo "systemctl start coolwsd" >> $log_file sleep 2 systemctl start coolwsd >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi else echo "/etc/init.d/coolwsd start" >> $log_file /etc/init.d/coolwsd restart>> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi fi blank_line # - Check if regular certificates for ${HOSTNAME_CO} already present # - if [[ -e "/var/lib/dehydrated/certs/${HOSTNAME_CO}/fullchain.pem" ]]; then server_cert="/var/lib/dehydrated/certs/${HOSTNAME_CO}/fullchain.pem" server_key="/var/lib/dehydrated/certs/${HOSTNAME_CO}/privkey.pem" else if $apache2_installed && [[ -f "/usr/local/apache2/conf/server-bundle.crt" ]] \ && [[ -f "/usr/local/apache2/conf/server.key" ]] ; then server_cert="/usr/local/apache2/conf/server-bundle.crt" server_key="/usr/local/apache2/conf/server.key" else server_key="/etc/nginx/sites-enabled/ssl-cert-snakeoil.key" server_cert="/etc/ssl/certs/ssl-cert-snakeoil.pem" fi fi if $apache2_installed ; then if [[ -d "$apache_vhost_dir" ]] ; then # - Backup apache vhost file if exists # - if [[ -f "${apache_vhost_dir}/${HOSTNAME_CO}.conf.static" ]]; then echo "" >> $log_file echo "# - Backup existing file '${apache_vhost_dir}/${HOSTNAME_CO}.conf.static'" >> $log_file echo "# -" >> $log_file echononl "Backup existing file '${apache_vhost_dir}/${HOSTNAME_CO}.conf.static'" >> $log_file echo "mv \"${apache_vhost_dir}/${HOSTNAME_CO}.conf.static\" \"${apache_vhost_dir}/${HOSTNAME_CO}.conf.static.$backup_date\"" >> $log_file mv "${apache_vhost_dir}/${HOSTNAME_CO}.conf.static" "${apache_vhost_dir}/${HOSTNAME_CO}.conf.static.$backup_date" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi fi echo "" >> $log_file echo "# - Create apache vhost entry for (lokal) ColaboraOnline service" >> $log_file echo "# -" >> $log_file echononl "Create apache vhost entry for (lokal) ColaboraOnline service" cat< "${apache_vhost_dir}/${HOSTNAME_CO}.conf.static" 2>> $log_file ServerName $HOSTNAME_CO Options -Indexes # Encoded slashes need to be allowed AllowEncodedSlashes NoDecode # Container uses a unique non-signed certificate SSLProxyEngine On SSLProxyVerify None SSLProxyCheckPeerCN Off SSLProxyCheckPeerName Off # keep the host ProxyPreserveHost On # static html, js, images, etc. served from coolwsd # browser is the client part of Collabora Online ProxyPass /browser https://127.0.0.1:9980/browser retry=0 ProxyPassReverse /browser https://127.0.0.1:9980/browser # WOPI discovery URL ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0 ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery # Capabilities ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0 ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities # Main websocket ProxyPassMatch "/cool/(.*)/ws$" wss://127.0.0.1:9980/cool/\$1/ws nocanon # Admin Console websocket ProxyPass /cool/adminws wss://127.0.0.1:9980/cool/adminws # Download as, Fullscreen presentation and Image upload operations ProxyPass /cool https://127.0.0.1:9980/cool ProxyPassReverse /cool https://127.0.0.1:9980/cool # Compatibility with integrations that use the /lool/convert-to endpoint ProxyPass /lool https://127.0.0.1:9980/cool ProxyPassReverse /lool https://127.0.0.1:9980/cool SSLEngine on SSLCertificateFile $server_cert SSLCertificateKeyFile $server_key CustomLog /var/log/apache2/ip_requests.log base_requests CustomLog /var/log/apache2/${HOSTNAME_CO}.log combined ErrorLog /var/log/apache2/${HOSTNAME_CO}-error.log EOF if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi # - Remove symlink for apache vhost file (if exists) # - if [[ -h "${apache_vhost_dir}/${HOSTNAME_CO}.conf" ]]; then echo "" >> $log_file echo "# - Remove existing Symlink '${apache_vhost_dir}/${HOSTNAME_CO}.conf'" >> $log_file echo "# -" >> $log_file echononl "Remove existing Symlink '${apache_vhost_dir}/${HOSTNAME_CO}.conf'" >> $log_file echo "rm -f \"${apache_vhost_dir}/${HOSTNAME_CO}.conf\"" >> $log_file rm -f "${apache_vhost_dir}/${HOSTNAME_CO}.conf" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi fi # - Backup apache vhost file if exists # - if [[ -f "${apache_vhost_dir}/${HOSTNAME_CO}.conf" ]]; then echo "" >> $log_file echo "# - Backup existing file '${apache_vhost_dir}/${HOSTNAME_CO}.conf'" >> $log_file echo "# -" >> $log_file echononl "Backup existing file '${apache_vhost_dir}/${HOSTNAME_CO}.conf'" >> $log_file echo "mv \"${apache_vhost_dir}/${HOSTNAME_CO}.conf\" \"${apache_vhost_dir}/${HOSTNAME_CO}.conf.$backup_date\"" >> $log_file mv "${apache_vhost_dir}/${HOSTNAME_CO}.conf" "${apache_vhost_dir}/${HOSTNAME_CO}.conf.$backup_date" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi fi # - Symlimk Apache VHost file '${HOSTNAME_CO}.conf' --> '${HOSTNAME_CO}.conf.static' # - _symlink_src="${HOSTNAME_CO}.conf.static" _symlink_dst="${apache_vhost_dir}/${HOSTNAME_CO}.conf" echo "" >> $log_file echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file echo "# -" >> $log_file echononl "Symlink '${_symlink_dst}' --> ${_symlink_src}" ln -s "$_symlink_src" "$_symlink_dst" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi COLABORA_SERVICE_INSTALLED=true fi elif $nginx_installed ; then if [[ -d "$nginx_vhost_dir" ]]; then # - Remove symlink for nginx vhost file (if exists) # - if [[ -h "${nginx_vhost_enabled_dir}/${HOSTNAME_CO}.conf" ]]; then echo "" >> $log_file echo "# - Remove existing Symlink '${nginx_vhost_enabled_dir}/${HOSTNAME_CO}.conf'" >> $log_file echo "# -" >> $log_file echononl "Remove existing Symlink '${nginx_vhost_enabled_dir}/${HOSTNAME_CO}.conf'" >> $log_file echo "rm -f \"${nginx_vhost_enabled_dir}/${HOSTNAME_CO}.conf\"" >> $log_file rm -f "${nginx_vhost_enabled_dir}/${HOSTNAME_CO}.conf" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi fi # if [[ -h "${nginx_vhost_enabled_dir}/${HOSTNAME_CO}.conf" ]]; then # - Backup nginx vhost file if exists # - if [[ -f "${nginx_vhost_dir}/${HOSTNAME_CO}.conf" ]]; then echo "" >> $log_file echo "# - Backup existing file '${nginx_vhost_dir}/${HOSTNAME_CO}.conf'" >> $log_file echo "# -" >> $log_file echononl "Backup existing file '${nginx_vhost_dir}/${HOSTNAME_CO}.conf'" >> $log_file echo "mv \"${nginx_vhost_dir}/${HOSTNAME_CO}.conf\" \"${nginx_vhost_dir}/${HOSTNAME_CO}.conf.$backup_date\"" >> $log_file mv "${nginx_vhost_dir}/${HOSTNAME_CO}.conf" "${nginx_vhost_dir}/${HOSTNAME_CO}.conf.$backup_date" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi fi # if [[ -f "${nginx_vhost_dir}/${HOSTNAME_CO}.conf" ]] echo "" >> $log_file echo "# - Create nginx vhost entry for '$HOSTNAME_CO'" >> $log_file echo "# -" >> $log_file echononl "Create nginx vhost entry for '$HOSTNAME_CO'" cat< "${nginx_vhost_dir}/${HOSTNAME_CO}.conf" 2>> $log_file # --- $HOSTNAME_CO # --- # see: https://www.collaboraoffice.com/code/nginx-reverse-proxy/ # --- server { listen 80; listen [::]:80; server_name ${HOSTNAME_CO}; # Enforce HTTPS return 301 https://\$server_name\$request_uri; } # --- # see: https://www.collaboraoffice.com/code/nginx-reverse-proxy/ # --- server { listen 443 ssl; listen [::]:443 ssl; server_name ${HOSTNAME_CO}; root /var/www/${HOSTNAME_CO}; ssl_certificate ${server_cert}; ssl_certificate_key ${server_key}; # Include location directive for Let's Encrypt ACME Challenge # # Needed for (automated) updating certificate # include snippets/letsencrypt-acme-challenge.conf; # set max upload size client_max_body_size 512M; fastcgi_buffers 64 4K; # static files location ^~ /browser { proxy_pass https://localhost:9980; proxy_set_header Host \$http_host; } # WOPI discovery URL location ^~ /hosting/discovery { proxy_pass https://localhost:9980; proxy_set_header Host \$http_host; } # Capabilities location ^~ /hosting/capabilities { proxy_pass https://localhost:9980; proxy_set_header Host \$http_host; } # main websocket location ~ ^/cool/(.*)/ws$ { proxy_pass https://localhost:9980; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host \$http_host; proxy_read_timeout 36000s; } # download, presentation and image upload # we accept 'lool' to be backward compatible location ~ ^/(c|l)ool { proxy_pass https://localhost:9980; proxy_set_header Host \$http_host; } # Admin Console websocket location ^~ /cool/adminws { proxy_pass https://localhost:9980; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host \$http_host; proxy_read_timeout 36000s; } } EOF if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Symlimk Nginx VHost file # - # - '${nginx_vhost_enabled_dir}/${HOSTNAME_CO}.conf' --> '${nginx_vhost_dir}/${HOSTNAME_CO}.conf' # - _symlink_src="${nginx_vhost_dir}/${HOSTNAME_CO}.conf" _symlink_dst="${nginx_vhost_enabled_dir}/${HOSTNAME_CO}.conf" echo "" >> $log_file echo "# - Symlink '${_symlink_dst}' --> ${_symlink_src}" >> $log_file echo "# -" >> $log_file echononl "Symlink '${_symlink_dst}' --> ${_symlink_src}" echo "ln -s \"$_symlink_src\" \"$_symlink_dst\"" >> $log_file ln -s "$_symlink_src" "$_symlink_dst" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi echononl "Backup existing document root directory '/var/www/${HOSTNAME_CO}'.." if [[ -d "/var/www/${HOSTNAME_CO}" ]] ; then echo "" >> $log_file echo "# - Backup existing document root directory '/var/www/${HOSTNAME_CO}'" >> $log_file echo "# -" >> $log_file echo "mv \"/var/www/${HOSTNAME_CO}\" \"/var/www/${HOSTNAME_CO}.${backup_date}\"" >> $log_file mv "/var/www/${HOSTNAME_CO}" "/var/www/${HOSTNAME_CO}.${backup_date}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi else echo_skipped fi echo "" >> $log_file echo "# - Ceate documentroot directory '/var/www/${HOSTNAME_CO}'." >> $log_file echo "# -" >> $log_file echononl "Ceate documentroot directory '/var/www/${HOSTNAME_CO}'." echo "mkdir \"/var/www/${HOSTNAME_CO}\"" >> $log_file mkdir "/var/www/${HOSTNAME_CO}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." fi echo "" >> $log_file echo "# - Create index file '/var/www/${HOSTNAME_CO}/index.html'" >> $log_file echo "# -" >> $log_file echo "cat < /var/www/${HOSTNAME_CO}/index.html HTTP Error 404 / Http Fehler 404

HTTP Error 404

The site you have requestet was not found on this Server

Please check your spelling and try again.

Thank You very much!

HTTP Fehler 404

Die von Ihnen aufgerufene Seite gibt es leider nicht - Sorry

Bitte prüfen Sie die Adresse und versuchen es nochmals.

Vielen Dank für Ihr Verständnis!

EOF" >> $log_file echononl "Create index file '/var/www/${HOSTNAME_CO}/index.html'" cat < /var/www/${HOSTNAME_CO}/index.html 2>> $log_file HTTP Error 404 / Http Fehler 404

HTTP Error 404

The site you have requestet was not found on this Server

Please check your spelling and try again.

Thank You very much!

HTTP Fehler 404

Die von Ihnen aufgerufene Seite gibt es leider nicht - Sorry

Bitte prüfen Sie die Adresse und versuchen es nochmals.

Vielen Dank für Ihr Verständnis!

EOF if [[ $? -eq 0 ]]; then echo_ok else echo_failed fi else error "Cant find nginx's vhost directory!" echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # if [[ -d "$nginx_vhost_dir" ]] fi # if $apache2_installed echo "" >> $log_file echo "# - Setup script 'check_cert_coolwsd.sh'" >> $log_file echo "# -" >> $log_file echononl "Setup script 'check_cert_coolwsd.sh'" _failed=false if [[ -f "/root/bin/nextcloud/conf/check_cert_coolwsd.conf.sample" ]]; then if [[ ! -f "/root/bin/nextcloud/conf/check_cert_coolwsd.conf" ]]; then cp -a "/root/bin/nextcloud/conf/check_cert_coolwsd.conf.sample" \ "/root/bin/nextcloud/conf/check_cert_coolwsd.conf" if [[ $? -ne 0 ]] ; then _failed=true fi fi cat << EOF >> $log_file perl -i -n -p -e "s/^\\s*HOSTNAME_CO\\s*=.*/HOSTNAME_CO=\"${HOSTNAME_CO}\"" \\ /root/bin/nextcloud/conf/check_cert_coolwsd.conf EOF perl -i -n -p -e "s/^\s*HOSTNAME_CO\s*=.*/HOSTNAME_CO="${HOSTNAME_CO}"/" \ /root/bin/nextcloud/conf/check_cert_coolwsd.conf >> "$log_file" 2>&1 if [[ $? -ne 0 ]]; then _failed=true fi if $_failed ; then echo_failed error "Failed to setup script 'check_cert_coolwsd.sh'." else echo_ok echononl "Initial run of script 'check_cert_coolwsd.sh'.." if [[ -x "/root/bin/nextcloud/check_cert_coolwsd.sh" ]]; then /root/bin/nextcloud/check_cert_coolwsd.sh if [[ $? -eq 0 ]]; then echo_ok else echo_failed fi else echo_skipped warn "Cannot find script '/root/bin/nextcloud/check_cert_coolwsd.sh'" fi fi else echo_skipped warn "Cannot find sample configuration file '/root/bin/nextcloud/conf/check_cert_coolwsd.conf.sample'" echo "# -" >> $log_file echo "# - Cannot find sample configuration file '/root/bin/nextcloud/conf/check_cert_coolwsd.conf.sample'" >> $log_file echo "# - Skip configuration of script '/root/bin/nextcloud/check_cert_coolwsd.sh'" >> $log_file echo "# -" >> $log_file fi echononl "Create cronjob for checcking/renewing lollwsd certs.." if [[ -x "/root/bin/nextcloud/check_cert_coolwsd.sh" ]] ; then _crontab_tmp_file=/tmp/crontab_root.$$ crontab -l > $_crontab_tmp_file 2> /dev/null if ! grep -q -E "/root/bin/nextcloud/check_cert_coolwsd.sh" $_crontab_tmp_file 2> /dev/null ; then echo "" >> $_crontab_tmp_file echo "# - Check if certificates for coolwsd service are up to date" >> $_crontab_tmp_file echo "# -" >> $_crontab_tmp_file echo "17 05 * * * /root/bin/nextcloud/check_cert_coolwsd.sh" >> $_crontab_tmp_file crontab $_crontab_tmp_file if [[ $? -eq 0 ]]; then echo_done else echo_failed error "Creating cronjob for checcking/renewing lollwsd certs failed!" fi else echo_skipped fi else echo_skipped warn "Script '/root/bin/nextcloud/check_cert_coolwsd.sh' not found'." fi fi # ----- # - Doing some pre-installation tasks # ----- echo "" echo "" echo -e "\033[37m\033[1mDoing some pre-installation tasks..\033[m" echo "" echo "" >> $log_file echo "" >> $log_file echo "# -----" >> $log_file echo "# - Doing some pre-installation tasks" >> $log_file echo "# -----" >> $log_file # - Deaktiviere Cronjobs # - _backup_crontab_file=/tmp/crontab_root.${backup_date} echo "" >> $log_file echo "# - Backup Crontab to '$_backup_crontab_file'" >> $log_file echo "# -" >> $log_file echononl "Backup Crontab to '$_backup_crontab_file'" echo "crontab -l > $_backup_crontab_file" >> $log_file crontab -l > $_backup_crontab_file 2>> $log_file if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interupted by user" fi echo "" >> $log_file echo "# - Remove crontab for root" >> $log_file echo "# -" >> $log_file echononl "Remove crontab for root.." echo "crontab -r" >> $log_file crontab -r >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interupted by user" fi if $apache2_installed ; then # - Stop Apache Webserver # - echo "" >> $log_file echo "# - Stop Apache Webserver" >> $log_file echo "# -" >> $log_file echononl "Stop Apache Webserver.." if $systemd_supported ; then echo "systemctl stop apache2" >> $log_file systemctl stop apache2 >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interupted by user" fi else echo "/etc/init.d/apache2 stop" >> $log_file /etc/init.d/apache2 stop >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interupted by user" fi fi elif $nginx_installed ; then # - Stop Nginx Webserver # - echo "" >> $log_file echo "# - Stop Nginx Webserver" >> $log_file echo "# -" >> $log_file echononl "Stop Nginx Webserver.." if $systemd_supported ; then echo "systemctl stop nginx" >> $log_file systemctl stop nginx >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interupted by user" fi else echo "/etc/init.d/nginx stop" >> $log_file /etc/init.d/nginx stop >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interupted by user" fi fi fi # ----- # - Some checks # ----- echo "" echo "" echo -e "\033[37m\033[1mDoing some checks..\033[m" echo "" echo "" >> $log_file echo "" >> $log_file echo "# -----" >> $log_file echo "# - Doing some checks" >> $log_file echo "# -----" >> $log_file checks_all_is_fine=true # - Check if database exists and is empty # - if [[ "$DATABASE_TYPE" = "mysql" ]] ; then if [[ ! "$(mysqlshow -h $DATABASE_HOST -u $DATABASE_USER -p$DATABASE_PASS $DATABASE_NAME 2>/dev/null)" ]] ; then fatal "Cannot connect database \033[1m$DATABASE_NAME\033[m!" fi _tables="$(mysql -h $DATABASE_HOST -u $DATABASE_USER -p$DATABASE_PASS $DATABASE_NAME -N -s -e 'SHOW TABLES' 2>/dev/null)" if [[ -n "$_tables" ]] ; then warn "Database \033[1m$DATABASE_NAME\033[m is NOT empty but this is an initial instalation!" checks_all_is_fine=false if [[ ! -d "${WEB_BASE_DIR}" ]]; then _backup_dst_dir="$working_dir" else _backup_dst_dir="$WEB_BASE_DIR" fi echo "" >> $log_file echo "# - Backup database '$DATABASE_NAME'" >> $log_file echo "# -" >> $log_file echononl "Backup database '$DATABASE_NAME' .." echo "mysqldump -h $DATABASE_HOST -u $DATABASE_NAME -p$DATABASE_PASS --opt $DATABASE_NAME > ${_backup_dst_dir}/${DATABASE_NAME}.${backup_date}.sql" >> $log_file mysqldump -h $DATABASE_HOST -u $DATABASE_NAME -p$DATABASE_PASS --opt $DATABASE_NAME > ${_backup_dst_dir}/${DATABASE_NAME}.${backup_date}.sql 2>> $log_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." clean_up 1 fi echo "" >> $log_file echo "# - Drop tables of database '$DATABASE_NAME'" >> $log_file echo "# -" >> $log_file echononl "Drop tables of database '$DATABASE_NAME'" _failed=false declare -a _tables_not_deleted=() for _table in $_tables ; do echo "mysql -h $DATABASE_HOST -u $DATABASE_NAME -p$DATABASE_PASS $DATABASE_NAME -N -s -e \"DROP TABLE \\\`$_table\\\`\"" >> $log_file mysql -h $DATABASE_HOST -u $DATABASE_NAME -p$DATABASE_PASS $DATABASE_NAME -N -s -e "DROP TABLE \`$_table\`" >> $log_file 2>&1 if [[ $? -ne 0 ]] ; then _failed=true _tables_not_deleted+=("$_table") fi done if $_failed ; then echo_failed error "For more informations see log output at '$log_file'." clean_up 1 else echo_ok fi fi elif [[ "$DATABASE_TYPE" = "postgres" ]] ; then count="$(su - postgres -c "psql -q -A -t -l" | grep -c -e "^$DATABASE_NAME")" if [[ $count -eq 0 ]]; then warn "Cannot find database \033[1m$DATABASE_NAME\033[m!\n\n \033[1mCreate database first." checks_all_is_fine=false echo "" >> $log_file echo "# - Create ROLE for user '$DATABASE_USER'" >> $log_file echo "# -" >> $log_file echononl "Create ROLE for user \033[1m$DATABASE_USER\033[m .." echo "echo \"CREATE ROLE $DATABASE_USER WITH LOGIN NOCREATEDB NOCREATEROLE NOSUPERUSER ENCRYPTED PASSWORD '$DATABASE_PASS'\" | su - postgres -c \"psql\"" >> $log_file EOF echo "CREATE ROLE $DATABASE_USER WITH LOGIN NOCREATEDB NOCREATEROLE NOSUPERUSER ENCRYPTED PASSWORD '$DATABASE_PASS'" | su - postgres -c "psql" > $log_file 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." clean_up 1 fi echo "" >> $log_file echo "# - Create database '$DATABASE_NAME'" >> $log_file echo "# -" >> $log_file echononl "Create database \033[1m$DATABASE_NAME\033[m .." echo "su - postgres -c \"createdb -E utf8 -O $DATABASE_USER $DATABASE_NAME\"" >> $log_file 2>&1 su - postgres -c "createdb -E utf8 -O $DATABASE_USER $DATABASE_NAME" >> $log_file 2>&1 if [[ $? -eq 0 ]] ; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." clean_up 1 fi else : fi fi ##!# - Backup Database ##!# - ##!echononl " Backup MySQL database '$DATABASE_NANE'.." ##!if [[ "$DATABASE_TYPE" = 'mysql' ]]; then ##! mysqldump $MYSQL_CREDENTIALS --opt $DATABASE_NAME > \ ##! ${WEB_BASE_DIR}/${DATABASE_NAME}-v${PRIOR_VERSION}.${backup_date}.sql 2> $log_file ##! if [[ $? -eq 0 ]]; then ##! echo_ok ##! else ##! echo_failed ##! fatal "$(cat $log_file)" ##! fi ##!elif [[ "$DATABASE_TYPE" = 'postgres' ]]; then ##! PGPASSWORD=$PSQL_PASS pg_dump $DATABASE_NAME -h $PSQL_SERVER -U $PSQL_USER -f postfix-${backup_date}.sql ##! if [[ $? -eq 0 ]]; then ##! echo_ok ##! else ##! echo_failed ##! fatal "$(cat $log_file)" ##! fi ##!fi # - Backup old installation directory # - if [[ -d "$INSTALL_DIR" ]] ; then warn "Nextcloud's installation directory \033[1m$INSTALL_DIR\033[m already exists!" checks_all_is_fine=false echo "" >> $log_file echo "# - Backup existing installation directory '${INSTALL_DIR}'" >> $log_file echo "# -" >> $log_file echononl "Backup existing installation directory '${INSTALL_DIR}'.." echo "mv \"$INSTALL_DIR\" \"${INSTALL_DIR}.$backup_date\"" >> $log_file mv "$INSTALL_DIR" "${INSTALL_DIR}.$backup_date" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interupted by user" fi fi # - Backup old data directory # - if [[ -d "$DATA_DIR" ]] ; then warn "Nextcloud's data directory \033[1m$DATA_DIR\033[m already exists" checks_all_is_fine=false echo "" >> $log_file echo "# - Backup existing data directory '${DATA_DIR}'" >> $log_file echo "# -" >> $log_file echononl "Backup existing data directory '${DATA_DIR}'.. " echo "mv \"$DATA_DIR\" \"${DATA_DIR}.$backup_date\"" >> $log_file mv "$DATA_DIR" "${DATA_DIR}.$backup_date" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Abbruch durch User" fi fi # - Delete symlink for data directory # - echononl "Delete symlink '${DATA_DIR}' if exists.." if [[ -h "${DATA_DIR}" ]]; then echo "" >> $log_file echo "# - Delete symlink '${DATA_DIR}'" >> $log_file echo "# -" >> $log_file echo "rm \"${DATA_DIR}\"" >> $log_file rm "${DATA_DIR}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi else echo_skipped fi if $checks_all_is_fine ; then info "All is fine.." fi # ----- # - Download/Unpack sources # ----- echo "" echo "" echo -e "\033[37m\033[1mDownload/Unpack sources..\033[m" echo "" echo "" >> $log_file echo "" >> $log_file echo "# -----" >> $log_file echo "# - Download/Unpack sources" >> $log_file echo "# -----" >> $log_file echononl "Create source directory '${SRC_BASE_DIR}'.." if [[ ! -d "${SRC_BASE_DIR}" ]]; then echo "" >> $log_file echo "# - Create source directory '${SRC_BASE_DIR}'" >> $log_file echo "# -" >> $log_file echo "mkdir \"${SRC_BASE_DIR}\"" >> $log_file mkdir "${SRC_BASE_DIR}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." clean_up 1 fi else echo_skipped fi # - downloud nextcloud source # - echononl "Download file 'nextcloud-${VERSION}.tar.bz2'.." if [[ -f "${SRC_BASE_DIR}/nextcloud-${VERSION}.tar.bz2" ]]; then echo_skipped else echo "" >> $log_file echo "# - Download file 'nextcloud-${VERSION}.tar.bz2'" >> $log_file echo "# -" >> $log_file echo "wget -P ${SRC_BASE_DIR} https://download.nextcloud.com/server/releases/nextcloud-${VERSION}.tar.bz2" >> $log_file 2>&1 wget -P ${SRC_BASE_DIR} https://download.nextcloud.com/server/releases/nextcloud-${VERSION}.tar.bz2 >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." clean_up 1 fi fi echononl "Delete existing dir '${SRC_BASE_DIR}/nextcloud'.." if [[ -d "${SRC_BASE_DIR}/nextcloud" ]]; then echo "" >> $log_file echo "# - Delete existing dir '${SRC_BASE_DIR}/nextcloud'.." >> $log_file echo "# -" >> $log_file echo "rm -rf \"${SRC_BASE_DIR}/nextcloud\"" >> $log_file rm -rf "${SRC_BASE_DIR}/nextcloud" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." clean_up 1 fi else echo_skipped fi # - Entpacken # - echo "" >> $log_file echo "# - Untar/Unpack 'nextcloud-${VERSION}.tar.bz2'" >> $log_file echo "# -" >> $log_file echononl "Untar/Unpack 'nextcloud-${VERSION}.tar.bz2'.." echo "bunzip2 < \"${SRC_BASE_DIR}/nextcloud-${VERSION}.tar.bz2\" | tar -C ${SRC_BASE_DIR} -xf -" >> $log_file bunzip2 < ${SRC_BASE_DIR}/nextcloud-${VERSION}.tar.bz2 | tar -C ${SRC_BASE_DIR} -xf - >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # ----- # - Create needed directories # ----- echo "" echo "" echo -e "\033[37m\033[1mCreate needed directories..\033[m" echo "" echo "" >> $log_file echo "" >> $log_file echo "# -----" >> $log_file echo "# - Create needed directories" >> $log_file echo "# -----" >> $log_file # - Create websites base directory # - echo "" >> $log_file echo "# - Create websites base directory '${WEB_BASE_DIR}'" >> $log_file echo "# -" >> $log_file echononl "Create websites base directory '${WEB_BASE_DIR}'.." if [[ ! -d "$WEB_BASE_DIR" ]] ; then echo "mkdir \"$WEB_BASE_DIR\"" >> $log_file mkdir "$WEB_BASE_DIR" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi else echo_skipped fi # - Create Installation Directory # - echo "" >> $log_file echo "# - Create (new) installation dir '${INSTALL_DIR}'" >> $log_file echo "# -" >> $log_file echononl "Create (new) installation dir '${INSTALL_DIR}'.." echo "mkdir \"$INSTALL_DIR\"" >> $log_file mkdir "$INSTALL_DIR" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Create data directory # - echo "" >> $log_file echo "# - Create (new) data dir '${DATA_DIR}'" >> $log_file echo "# -" >> $log_file echononl "Create (new) data dir '${DATA_DIR}'.." echo "mkdir \"$DATA_DIR\"" >> $log_file mkdir "$DATA_DIR" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Set Permissions on new data directory # - echo "" >> $log_file echo "# - Change permissions on '${DATA_DIR}'" >> $log_file echo "# -" >> $log_file echononl "Change permissions on '${DATA_DIR}'.." echo "chown -R \"${HTTP_USER}\":\"${HTTP_GROUP}\" \"${DATA_DIR}\"" >> $log_file chown -R "${HTTP_USER}":"${HTTP_GROUP}" "${DATA_DIR}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Create log directory # - echononl "Create (new) data dir '${WEB_BASE_DIR}/logs'.." if [[ ! -d "${WEB_BASE_DIR}/logs" ]] ; then echo "" >> $log_file echo "# - Create log directory '${WEB_BASE_DIR}'/logs" >> $log_file echo "# -" >> $log_file echo "mkdir \"${WEB_BASE_DIR}/logs\"" >> $log_file mkdir "${WEB_BASE_DIR}/logs" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi else echo_skipped fi # - Set Permissions on log data directory # - echo "" >> $log_file echo "# - Change permissions on '${WEB_BASE_DIR}/logs'" >> $log_file echo "# -" >> $log_file echononl "Change permissions on '${WEB_BASE_DIR}/logs'.." echo "chown \"${HTTP_USER}\":\"${HTTP_GROUP}\" \"${WEB_BASE_DIR}/logs\"" >> $log_file chown "${HTTP_USER}":"${HTTP_GROUP}" "${WEB_BASE_DIR}/logs" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # ----- # - Base Installation of nextcloud # ----- echo "" echo "" echo -e "\033[37m\033[1mBase Installation of nextcloud..\033[m" echo "" echo "" >> $log_file echo "" >> $log_file echo "# -----" >> $log_file echo "# - Base Installation of nextcloud" >> $log_file echo "# -----" >> $log_file # - Synchronisiere neues Installationsverzeichnis mit # - den extrahierten Dateien # - echo "" >> $log_file echo "# - Sync (new) nextlcoud to '${INSTALL_DIR}''" >> $log_file echo "# -" >> $log_file echononl "Sync (new) nextlcoud to '${INSTALL_DIR}'.." echo "rsync -a \"${SRC_BASE_DIR}/nextcloud/\" \"${INSTALL_DIR}/\"" >> $log_file rsync -a "${SRC_BASE_DIR}/nextcloud/" "${INSTALL_DIR}/" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi echo "" >> $log_file echo "# - Set actual date on directory '${INSTALL_DIR}'" >> $log_file echo "# -" >> $log_file echononl "Set actual date on directory '${INSTALL_DIR}'.." echo "touch -t \"$(date +%Y%m%d%H%M.%S)\" \"${INSTALL_DIR}\"" >> $log_file touch -t "$(date +%Y%m%d%H%M.%S)" "${INSTALL_DIR}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Set Permissions on new install directory # - echo "" >> $log_file echo "# - Change permissions on '${INSTALL_DIR}'" >> $log_file echo "# -" >> $log_file echononl "Change permissions on '${INSTALL_DIR}'.." echo "chown -R ${HTTP_USER}:${HTTP_GROUP} \"${INSTALL_DIR}\"" >> $log_file chown -R "${HTTP_USER}":"${HTTP_GROUP}" "${INSTALL_DIR}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Delete symlink for old installation directory # - echononl "Delete symlink '${WEB_BASE_DIR}/nextcloud' if exists.." if [[ -h "${WEB_BASE_DIR}/nextcloud" ]]; then echo "" >> $log_file echo "# - Delete symlink '${WEB_BASE_DIR}/nextcloud'" >> $log_file echo "# -" >> $log_file echo "rm \"${WEB_BASE_DIR}/nextcloud\"" >> $log_file rm "${WEB_BASE_DIR}/nextcloud" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi else echo_skipped fi if [[ -f "${WEB_BASE_DIR}/nextcloud" ]] || [[ -d "${WEB_BASE_DIR}/nextcloud" ]] ; then warn "File or Directory '${WEB_BASE_DIR}/nextcloud' exists." echo "" >> $log_file echo "# - Backup directory '${WEB_BASE_DIR}/nextcloud'" >> $log_file echo "# -" >> $log_file echononl "Backup directory '${WEB_BASE_DIR}/nextcloud'.." echo "mv \"${WEB_BASE_DIR}/nextcloud\" \"${WEB_BASE_DIR}/nextcloud.$backup_date\"" >> $log_file mv "${WEB_BASE_DIR}/nextcloud" "${WEB_BASE_DIR}/nextcloud.$backup_date" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi else echo_skipped fi # - Set symlink for new installation directory # - echo "" >> $log_file echo "# - Set symlink for new installation dir 'nextcloud-${VERSION}'" >> $log_file echo "# -" >> $log_file echononl "Set symlink for new installation dir 'nextcloud-${VERSION}'.." echo "\"ln -s nextcloud-${VERSION}\" \"${WEB_BASE_DIR}/nextcloud\"" >> $log_file ln -s "nextcloud-${VERSION}" "${WEB_BASE_DIR}/nextcloud" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Delete symlink for 'htdocs' directory # - echononl "Delete symlink '${WEB_BASE_DIR}/htdocs' if exists.." if [[ -h "${WEB_BASE_DIR}/htdocs" ]]; then echo "" >> $log_file echo "# - Delete symlink '${WEB_BASE_DIR}/htdocs'" >> $log_file echo "# -" >> $log_file echo "rm \"${WEB_BASE_DIR}/htdocs\"" >> $log_file rm "${WEB_BASE_DIR}/htdocs" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi else echo_skipped fi if [[ -f "${WEB_BASE_DIR}/htdocs" ]] || [[ -d "${WEB_BASE_DIR}/htdocs" ]] ; then warn "File or Directory '${WEB_BASE_DIR}/htdocs' exists." echo "" >> $log_file echo "# - Backup directory '${WEB_BASE_DIR}/htdocs'" >> $log_file echo "# -" >> $log_file echononl "Backup directory '${WEB_BASE_DIR}/htdocs'.." echo "mv \"${WEB_BASE_DIR}/htdocs\" \"${WEB_BASE_DIR}/htdocs.$backup_date\"" >> $log_file mv "${WEB_BASE_DIR}/htdocs" "${WEB_BASE_DIR}/htdocs.$backup_date" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi else echo_skipped fi # - Set symlink for htdocs directory # - echo "" >> $log_file echo "# - Set symlink for htdocs directory" >> $log_file echo "# -" >> $log_file echononl "Set symlink for htdocs directory.." echo "\"ln -s nextcloud\" \"${WEB_BASE_DIR}/htdocs\"" >> $log_file ln -s "nextcloud" "${WEB_BASE_DIR}/htdocs" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # ----- # - Configuration tasks on the new Nextcloud Installation # ----- echo "" echo "" echo -e "\033[37m\033[1mConfiguration tasks on the new Nextcloud Installation..\033[m" echo "" echo "" >> $log_file echo "" >> $log_file echo "# -----" >> $log_file echo "# - Configuration tasks on the new Nextcloud Installation" >> $log_file echo "# -----" >> $log_file # - Create base configuration # - REALPATH_DATA_DIR="$(realpath "${DATA_DIR}")" echo "" >> $log_file echo "# - Create base configuration (file 'config/config.php')" >> $log_file echo "# -" >> $log_file echononl "Create base configuration (file 'config/config.php')" cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" maintenance:install \\ --database="${DATABASE_TYPE}" \\ --database-name="${DATABASE_NAME}" \\ --database-host="${DATABASE_HOST}" \\ --database-user="${DATABASE_USER}" \\ --database-pass="${DATABASE_PASS}" \\ --admin-user="${ADMIN_USER}" --admin-pass="${ADMIN_PASS}" \\ --data-dir="${REALPATH_DATA_DIR}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" maintenance:install \ --database="${DATABASE_TYPE}" \ --database-name="${DATABASE_NAME}" \ --database-host="${DATABASE_HOST}" \ --database-user="${DATABASE_USER}" \ --database-pass="${DATABASE_PASS}" \ --admin-user="${ADMIN_USER}" --admin-pass="${ADMIN_PASS}" \ --data-dir="${REALPATH_DATA_DIR}">> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi blank_line # - Some columns in the database are missing a conversion to big int. Due to the # - fact that changing column types on big tables could take some time they were # - not changed automatically. By running 'occ db:convert-filecache-bigint' those # - pending changes could be applied manually. This operation needs to be made # - while the instance is offline. # - # - For further details read the documentation page about this. # - # - filecache.mtime # - filecache.storage_mtime # - echo "" >> $log_file echo "# - Convert some database columns to 'big int'" >> $log_file echo "# -" >> $log_file echononl "Convert some database columns to 'big int'" echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" db:convert-filecache-bigint" >> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" -n db:convert-filecache-bigint >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi blank_line echononl "Eabable the (default) encryption module.." if ${ENABLE_ENCRYPTION} ; then # - Activate and Enable (default) encryption module # - echo "" >> $log_file echo "# - Eabable the (default) encryption module" >> $log_file echo "# -" >> $log_file echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" app:enable encryption" >> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" app:enable encryption >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi else echo_skipped fi echononl "Enable encryption.." if ${ENABLE_ENCRYPTION} ; then echo "" >> $log_file echo "# - Enable encryption" >> $log_file echo "# -" >> $log_file echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" encryption:enable" >> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" encryption:enable >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi else echo_skipped fi # - Adjust 'trusted_domains' # - _parameter="trusted_domains" _value="${WEBSITE}" _type="string" echo "" >> $log_file echo "# - Add '${WEBSITE}' to trusted domains" >> $log_file echo "# -" >> $log_file echononl "Add '${WEBSITE}' to trusted domains.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set ${_parameter} 1 \\ --value="${_value} --type="${_type}"" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set ${_parameter} 1 \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Adjust 'overwrite.cli.url' # - _parameter="overwrite.cli.url" _value="https://${WEBSITE}" _type="string" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \\ --value="${_value} --type="${_type}"" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi ## - # - Adjust 'trashbin_retention_obligation' ## - # - ## - _parameter="trashbin_retention_obligation" ## - _value="auto, 7" ## - _type="string" ## - echo "" >> $log_file ## - echo "# - Adjust configuration parameter '$_parameter'" >> $log_file ## - echo "# -" >> $log_file ## - echononl "Adjust configuration parameter '$_parameter'.." ## - ## - cat <> $log_file ## - sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \\ ## - --value="https://${_value}" --type="${string}" ## - EOF ## - sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \ ## - --value="${_value}" --type="${string}" >> $log_file 2>&1 ## - ## - if [[ $? -eq 0 ]]; then ## - echo_ok ## - else ## - echo_failed ## - error "For more informations see log output at '$log_file'." ## - ## - echononl "continue anyway [yes/no]: " ## - read OK ## - OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" ## - while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do ## - echononl "Wrong entry! - repeat [yes/no]: " ## - read OK ## - done ## - [[ $OK = "yes" ]] || fatal "Interrupted ny user." ## - fi # - Adjust 'logtimezone' # - _parameter="logtimezone" _value="Europe/Berlin" _type="string" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \\ --value="https://${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Adjust parameter 'log_type' # - # - Defaults to none # - _parameter="log_type" _value="file" _type="string" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \\ --value="${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Adjust parameter 'logfile' # - # - Defaults to none # - _parameter="logfile" _value="${WEB_BASE_DIR}/logs/cloud.log" _type="string" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \\ --value="${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Adjust parameter 'loglevel' # - # - Defaults to none # - _parameter="loglevel" _value=4 _type="integer" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \\ --value="${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi blank_line # - Adjust 'filelocking.enabled' # - # - Prevents concurrent processes from accessing the same files at the same time. # - Can help prevent side effects that would be caused by concurrent operations. # - Mainly relevant for very large installations with many users working with # - shared files. # - # - Defaults to true # - _parameter="filelocking.enabled" _value="true" _type="boolean" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \\ --value="${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Adjust 'memcache.local' # - # - Memory caching backend for locally stored data # - # - Defaults to none # - _parameter="memcache.local" _value="\\OC\\Memcache\\APCu" _type="string" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \\ --value="${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi if $REDIS_SERVICE_INSTALLED ; then # - Adjust 'memcache.locking' # - # - Memory caching backend for file locking # - # - Defaults to none # - _parameter="memcache.locking" _value="\\OC\\Memcache\\Redis" _type="string" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \\ --value="${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Adjust 'memcache.distributed' # - # - Memory caching backend for locally stored data # - # - Defaults to none # - _parameter="memcache.distributed" _value="\\OC\\Memcache\\Redis" _type="string" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \\ --value="${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Adjust parameter 'redis' 'port' # - # - Connection details for redis to use for memory caching # - # - Defaults to none # - _parameter="redis" _array_index="port" _value=0 _type="integer" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter' '$_array_index'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter' '$_array_index'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" "$_array_index" \\ --value="${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" "$_array_index" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Adjust parameter 'redis' 'host' # - # - Connection details for redis to use for memory caching # - # - Defaults to none # - [[ -z "$redis_conf_file" ]] && redis_conf_file="/etc/redis/redis.conf" REDIS_SOCKET="$(grep -E "^\s*unixsocket\s+" $redis_conf_file 2> /dev/null | awk '{print$2}' 2> /dev/null)" if [[ -z "$REDIS_SOCKET" ]] ; then warn "Variable 'REDIS_SOCKET' not set or empty.\n\n Set value to \033[1m/var/run/redis/redis.sock\033[m" fi _parameter="redis" _array_index="host" _value="$REDIS_SOCKET" _type="string" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter' '$_array_index'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter' '$_array_index'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" "$_array_index" \\ --value="${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" "$_array_index" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Adjust parameter 'redis' 'timeout' # - # - Connection details for redis to use for memory caching # - # - Defaults to none # - _parameter="redis" _array_index="timeout" _value=0 _type="integer" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter' '$_array_index'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter' '$_array_index'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" "$_array_index" \\ --value="${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" "$_array_index" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi fi # if $REDIS_SERVICE_INSTALLED # - Adjust 'default_language' # - _parameter="default_language" _value="de" _type="string" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \\ --value="https://${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Adjust 'default_locale' # - _parameter="default_locale" _value="de_DE" _type="string" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \\ --value="${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Adjust 'default_phone_region' # - _parameter="default_phone_region" _value="DE" _type="string" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \\ --value="${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # - Adjust 'activity_expire_days' # - _parameter="activity_expire_days" _value=92 _type="integer" echo "" >> $log_file echo "# - Adjust configuration parameter '$_parameter'" >> $log_file echo "# -" >> $log_file echononl "Adjust configuration parameter '$_parameter'.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \\ --value="${_value}" --type="${_type}" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:system:set "$_parameter" \ --value="${_value}" --type="${_type}" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi blank_line echo "" >> $log_file echo "# - Set a default quota of 5 GB" >> $log_file echo "# -" >> $log_file echononl "Set a default quota of 5 GB" cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:app:set files \\ default_quota --value="5 GB" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:app:set files \ default_quota --value="5 GB" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi blank_line echo "" >> $log_file echo "# - Set background jobs to 'Cron'" >> $log_file echo "# -" >> $log_file echononl "Set background jobs to 'Cron'" echo "sudo -u \"$HTTP_USER\" \"$php_binary\" \"${INSTALL_DIR}/occ\" background:cron" >> $log_file 2>&1 sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" background:cron >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi echo "" >> $log_file echo "# - Create cronjob for nextcloud instance '${WEBSITE}'" >> $log_file echo "# -" >> $log_file echononl "Create cronjob for nextcloud instance '${WEBSITE}'" if [[ ! -f "$_backup_crontab_file" ]]; then crontab -l > "$_backup_crontab_file" fi if ! grep -q -E "${WEB_BASE_DIR}/htdocs/cron.php" "$_backup_crontab_file" 2> /dev/null ; then echo "" >> "$_backup_crontab_file" echo "# - Background job for nextcloud instance '${WEBSITE}'" >> "$_backup_crontab_file" echo "# -" >> "$_backup_crontab_file" echo "*/15 * * * * sudo -u \"$HTTP_USER\" /usr/local/php/bin/php -f ${WEB_BASE_DIR}/htdocs/cron.php" >> "$_backup_crontab_file" echo_ok else echo_skipped fi # ----- # - Password Policies # ----- echo "" echo "" echo -e "\033[37m\033[1mPassword Policies:\033[m" echo "" echo "" >> $log_file echo "" >> $log_file echo "# -----" >> $log_file echo "# - Password Policies:" >> $log_file echo "# -----" >> $log_file echo "" >> $log_file echo "# - Enforce passwords with at least one numeric character" >> $log_file echo "# -" >> $log_file echononl "Enforce passwords with at least one numeric character.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:app:set password_policy \\ enforceNumericCharacters --value="1" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:app:set password_policy \ enforceNumericCharacters --value="1" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi echo "" >> $log_file echo "# - Enforce passwords with at least one special character" >> $log_file echo "# -" >> $log_file echononl "Enforce passwords with at least one special character.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:app:set password_policy \\ enforceSpecialCharacters --value="1" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:app:set password_policy \ enforceSpecialCharacters --value="1" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi echo "" >> $log_file echo "# - Enforce passwords with at least one upper and lower case character" >> $log_file echo "# -" >> $log_file echononl "Enforce passwords with at least one upper and lower case character.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:app:set password_policy \\ enforceUpperLowerCase --value="1" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:app:set password_policy \ enforceUpperLowerCase --value="1" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi echo "" >> $log_file echo "# - Enforce passwords with a minimum length of 12 character" >> $log_file echo "# -" >> $log_file echononl "Enforce passwords with a minimum length of 12 character.." cat <> $log_file sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:app:set password_policy \\ minLength --value="12" EOF sudo -u "$HTTP_USER" "$php_binary" "${INSTALL_DIR}/occ" config:app:set password_policy \ minLength --value="12" >> $log_file 2>&1 if [[ $? -eq 0 ]]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi # ----- # - Configure apache2/nginx for the new cloud system # ----- echo "" echo "" if $apache2_installed ; then echo -e "\033[37m\033[1mConfigure apache2 for the new cloud system..\033[m" elif $nginx_installed ; then echo -e "\033[37m\033[1mConfigure nginx for the new cloud system..\033[m" fi echo "" echo "" >> $log_file echo "" >> $log_file echo "# -----" >> $log_file if $apache2_installed ; then echo "# - Configure apache2 for the new cloud system" >> $log_file elif $nginx_installed ; then echo "# - Configure nginx for the new cloud system" >> $log_file fi echo "# -----" >> $log_file # - Create Apache2 vhost configuration for ColaboraOnline service # - if [[ -e "/var/lib/dehydrated/certs/${WEBSITE}/fullchain.pem" ]]; then server_cert="/var/lib/dehydrated/certs/${WEBSITE}/fullchain.pem" server_key="/var/lib/dehydrated/certs/${WEBSITE}/privkey.pem" else server_cert="/usr/local/apache2/conf/server-bundle.crt" server_key="/usr/local/apache2/conf/server.key" fi if $apache2_installed ; then if [[ -d "$apache_vhost_dir" ]] ; then # - Remove symlink for apache vhost file (if exists) # - if [[ -h "${apache_vhost_dir}/${WEBSITE}.conf" ]]; then echo "" >> $log_file echo "# - Remove existing Symlink '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file echo "# -" >> $log_file echononl "Remove existing Symlink '${apache_vhost_dir}/${WEBSITE}.conf'" >> $log_file echo "rm -f \"${apache_vhost_dir}/${WEBSITE}.conf\"" >> $log_file rm -f "${apache_vhost_dir}/${WEBSITE}.conf" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi fi # f [[ -h "${apache_vhost_dir}/${WEBSITE}.conf" ]] # - Backup apache vhost file if exists # - if [[ -f "${apache_vhost_dir}/${WEBSITE}.conf.php-fpm" ]]; then echo "" >> $log_file echo "# - Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf.php-fpm'" >> $log_file echo "# -" >> $log_file echononl "Backup existing file '${apache_vhost_dir}/${WEBSITE}.conf.php-fpm'" >> $log_file echo "mv \"${apache_vhost_dir}/${WEBSITE}.conf.php-fpm\" \"${apache_vhost_dir}/${WEBSITE}.conf.php-fpm.$backup_date\"" >> $log_file mv "${apache_vhost_dir}/${WEBSITE}.conf.php-fpm" "${apache_vhost_dir}/${WEBSITE}.conf.php-fpm.$backup_date" >> $log_file 2>&1 if [ "$?" = 0 ]; then echo_ok else echo_failed error "For more informations see log output at '$log_file'." echononl "continue anyway [yes/no]: " read OK OK="$(echo "$OK" | tr '[:upper:]' '[:lower:]')" while [[ "$OK" != "yes" ]] && [[ "$OK" != "no" ]] ; do echononl "Wrong entry! - repeat [yes/no]: " read OK done [[ $OK = "yes" ]] || fatal "Interrupted ny user." fi fi echo "" >> $log_file echo "# - Create apache vhost entry for '$WEBSITE'" >> $log_file echo "# -" >> $log_file echononl "Create apache vhost entry for '$WEBSITE'" cat< "${apache_vhost_dir}/${WEBSITE}.conf.php-fpm" 2>> $log_file # --- $WEBSITE ServerAdmin admin@oopen.de ServerName $WEBSITE RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] CustomLog /var/log/apache2/ip_requests.log base_requests CustomLog /var/log/apache2/${WEBSITE}-access.log combined ErrorLog /var/log/apache2/${WEBSITE}-error.log ServerAdmin admin@oopen.de ServerName ${WEBSITE} # Service Discovery # # !! We alraedy provide this servis via '.htaccess'-file !! # # The redirects for CalDAV or CardDAV does not work if Nextcloud is running behind a # reverse proxy. The recommended solution is that your reverse proxy does the redirects # #RewriteEngine On #RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] #RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] #ProxyErrorOverride On SetHandler "proxy:unix:/run/php/php-${PHP_VERSION}-fpm.www.sock|fcgi://127.0.0.1" DirectoryIndex index.php index.html index.htm DocumentRoot ${WEB_BASE_DIR}/htdocs Require all granted AllowOverride All Options FollowSymLinks MultiViews # - X-Frame-Options # - # - See: https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options # - # - X-Frame-Options tells the browser whether you want to # - allow your site to be framed or not. By preventing a # - browser from framing your site you can defend against # - attacks like clickjacking # - # - The X-Frame-Options header (RFC), or XFO header, protects your visitors # - against clickjacking attacks. An attacker can load up an iframe on their # - site and set your site as the source, it's quite easy: # - # - # - # - Using some crafty CSS they can hide your site in the background and create some # - genuine looking overlays. When your visitors click on what they think is a harmless # - link, they're actually clicking on links on your website in the background. That # - might not seem so bad until we realise that the browser will execute those requests # - in the context of the user, which could include them being logged in and authenticated # - to your site! # - # - Troy Hunt has a great blog on 'Clickjack attack – the hidden threat right in front : # - of you': # - # - http://www.troyhunt.com/2013/05/clickjack-attack-hidden-threat-right-in.html # - # - Valid values: # - # - DENY meaning your site can't be framed # - # - SAMEORIGIN which allows you to frame your own site # - # - ALLOW-FROM https://example.com/ which lets you specify # - sites that are permitted to frame your own site. # - # - Note: # - For Apache 2.2 use # - Header always set X-Frame-Options "SAMEORIGIN" # - Header always append X-Frame-Options "SAMEORIGIN" # - X-Xss-Protection # - # - See: https://scotthelme.co.uk/hardening-your-http-response-headers/#x-xss-protection # - # - X-XSS-Protection sets the configuration for the cross-site # - scripting filters built into most browsers. The best # - configuration is "X-XSS-Protection: 1; mode=block". # - # - This header is used to configure the built in reflective XSS protection found # - in Internet Explorer, Chrome and Safari (Webkit). # - # - Valid settings for the header are: # - # - 0 which disables the protection, # - # - 1 which enables the protection # - # - 1; mode=block which tells the browser to block the response # - if it detects an attack rather than sanitising # - the script. # - Header always set X-Xss-Protection "1; mode=block" # - X-Content-Type-Options # - # - See: https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options # - # - X-Content-Type-Options stops a browser from trying to MIME-sniff # - the content type and forces it to stick with the declared # - content-type. # - # - Nice and easy to configure, this header only has one valid value, nosniff. # - It prevents Google Chrome and Internet Explorer from trying to mime-sniff # - the content-type of a response away from the one being declared by the server. # - It reduces exposure to drive-by downloads and the risks of user uploaded content # - that, with clever naming, could be treated as a different content-type, like # - an executable. # - # - The only valid value for this header is # - # - "X-Content-Type-Options: nosniff". # - Header always set X-Content-Type-Options "nosniff" # - Referrer-Policy # - # - See: https://scotthelme.co.uk/a-new-security-header-referrer-policy/ # - https://www.w3.org/TR/referrer-policy/ # - # - Referrer Policy is a new header that allows a site to control how # - much information the browser includes with navigations away from # - a document and should be set by all sites. # - # - The HTTP referer (originally a misspelling of referrer[1]) is an HTTP header # - field that identifies the address of the webpage (i.e. the URI or IRI) that # - linked to the resource being requested. By checking the referrer, the new # - webpage can see where the request originated. # - # - For a complete list and explanation of values, see urls above # - # - Example: "no-referrer-when-downgrade" # - The browser will not send the referrer header when navigating # - from HTTPS to HTTP, but will always send the full URL in the # - referrer header when navigating from HTTP to any origin. It # - doesn't matter whether the source and destination are the same # - site or not, only the scheme. # - Header always set Referrer-Policy "no-referrer" # - Permissions-Policy # - # - see also: # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy # - # - Browser bieten einige Features und APIs, auf die wir Entwickler zugreifen können. # - Das beinhaltet etwa Kamera und Mikrofon des Endgeräts. Mit einer Permissions Policy # - können wir diese Funktionen für unsere Seite aktivieren, deaktivieren oder auf eine # - Quelle begrenzen. Wenn ihr ein Feature abschaltet, können auch keine Dritten darauf # - zugreifen, etwa per eingebettetem