Add redis memcache and make optional to enable HSTS
This commit is contained in:
parent
4fcaa2a5ee
commit
cb66de6dae
|
@ -17,14 +17,27 @@ echo '
|
|||
read -p "Please enter the domain to use for Nextcloud: " -r NC_DOMAIN
|
||||
read -p "Nextcloud user: " -r NC_USER
|
||||
read -p "Nextcloud user password: " -r NC_PASS
|
||||
|
||||
DISTRO_RELEASE=$(lsb_release -sc)
|
||||
PHPVER=7.4
|
||||
MDBVER=10.4
|
||||
PHP_FPM_DIR=/etc/php/$PHPVER/fpm
|
||||
PHP_INI=$PHP_FPM_DIR/php.ini
|
||||
#Enable HSTS
|
||||
while [[ "$ENABLE_HSTS" != "yes" && "$ENABLE_HSTS" != "no" ]]
|
||||
do
|
||||
read -p "> Do you want to enable HSTS for this domain?: (yes or no)
|
||||
Be aware this option apply mid-term effects on the domain, choose \"no\"
|
||||
in case you don't know what you are doing. More at https://hstspreload.org/"$'\n' -r ENABLE_HSTS
|
||||
if [ "$ENABLE_HSTS" = "no" ]; then
|
||||
echo "-- HSTS won't be enabled."
|
||||
elif [ "$ENABLE_HSTS" = "yes" ]; then
|
||||
echo "-- HSTS will be enabled."
|
||||
fi
|
||||
done
|
||||
DISTRO_RELEASE="$(lsb_release -sc)"
|
||||
PHPVER="7.4"
|
||||
MDBVER="10.4"
|
||||
PHP_FPM_DIR="/etc/php/$PHPVER/fpm"
|
||||
PHP_INI="$PHP_FPM_DIR/php.ini"
|
||||
PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf"
|
||||
NC_NGINX_CONF="/etc/nginx/sites-available/$NC_DOMAIN.conf"
|
||||
NC_REPO="https://download.nextcloud.com/server/releases"
|
||||
NCVERSION=$(curl -s -m 900 $NC_REPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)
|
||||
NCVERSION="$(curl -s -m 900 $NC_REPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)"
|
||||
STABLEVERSION="nextcloud-$NCVERSION"
|
||||
NC_PATH="/var/www/nextcloud"
|
||||
NC_CONFIG="$NC_PATH/config/config.php"
|
||||
|
@ -32,7 +45,7 @@ NC_DB_USER="nextcloud_user"
|
|||
NC_DB="nextcloud_db"
|
||||
NC_DB_PASSWD="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
|
||||
DIR_RECORD="$(grep -nr RECORDING /home/jibri/finalize_recording.sh|head -n1|cut -d "=" -f2)"
|
||||
|
||||
REDIS_CONF="/etc/redis/redis.conf"
|
||||
exit_ifinstalled() {
|
||||
if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then
|
||||
echo " This instance already has $1 installed, exiting..."
|
||||
|
@ -94,16 +107,18 @@ apt install -y \
|
|||
php$PHPVER-xml \
|
||||
php$PHPVER-xmlrpc \
|
||||
php$PHPVER-zip \
|
||||
php-imagick
|
||||
php-imagick \
|
||||
php-redis \
|
||||
redis-server
|
||||
|
||||
#System related
|
||||
install_ifnot smbclient
|
||||
sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
||||
sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
||||
sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
||||
sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
||||
sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
||||
sed -i "s|;clear_env = no|clear_env = no|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
||||
sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" $PHP_CONF
|
||||
sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" $PHP_CONF
|
||||
sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" $PHP_CONF
|
||||
sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" $PHP_CONF
|
||||
sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" $PHP_CONF
|
||||
sed -i "s|;clear_env = no|clear_env = no|" $PHP_CONF
|
||||
|
||||
echo "
|
||||
Tunning PHP.ini...
|
||||
|
@ -154,7 +169,7 @@ echo "Done!
|
|||
#mysql_secure_installation
|
||||
|
||||
#nginx - configuration
|
||||
cat << NC_NGINX > /etc/nginx/sites-available/$NC_DOMAIN.conf
|
||||
cat << NC_NGINX > $NC_NGINX_CONF
|
||||
upstream php-handler {
|
||||
#server 127.0.0.1:9000;
|
||||
server unix:/run/php/php${PHPVER}-fpm.sock;
|
||||
|
@ -179,8 +194,7 @@ server {
|
|||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
# add_header Strict-Transport-Security "max-age=15552000;
|
||||
# includeSubDomains; preload;";
|
||||
# add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
|
@ -311,6 +325,11 @@ fi
|
|||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
if [ "$ENABLE_HSTS" = "yes" ]; then
|
||||
sed -i "s|# add_header Strict-Transport-Security|add_header Strict-Transport-Security|g" $NC_NGINX_CONF
|
||||
fi
|
||||
|
||||
|
||||
echo "
|
||||
Latest version to be installed: $STABLEVERSION
|
||||
"
|
||||
|
@ -339,13 +358,35 @@ sudo -u www-data php $NC_PATH/occ maintenance:install \
|
|||
--admin-pass="$NC_PASS"
|
||||
|
||||
echo "
|
||||
Prevent demo data on accounts and custom mods...
|
||||
Apply custom mods...
|
||||
"
|
||||
sed -i "/datadirectory/a \ \ \'skeletondirectory\' => \'\'," $NC_CONFIG
|
||||
sed -i "/skeletondirectory/a \ \ \'simpleSignUpLink.shown\' => false," $NC_CONFIG
|
||||
sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," $NC_CONFIG
|
||||
sed -i "s|http://localhost|http://$NC_DOMAIN|" $NC_CONFIG
|
||||
|
||||
echo "
|
||||
Add memcache support...
|
||||
"
|
||||
sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" $REDIS_CONF
|
||||
sed -i "s|# unixsocketperm .*|unixsocketperm 777|g" $REDIS_CONF
|
||||
sed -i "s|port 6379|port 0|" $REDIS_CONF
|
||||
systemctl restart redis-server
|
||||
|
||||
echo "--> Setting config.php..."
|
||||
sed -i "/);/i \ \ 'filelocking.enabled' => 'true'," $NC_CONFIG
|
||||
sed -i "/);/i \ \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG
|
||||
sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG
|
||||
sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG
|
||||
sed -i "/);/i \ \ 'memcache.distributed' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG
|
||||
sed -i "/);/i \ \ 'redis' =>" $NC_CONFIG
|
||||
sed -i "/);/i \ \ \ \ array (" $NC_CONFIG
|
||||
sed -i "/);/i \ \ \ \ \ 'host' => '/var/run/redis/redis.sock'," $NC_CONFIG
|
||||
sed -i "/);/i \ \ \ \ \ 'port' => 0," $NC_CONFIG
|
||||
sed -i "/);/i \ \ \ \ \ 'timeout' => 0," $NC_CONFIG
|
||||
sed -i "/);/i \ \ )," $NC_CONFIG
|
||||
echo "Done
|
||||
"
|
||||
echo "
|
||||
Addding & Setting up Files External App for Local storage...
|
||||
"
|
||||
|
|
Loading…
Reference in New Issue