Add redis memcache and make optional to enable HSTS
This commit is contained in:
parent
4fcaa2a5ee
commit
cb66de6dae
|
@ -17,14 +17,27 @@ echo '
|
||||||
read -p "Please enter the domain to use for Nextcloud: " -r NC_DOMAIN
|
read -p "Please enter the domain to use for Nextcloud: " -r NC_DOMAIN
|
||||||
read -p "Nextcloud user: " -r NC_USER
|
read -p "Nextcloud user: " -r NC_USER
|
||||||
read -p "Nextcloud user password: " -r NC_PASS
|
read -p "Nextcloud user password: " -r NC_PASS
|
||||||
|
#Enable HSTS
|
||||||
DISTRO_RELEASE=$(lsb_release -sc)
|
while [[ "$ENABLE_HSTS" != "yes" && "$ENABLE_HSTS" != "no" ]]
|
||||||
PHPVER=7.4
|
do
|
||||||
MDBVER=10.4
|
read -p "> Do you want to enable HSTS for this domain?: (yes or no)
|
||||||
PHP_FPM_DIR=/etc/php/$PHPVER/fpm
|
Be aware this option apply mid-term effects on the domain, choose \"no\"
|
||||||
PHP_INI=$PHP_FPM_DIR/php.ini
|
in case you don't know what you are doing. More at https://hstspreload.org/"$'\n' -r ENABLE_HSTS
|
||||||
|
if [ "$ENABLE_HSTS" = "no" ]; then
|
||||||
|
echo "-- HSTS won't be enabled."
|
||||||
|
elif [ "$ENABLE_HSTS" = "yes" ]; then
|
||||||
|
echo "-- HSTS will be enabled."
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
DISTRO_RELEASE="$(lsb_release -sc)"
|
||||||
|
PHPVER="7.4"
|
||||||
|
MDBVER="10.4"
|
||||||
|
PHP_FPM_DIR="/etc/php/$PHPVER/fpm"
|
||||||
|
PHP_INI="$PHP_FPM_DIR/php.ini"
|
||||||
|
PHP_CONF="/etc/php/$PHPVER/fpm/pool.d/www.conf"
|
||||||
|
NC_NGINX_CONF="/etc/nginx/sites-available/$NC_DOMAIN.conf"
|
||||||
NC_REPO="https://download.nextcloud.com/server/releases"
|
NC_REPO="https://download.nextcloud.com/server/releases"
|
||||||
NCVERSION=$(curl -s -m 900 $NC_REPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)
|
NCVERSION="$(curl -s -m 900 $NC_REPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)"
|
||||||
STABLEVERSION="nextcloud-$NCVERSION"
|
STABLEVERSION="nextcloud-$NCVERSION"
|
||||||
NC_PATH="/var/www/nextcloud"
|
NC_PATH="/var/www/nextcloud"
|
||||||
NC_CONFIG="$NC_PATH/config/config.php"
|
NC_CONFIG="$NC_PATH/config/config.php"
|
||||||
|
@ -32,7 +45,7 @@ NC_DB_USER="nextcloud_user"
|
||||||
NC_DB="nextcloud_db"
|
NC_DB="nextcloud_db"
|
||||||
NC_DB_PASSWD="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
|
NC_DB_PASSWD="$(tr -dc "a-zA-Z0-9#_*=" < /dev/urandom | fold -w 14 | head -n1)"
|
||||||
DIR_RECORD="$(grep -nr RECORDING /home/jibri/finalize_recording.sh|head -n1|cut -d "=" -f2)"
|
DIR_RECORD="$(grep -nr RECORDING /home/jibri/finalize_recording.sh|head -n1|cut -d "=" -f2)"
|
||||||
|
REDIS_CONF="/etc/redis/redis.conf"
|
||||||
exit_ifinstalled() {
|
exit_ifinstalled() {
|
||||||
if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then
|
if [ "$(dpkg-query -W -f='${Status}' $1 2>/dev/null | grep -c "ok installed")" == "1" ]; then
|
||||||
echo " This instance already has $1 installed, exiting..."
|
echo " This instance already has $1 installed, exiting..."
|
||||||
|
@ -94,16 +107,18 @@ apt install -y \
|
||||||
php$PHPVER-xml \
|
php$PHPVER-xml \
|
||||||
php$PHPVER-xmlrpc \
|
php$PHPVER-xmlrpc \
|
||||||
php$PHPVER-zip \
|
php$PHPVER-zip \
|
||||||
php-imagick
|
php-imagick \
|
||||||
|
php-redis \
|
||||||
|
redis-server
|
||||||
|
|
||||||
#System related
|
#System related
|
||||||
install_ifnot smbclient
|
install_ifnot smbclient
|
||||||
sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
sed -i "s|.*env\[HOSTNAME\].*|env\[HOSTNAME\] = \$HOSTNAME|" $PHP_CONF
|
||||||
sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
sed -i "s|.*env\[PATH\].*|env\[PATH\] = /usr/local/bin:/usr/bin:/bin|" $PHP_CONF
|
||||||
sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
sed -i "s|.*env\[TMP\].*|env\[TMP\] = /tmp|" $PHP_CONF
|
||||||
sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
sed -i "s|.*env\[TMPDIR\].*|env\[TMPDIR\] = /tmp|" $PHP_CONF
|
||||||
sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
sed -i "s|.*env\[TEMP\].*|env\[TEMP\] = /tmp|" $PHP_CONF
|
||||||
sed -i "s|;clear_env = no|clear_env = no|" /etc/php/$PHPVER/fpm/pool.d/www.conf
|
sed -i "s|;clear_env = no|clear_env = no|" $PHP_CONF
|
||||||
|
|
||||||
echo "
|
echo "
|
||||||
Tunning PHP.ini...
|
Tunning PHP.ini...
|
||||||
|
@ -154,7 +169,7 @@ echo "Done!
|
||||||
#mysql_secure_installation
|
#mysql_secure_installation
|
||||||
|
|
||||||
#nginx - configuration
|
#nginx - configuration
|
||||||
cat << NC_NGINX > /etc/nginx/sites-available/$NC_DOMAIN.conf
|
cat << NC_NGINX > $NC_NGINX_CONF
|
||||||
upstream php-handler {
|
upstream php-handler {
|
||||||
#server 127.0.0.1:9000;
|
#server 127.0.0.1:9000;
|
||||||
server unix:/run/php/php${PHPVER}-fpm.sock;
|
server unix:/run/php/php${PHPVER}-fpm.sock;
|
||||||
|
@ -179,8 +194,7 @@ server {
|
||||||
# Add headers to serve security related headers
|
# Add headers to serve security related headers
|
||||||
# Before enabling Strict-Transport-Security headers please read into this
|
# Before enabling Strict-Transport-Security headers please read into this
|
||||||
# topic first.
|
# topic first.
|
||||||
# add_header Strict-Transport-Security "max-age=15552000;
|
# add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload;";
|
||||||
# includeSubDomains; preload;";
|
|
||||||
#
|
#
|
||||||
# WARNING: Only add the preload option once you read about
|
# WARNING: Only add the preload option once you read about
|
||||||
# the consequences in https://hstspreload.org/. This option
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
@ -311,6 +325,11 @@ fi
|
||||||
nginx -t
|
nginx -t
|
||||||
systemctl restart nginx
|
systemctl restart nginx
|
||||||
|
|
||||||
|
if [ "$ENABLE_HSTS" = "yes" ]; then
|
||||||
|
sed -i "s|# add_header Strict-Transport-Security|add_header Strict-Transport-Security|g" $NC_NGINX_CONF
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
echo "
|
echo "
|
||||||
Latest version to be installed: $STABLEVERSION
|
Latest version to be installed: $STABLEVERSION
|
||||||
"
|
"
|
||||||
|
@ -339,13 +358,35 @@ sudo -u www-data php $NC_PATH/occ maintenance:install \
|
||||||
--admin-pass="$NC_PASS"
|
--admin-pass="$NC_PASS"
|
||||||
|
|
||||||
echo "
|
echo "
|
||||||
Prevent demo data on accounts and custom mods...
|
Apply custom mods...
|
||||||
"
|
"
|
||||||
sed -i "/datadirectory/a \ \ \'skeletondirectory\' => \'\'," $NC_CONFIG
|
sed -i "/datadirectory/a \ \ \'skeletondirectory\' => \'\'," $NC_CONFIG
|
||||||
sed -i "/skeletondirectory/a \ \ \'simpleSignUpLink.shown\' => false," $NC_CONFIG
|
sed -i "/skeletondirectory/a \ \ \'simpleSignUpLink.shown\' => false," $NC_CONFIG
|
||||||
sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," $NC_CONFIG
|
sed -i "/simpleSignUpLink.shown/a \ \ \'knowledgebaseenabled\' => false," $NC_CONFIG
|
||||||
sed -i "s|http://localhost|http://$NC_DOMAIN|" $NC_CONFIG
|
sed -i "s|http://localhost|http://$NC_DOMAIN|" $NC_CONFIG
|
||||||
|
|
||||||
|
echo "
|
||||||
|
Add memcache support...
|
||||||
|
"
|
||||||
|
sed -i "s|# unixsocket .*|unixsocket /var/run/redis/redis.sock|g" $REDIS_CONF
|
||||||
|
sed -i "s|# unixsocketperm .*|unixsocketperm 777|g" $REDIS_CONF
|
||||||
|
sed -i "s|port 6379|port 0|" $REDIS_CONF
|
||||||
|
systemctl restart redis-server
|
||||||
|
|
||||||
|
echo "--> Setting config.php..."
|
||||||
|
sed -i "/);/i \ \ 'filelocking.enabled' => 'true'," $NC_CONFIG
|
||||||
|
sed -i "/);/i \ \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG
|
||||||
|
sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG
|
||||||
|
sed -i "/);/i \ \ 'memcache.local' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG
|
||||||
|
sed -i "/);/i \ \ 'memcache.distributed' => '\\\OC\\\Memcache\\\Redis'," $NC_CONFIG
|
||||||
|
sed -i "/);/i \ \ 'redis' =>" $NC_CONFIG
|
||||||
|
sed -i "/);/i \ \ \ \ array (" $NC_CONFIG
|
||||||
|
sed -i "/);/i \ \ \ \ \ 'host' => '/var/run/redis/redis.sock'," $NC_CONFIG
|
||||||
|
sed -i "/);/i \ \ \ \ \ 'port' => 0," $NC_CONFIG
|
||||||
|
sed -i "/);/i \ \ \ \ \ 'timeout' => 0," $NC_CONFIG
|
||||||
|
sed -i "/);/i \ \ )," $NC_CONFIG
|
||||||
|
echo "Done
|
||||||
|
"
|
||||||
echo "
|
echo "
|
||||||
Addding & Setting up Files External App for Local storage...
|
Addding & Setting up Files External App for Local storage...
|
||||||
"
|
"
|
||||||
|
|
Loading…
Reference in New Issue