diff --git a/.homeinstall/README.md b/.homeinstall/README.md index fc1cdd9b7..54389a388 100644 --- a/.homeinstall/README.md +++ b/.homeinstall/README.md @@ -65,7 +65,7 @@ Switch the verification on/off (1/0) ## What the script will do for you... -+ install everything required by your Zot hub/instance, basically a web server (Apache), PHP, a database (MySQL), certbot,... ++ install everything required by your Zot hub/instance, basically a web server (Apache or Nginx), PHP, a database (MySQL), certbot,... + create a database + run certbot to have everything for a secure connection (httpS) + create a script for daily maintenance @@ -142,5 +142,5 @@ DO NOT FORGET TO CHANGE THE DEFAULT PASSWORD FOR USER PI! ## Reminder for Different Web Wervers -For those of you who feel adventurous enough to use a different web server (Nginx, Lighttpd...), don't forget that this script will install Apache and that you can only have one web server listening to ports 80 & 443. Also, don't forget to tweak your daily shell script in /var/www/ accordingly. +For those of you who feel adventurous enough to use a different web server (i.e. Lighttpd...), don't forget that this script will install Apache or Nginx and that you can only have one web server listening to ports 80 & 443. Also, don't forget to tweak your daily shell script in /var/www/ accordingly. diff --git a/.homeinstall/nginx-zotserver.conf.template b/.homeinstall/nginx-zotserver.conf.template new file mode 100644 index 000000000..c77788a1b --- /dev/null +++ b/.homeinstall/nginx-zotserver.conf.template @@ -0,0 +1,144 @@ +## +# Hubzilla/Zap/Mistpark/Osada Nginx block configuration template +# based on the example created by Olaf Conradi +# +# The files generated with this template will be added to +# /etc/nginx/sites-available & /etc/nginx/sites-enabled (symlink) +## + +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# +# http://wiki.nginx.org/Pitfalls +# http://wiki.nginx.org/QuickStart +# http://wiki.nginx.org/Configuration +## + +## +# This configuration assumes +# You filled the zotserver-config.txt file +# Your domain/subdomain is functionnal +# You want all traffic to be https +# You have PHP FastCGI Process Manager (php-fpm) running on localhost +## + +server { + listen 80; + server_name SERVER_NAME; + +# HTTP > HTTPS # + return 301 https://$server_name$request_uri; +} + +## +# Configure Red with SSL +# +# All requests are routed to the front controller +# except for certain known file types like images, css, etc. +# Those are served statically whenever possible with a +# fall back to the front controller (needed for avatars, for example) +## + +server { + listen 443 ssl; + server_name SERVER_NAME; + + ssl on; + ssl_certificate /etc/letsencrypt/live/SERVER_NAME/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/SERVER_NAME/privkey.pem; + ssl_session_timeout 5m; +# DO WE NEED TO REVIEW THE FOLLOWING SETTINGS? + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; + ssl_prefer_server_ciphers on; + + fastcgi_param HTTPS on; + + charset utf-8; + root INSTALL_PATH; + index index.php; + access_log /var/log/nginx/ZOTSERVER_LOG; + + #Uncomment the following line to include a standard configuration file + #Note that the most specific rule wins and your standard configuration + #will therefore *add* to this file, but not override it. + #include standard.conf + + # allow uploads up to 20MB in size + client_max_body_size 20m; + client_body_buffer_size 128k; + + include mime.types; + + # rewrite to front controller as default rule + location / { + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?req=$1; + } + } + + # make sure webfinger and other well known services aren't blocked + # by denying dot files and rewrite request to the front controller + location ^~ /.well-known/ { + allow all; + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?req=$1; + } + } + + # statically serve these file types when possible + # otherwise fall back to front controller + # allow browser to cache them + # added .htm for advanced source code editor library + # location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ { + # expires 30d; + # try_files $uri /index.php?req=$uri&$args; + # } + # SHOULD WE UNCOMMENT THE ABOVE LINES ? + + # block these file types + location ~* \.(tpl|md|tgz|log|out)$ { + deny all; + } + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # or a unix socket + location ~* \.php$ { + # IS THE FOLLOWING STILL RELEVANT AS OF AUGUST 2020? + # Zero-day exploit defense. + # http://forum.nginx.org/read.php?2,88845,page=3 + # Won't work properly (404 error) if the file is not stored on this + # server, which is entirely possible with php-fpm/php-fcgi. + # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on + # another machine. And then cross your fingers that you won't get hacked. + try_files $uri =404; + + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + # With php5-cgi alone: + # fastcgi_pass 127.0.0.1:9000; + + # With php-fpm: + fastcgi_pass unix:PHP_FPM_SOCK; + + include fastcgi_params; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + # deny access to all dot files + location ~ /\. { + deny all; + } + +#deny access to store + + location ~ /store { + deny all; + } + + +} + diff --git a/.homeinstall/zotserver-config.txt.template b/.homeinstall/zotserver-config.txt.template index 874d3e587..39a6e77ff 100644 --- a/.homeinstall/zotserver-config.txt.template +++ b/.homeinstall/zotserver-config.txt.template @@ -29,6 +29,18 @@ db_pass= le_domain= le_email= +############################################### +### OPTIONAL - Webserver choice ############### +# +# Please indicate if you want to choose Nginx +# or Apache as your web server +# +# Valid strings are nginx or apache (lower case), +# any other will stop the setup script. +# +webserver=apache + + ############################################### ### OPTIONAL - selfHOST - dynamic IP address ## # diff --git a/.homeinstall/zotserver-setup.sh b/.homeinstall/zotserver-setup.sh index 36491b0fe..42ff6685d 100755 --- a/.homeinstall/zotserver-setup.sh +++ b/.homeinstall/zotserver-setup.sh @@ -8,6 +8,7 @@ # - zap: https://zotlabs.com/zap/ # - misty : https://zotlabs.com/misty/ # - osada : https://codeberg.org/zot/osada +# - redmatrix : https://codeberg.org/zot/redmatrix # under Debian Linux "Buster" # # 1) Copy the file "zotserver-config.txt.template" to "zotserver-config.txt" @@ -60,7 +61,7 @@ # # The script makes a (daily) backup of all relevant files # - /var/lib/mysql/ > database -# - /var/www/ > hubzilla/zap/misty from github +# - /var/www/ > hubzilla/zap/misty from git repository # - /etc/letsencrypt/ > certificates # # The backup will be written on an external disk compatible to LUKS+ext4 (see zotserver-config.txt) @@ -209,8 +210,15 @@ function print_warn { } function stop_zotserver { - print_info "stopping apache webserver..." - systemctl stop apache2 + if [ $webserver = "nginx" ] + then + print_info "stopping nginx webserver..." + systemctl stop nginx + elif [ $webserver = "apache" ] + then + print_info "stopping apache webserver..." + systemctl stop apache2 + fi print_info "stopping mysql db..." systemctl stop mariadb } @@ -222,8 +230,14 @@ function install_apache { systemctl restart apache2 } +function install_nginx { + print_info "installing nginx..." + nocheck_install "nginx" + systemctl restart nginx +} + function add_vhost { - print_info "adding vhost" + print_info "adding apache vhost" echo "" >> "/etc/apache2/sites-available/${le_domain}.conf" echo "ServerName ${le_domain}" >> "/etc/apache2/sites-available/${le_domain}.conf" echo "DocumentRoot $install_path" >> "/etc/apache2/sites-available/${le_domain}.conf" @@ -231,6 +245,12 @@ function add_vhost { a2ensite $le_domain } +function add_nginx_block { + print_info "adding nginx block" + sed "s|SERVER_NAME|${le_domain}|g;s|INSTALL_PATH|${install_path}|g;s|ZOTSERVER_LOG|${install_folder}-${zotserver}.log|;s|PHP_FPM_SOCK|$(ls /var/run/php/*sock)|;" nginx-zotserver.conf.template >> /etc/nginx/sites-enabled/${le_domain}.conf + ln -s /etc/nginx/sites-enabled/${le_domain}.conf /etc/nginx/sites-available/ +} + function install_imagemagick { print_info "installing imagemagick..." nocheck_install "imagemagick" @@ -254,9 +274,18 @@ function install_sendmail { function install_php { # openssl and mbstring are included in libapache2-mod-php print_info "installing php..." - nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mbstring php-xml php-zip" - sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/apache2/php.ini - sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/apache2/php.ini + if [ $webserver = "nginx" ] + then + nocheck_install "php php-pear php-curl php-gd php-mbstring php-xml php-zip php-fpm" + sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/fpm/php.ini + sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/fpm/php.ini + systemctl reload php7.3-fpm + elif [ $webserver = "apache" ] + then + nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mbstring php-xml php-zip" + sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/apache2/php.ini + sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/apache2/php.ini + fi } function install_mysql { @@ -452,10 +481,20 @@ function install_letsencrypt { then die "Failed to install let's encrypt: 'le_email' is empty in $configfile" fi - nocheck_install "certbot python-certbot-apache" - print_info "run certbot ..." + if [ $webserver = "nginx" ] + then + nocheck_install "certbot" + print_info "run certbot..." + systemctl stop nginx + certbot certonly --standalone -d $le_domain -m $le_email --agree-tos --non-interactive + systemctl start nginx + elif [ $webserver = "apache" ] + then + nocheck_install "certbot python-certbot-apache" + print_info "run certbot ..." certbot --apache -w $install_path -d $le_domain -m $le_email --agree-tos --non-interactive --redirect --hsts --uir - service apache2 restart + service apache2 restart + fi } function check_https { @@ -483,8 +522,11 @@ function zotserver_name { elif git remote -v | grep -i "origin.*osada.*" then zotserver=osada + elif git remote -v | grep -i "origin.*redmatrix.*" + then + zotserver=redmatrix else - die "neither osada,misty, zap nor hubzilla repository > did not install osada/misty/zap/hubzilla" + die "neither redmatrix, osada, misty, zap nor hubzilla repository > did not install redmatrix/osada/misty/zap/hubzilla" fi } @@ -507,8 +549,12 @@ function install_zotserver { then print_info "osada" util/add_addon_repo https://codeberg.org/zot/osada-addons.git oaddons + elif [ $zotserver = "redmatrix" ] + then + print_info "redmatrix" + util/add_addon_repo https://codeberg.org/zot/redmatrix-addons.git raddons else - die "neither osada, misty, zap nor hubzilla repository > did not install addons or osada/misty/zap/hubzilla" + die "neither redmatrix, osada, misty, zap nor hubzilla repository > did not install addons or redmatrix/osada/misty/zap/hubzilla" fi mkdir -p "cache/smarty3" mkdir -p "store" @@ -533,6 +579,22 @@ function install_cryptosetup { nocheck_install "cryptsetup" } +function configure_zotserverdaily { + echo "#!/bin/sh" >> /var/www/$zotserverdaily + echo "#" >> /var/www/$zotserverdaily + echo "# update of $le_domain Zot hub/instance" >> /var/www/$zotserverdaily + echo "echo \"\$(date) - updating core and addons...\"" >> /var/www/$zotserverdaily + echo "echo \"reaching git repository for $le_domain $zotserver hub/instance...\"" >> /var/www/$zotserverdaily + echo "(cd $install_path ; util/udall)" >> /var/www/$zotserverdaily + echo "chown -R www-data:www-data $install_path # make all accessible for the webserver" >> /var/www/$zotserverdaily + if [ $webserver = "apache" ] + then + echo "chown root:www-data $install_path/.htaccess" >> /var/www/$zotserverdaily + echo "chmod 0644 $install_path/.htaccess # www-data can read but not write it" >> /var/www/$zotserverdaily + fi + chmod a+x /var/www/$zotserverdaily +} + function configure_cron_daily { print_info "configuring cron..." # every 10 min for poller.php @@ -541,99 +603,105 @@ function configure_cron_daily { echo "*/10 * * * * www-data cd $install_path; php Zotlabs/Daemon/Run.php Cron >> /dev/null 2>&1" >> /etc/crontab fi # Run external script daily at 05:30 - # - stop apache and mysql-server + # - stop apache/nginx and mysql-server # - renew the certificate of letsencrypt # - backup db, files ($install_path), certificates if letsencrypt # - update zotserver core and addon # - update and upgrade linux # - reboot is done by "shutdown -h now" because "reboot" hangs sometimes depending on the system -echo "#!/bin/sh" > /var/www/$zotserverdaily -echo "#" >> /var/www/$zotserverdaily -echo "echo \" \"" >> /var/www/$zotserverdaily -echo "echo \"+++ \$(date) +++\"" >> /var/www/$zotserverdaily -echo "echo \" \"" >> /var/www/$zotserverdaily -echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$zotserverdaily -echo "certbot renew --noninteractive" >> /var/www/$zotserverdaily -echo "#" >> /var/www/$zotserverdaily -echo "echo \"\$(date) - stopping apache and mysql...\"" >> /var/www/$zotserverdaily -echo "service apache2 stop" >> /var/www/$zotserverdaily -echo "/etc/init.d/mysql stop # to avoid inconsistencies" >> /var/www/$zotserverdaily -echo "#" >> /var/www/$zotserverdaily -echo "# backup" >> /var/www/$zotserverdaily -echo "echo \"\$(date) - try to mount external device for backup...\"" >> /var/www/$zotserverdaily -echo "backup_device_name=$backup_device_name" >> /var/www/$zotserverdaily -echo "backup_device_pass=$backup_device_pass" >> /var/www/$zotserverdaily -echo "backup_mount_point=$backup_mount_point" >> /var/www/$zotserverdaily -echo "device_mounted=0" >> /var/www/$zotserverdaily -echo "if [ -n \"$backup_device_name\" ]" >> /var/www/$zotserverdaily -echo "then" >> /var/www/$zotserverdaily -echo " if blkid | grep $backup_device_name" >> /var/www/$zotserverdaily -echo " then" >> /var/www/$zotserverdaily - if [ -n "$backup_device_pass" ] - then -echo " echo \"decrypting backup device...\"" >> /var/www/$zotserverdaily -echo " echo "\"$backup_device_pass\"" | cryptsetup luksOpen $backup_device_name cryptobackup" >> /var/www/$zotserverdaily - fi -echo " if [ ! -d $backup_mount_point ]" >> /var/www/$zotserverdaily -echo " then" >> /var/www/$zotserverdaily -echo " mkdir $backup_mount_point" >> /var/www/$zotserverdaily -echo " fi" >> /var/www/$zotserverdaily -echo " echo \"mounting backup device...\"" >> /var/www/$zotserverdaily - if [ -n "$backup_device_pass" ] - then -echo " if mount /dev/mapper/cryptobackup $backup_mount_point" >> /var/www/$zotserverdaily - else -echo " if mount $backup_device_name $backup_mount_point" >> /var/www/$zotserverdaily - fi -echo " then" >> /var/www/$zotserverdaily -echo " device_mounted=1" >> /var/www/$zotserverdaily -echo " echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$zotserverdaily -echo " rsync -a --delete /var/lib/mysql/ /media/zotserver_backup/mysql" >> /var/www/$zotserverdaily -echo " rsync -a --delete /var/www/ /media/zotserver_backup/www" >> /var/www/$zotserverdaily -echo " rsync -a --delete /etc/letsencrypt/ /media/zotserver_backup/letsencrypt" >> /var/www/$zotserverdaily -echo " echo \"\$(date) - disk sizes...\"" >> /var/www/$zotserverdaily -echo " df -h" >> /var/www/$zotserverdaily -echo " echo \"\$(date) - db size...\"" >> /var/www/$zotserverdaily -echo " du -h $backup_mount_point | grep mysql/zotserver" >> /var/www/$zotserverdaily -echo " echo \"unmounting backup device...\"" >> /var/www/$zotserverdaily -echo " umount $backup_mount_point" >> /var/www/$zotserverdaily -echo " else" >> /var/www/$zotserverdaily -echo " echo \"failed to mount device $backup_device_name\"" >> /var/www/$zotserverdaily -echo " fi" >> /var/www/$zotserverdaily - if [ -n "$backup_device_pass" ] - then -echo " echo \"closing decrypted backup device...\"" >> /var/www/$zotserverdaily -echo " cryptsetup luksClose cryptobackup" >> /var/www/$zotserverdaily - fi -echo " fi" >> /var/www/$zotserverdaily -echo "fi" >> /var/www/$zotserverdaily -echo "if [ \$device_mounted == 0 ]" >> /var/www/$zotserverdaily -echo "then" >> /var/www/$zotserverdaily -echo " echo \"device could not be mounted $backup_device_name. No backup written.\"" >> /var/www/$zotserverdaily -echo "fi" >> /var/www/$zotserverdaily -echo "#" >> /var/www/$zotserverdaily -echo "echo \"\$(date) - db size...\"" >> /var/www/$zotserverdaily -echo "du -h /var/lib/mysql/ | grep mysql/zotserver" >> /var/www/$zotserverdaily -echo "#" >> /var/www/$zotserverdaily -echo "# update" >> /var/www/$zotserverdaily -echo "echo \"\$(date) - updating core and addons...\"" >> /var/www/$zotserverdaily -echo "(cd $install_path/ ; util/udall)" >> /var/www/$zotserverdaily -echo "chown -R www-data:www-data $install_path/ # make all accessable for the webserver" >> /var/www/$zotserverdaily -echo "chown root:www-data $install_path/.htaccess" >> /var/www/$zotserverdaily -echo "chmod 0644 $install_path/.htaccess # www-data can read but not write it" >> /var/www/$zotserverdaily -echo "echo \"\$(date) - updating linux...\"" >> /var/www/$zotserverdaily -echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$zotserverdaily -echo "echo \"\$(date) - Backup and update finished. Rebooting...\"" >> /var/www/$zotserverdaily -echo "#" >> /var/www/$zotserverdaily -echo "shutdown -r now" >> /var/www/$zotserverdaily - - if [ -z "`grep '$zotserverdaily' /etc/crontab`" ] + echo "#!/bin/sh" > /var/www/$zotcron + echo "#" >> /var/www/$zotcron + echo "echo \" \"" >> /var/www/$zotcron + echo "echo \"+++ \$(date) +++\"" >> /var/www/$zotcron + echo "echo \" \"" >> /var/www/$zotcron + echo "echo \"\$(date) - stopping $webserver and mysql...\"" >> /var/www/$zotcron + if [ $webserver = "nginx" ] then - echo "30 05 * * * root /bin/bash /var/www/$zotserverdaily >> $install_path/${install_folder}-${zotserver}-daily.log 2>&1" >> /etc/crontab - echo "0 0 1 * * root rm $install_path/${install_folder}-${zotserver}-daily.log" >> /etc/crontab + echo "systemctl stop nginx" >> /var/www/$zotcron + elif [ $webserver = "apache" ] + then + echo "service apache2 stop" >> /var/www/$zotcron + fi + echo "/etc/init.d/mysql stop # to avoid inconsistencies" >> /var/www/$zotcron + echo "#" >> /var/www/$zotcron + echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$zotcron + echo "certbot renew --noninteractive" >> /var/www/$zotcron + echo "#" >> /var/www/$zotcron + echo "# backup" >> /var/www/$zotcron + echo "echo \"\$(date) - try to mount external device for backup...\"" >> /var/www/$zotcron + echo "backup_device_name=$backup_device_name" >> /var/www/$zotcron + echo "backup_device_pass=$backup_device_pass" >> /var/www/$zotcron + echo "backup_mount_point=$backup_mount_point" >> /var/www/$zotcron + echo "device_mounted=0" >> /var/www/$zotcron + echo "if [ -n \"\$backup_device_name\" ]" >> /var/www/$zotcron + echo "then" >> /var/www/$zotcron + echo " if blkid | grep $backup_device_name" >> /var/www/$zotcron + echo " then" >> /var/www/$zotcron + if [ -n "$backup_device_pass" ] + then + echo " echo \"decrypting backup device...\"" >> /var/www/$zotcron + echo " echo "\"$backup_device_pass\"" | cryptsetup luksOpen $backup_device_name cryptobackup" >> /var/www/$zotcron + fi + echo " if [ ! -d $backup_mount_point ]" >> /var/www/$zotcron + echo " then" >> /var/www/$zotcron + echo " mkdir $backup_mount_point" >> /var/www/$zotcron + echo " fi" >> /var/www/$zotcron + echo " echo \"mounting backup device...\"" >> /var/www/$zotcron + if [ -n "$backup_device_pass" ] + then + echo " if mount /dev/mapper/cryptobackup $backup_mount_point" >> /var/www/$zotcron + else + echo " if mount $backup_device_name $backup_mount_point" >> /var/www/$zotcron + fi + echo " then" >> /var/www/$zotcron + echo " device_mounted=1" >> /var/www/$zotcron + echo " echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$zotcron + echo " rsync -a --delete /var/lib/mysql/ /media/zotserver_backup/mysql" >> /var/www/$zotcron + echo " rsync -a --delete /var/www/ /media/zotserver_backup/www" >> /var/www/$zotcron + echo " rsync -a --delete /etc/letsencrypt/ /media/zotserver_backup/letsencrypt" >> /var/www/$zotcron + echo " echo \"\$(date) - disk sizes...\"" >> /var/www/$zotcron + echo " df -h" >> /var/www/$zotcron + echo " echo \"\$(date) - db size...\"" >> /var/www/$zotcron + echo " du -h $backup_mount_point | grep mysql/zotserver" >> /var/www/$zotcron + echo " echo \"unmounting backup device...\"" >> /var/www/$zotcron + echo " umount $backup_mount_point" >> /var/www/$zotcron + echo " else" >> /var/www/$zotcron + echo " echo \"failed to mount device $backup_device_name\"" >> /var/www/$zotcron + echo " fi" >> /var/www/$zotcron + if [ -n "$backup_device_pass" ] + then + echo " echo \"closing decrypted backup device...\"" >> /var/www/$zotcron + echo " cryptsetup luksClose cryptobackup" >> /var/www/$zotcron + fi + echo " fi" >> /var/www/$zotcron + echo "fi" >> /var/www/$zotcron + echo "if [ \$device_mounted == 0 ]" >> /var/www/$zotcron + echo "then" >> /var/www/$zotcron + echo " echo \"device could not be mounted $backup_device_name. No backup written.\"" >> /var/www/$zotcron + echo "fi" >> /var/www/$zotcron + echo "#" >> /var/www/$zotcron + echo "echo \"\$(date) - db size...\"" >> /var/www/$zotcron + echo "du -h /var/lib/mysql/ | grep mysql/" >> /var/www/$zotcron + echo "#" >> /var/www/$zotcron + echo "cd /var/www" >> /var/www/$zotcron + echo "for f in *-daily.sh; do \"./\${f}\"; done" >> /var/www/$zotcron + echo "echo \"\$(date) - updating linux...\"" >> /var/www/$zotcron + echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$zotcron + echo "echo \"\$(date) - Backup and update finished. Rebooting...\"" >> /var/www/$zotcron + echo "#" >> /var/www/$zotcron + echo "shutdown -r now" >> /var/www/$zotcron + + # If global cron job does not exist we add it to /etc/crontab + if grep -q $zotcron /etc/crontab + then + echo "cron job already in /etc/crontab" + else + echo "30 05 * * * root /bin/bash /var/www/$zotcron >> /var/www/zot-daily.log 2>&1" >> /etc/crontab + echo "0 0 1 * * root rm /var/www/zot-daily.log" >> /etc/crontab fi - # This is active after either "reboot" or "/etc/init.d/cron reload" + # This is active after either "reboot" or cron reload" + systemctl restart cron print_info "configured cron for updates/upgrades" } @@ -641,7 +709,6 @@ echo "shutdown -r now" >> /var/www/$zotserverdaily # START OF PROGRAM ######################################################################## export PATH=/bin:/usr/bin:/sbin:/usr/sbin - check_sanity zotserver_name @@ -655,8 +722,9 @@ source $configfile selfhostdir=/etc/selfhost selfhostscript=selfhost-updater.sh +zotcron="zotcron.sh" zotserverdaily="${install_folder}-${zotserver}-daily.sh" -backup_mount_point="/media/${install_folder}-${zotserver}_backup" +backup_mount_point="/media/zotserver_backup" #set -x # activate debugging from here @@ -666,15 +734,32 @@ update_upgrade install_curl install_wget install_sendmail -install_apache -if [ "$install_path" != "/var/www/html" ] +if [ $webserver = "nginx" ] then - add_vhost + install_nginx +elif [ $webserver = "apache" ] +then + install_apache +else +die "Failed to install a Web server: 'webserver' not set to \"apache\" or \"nginx\" in $configfile" fi install_imagemagick install_php +if [ $webserver = "nginx" ] +then + add_nginx_block +elif [ $webserver = "apache" ] +then + if [ "$install_path" != "/var/www/html" ] + then + add_vhost + fi +fi install_mysql +if [ $webserver = "apache" ] +then install_adminer +fi create_zotserver_db run_freedns install_run_selfhost @@ -692,6 +777,8 @@ fi install_zotserver +configure_zotserverdaily + configure_cron_daily if [ "$le_domain" != "localhost" ] @@ -704,5 +791,3 @@ fi #set +x # stop debugging from here - -