mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 20:35:12 +00:00
Merge branch 'dev' of https://codeberg.org/zot/zap into dev
This commit is contained in:
commit
22d0a81a43
4 changed files with 347 additions and 106 deletions
|
@ -65,7 +65,7 @@ Switch the verification on/off (1/0)
|
||||||
|
|
||||||
## What the script will do for you...
|
## What the script will do for you...
|
||||||
|
|
||||||
+ install everything required by your Zot hub/instance, basically a web server (Apache), PHP, a database (MySQL), certbot,...
|
+ install everything required by your Zot hub/instance, basically a web server (Apache or Nginx), PHP, a database (MySQL), certbot,...
|
||||||
+ create a database
|
+ create a database
|
||||||
+ run certbot to have everything for a secure connection (httpS)
|
+ run certbot to have everything for a secure connection (httpS)
|
||||||
+ create a script for daily maintenance
|
+ create a script for daily maintenance
|
||||||
|
@ -142,5 +142,5 @@ DO NOT FORGET TO CHANGE THE DEFAULT PASSWORD FOR USER PI!
|
||||||
|
|
||||||
## Reminder for Different Web Wervers
|
## Reminder for Different Web Wervers
|
||||||
|
|
||||||
For those of you who feel adventurous enough to use a different web server (Nginx, Lighttpd...), don't forget that this script will install Apache and that you can only have one web server listening to ports 80 & 443. Also, don't forget to tweak your daily shell script in /var/www/ accordingly.
|
For those of you who feel adventurous enough to use a different web server (i.e. Lighttpd...), don't forget that this script will install Apache or Nginx and that you can only have one web server listening to ports 80 & 443. Also, don't forget to tweak your daily shell script in /var/www/ accordingly.
|
||||||
|
|
||||||
|
|
144
.homeinstall/nginx-zotserver.conf.template
Normal file
144
.homeinstall/nginx-zotserver.conf.template
Normal file
|
@ -0,0 +1,144 @@
|
||||||
|
##
|
||||||
|
# Hubzilla/Zap/Mistpark/Osada Nginx block configuration template
|
||||||
|
# based on the example created by Olaf Conradi
|
||||||
|
#
|
||||||
|
# The files generated with this template will be added to
|
||||||
|
# /etc/nginx/sites-available & /etc/nginx/sites-enabled (symlink)
|
||||||
|
##
|
||||||
|
|
||||||
|
##
|
||||||
|
# You should look at the following URL's in order to grasp a solid understanding
|
||||||
|
# of Nginx configuration files in order to fully unleash the power of Nginx.
|
||||||
|
#
|
||||||
|
# http://wiki.nginx.org/Pitfalls
|
||||||
|
# http://wiki.nginx.org/QuickStart
|
||||||
|
# http://wiki.nginx.org/Configuration
|
||||||
|
##
|
||||||
|
|
||||||
|
##
|
||||||
|
# This configuration assumes
|
||||||
|
# You filled the zotserver-config.txt file
|
||||||
|
# Your domain/subdomain is functionnal
|
||||||
|
# You want all traffic to be https
|
||||||
|
# You have PHP FastCGI Process Manager (php-fpm) running on localhost
|
||||||
|
##
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name SERVER_NAME;
|
||||||
|
|
||||||
|
# HTTP > HTTPS #
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
##
|
||||||
|
# Configure Red with SSL
|
||||||
|
#
|
||||||
|
# All requests are routed to the front controller
|
||||||
|
# except for certain known file types like images, css, etc.
|
||||||
|
# Those are served statically whenever possible with a
|
||||||
|
# fall back to the front controller (needed for avatars, for example)
|
||||||
|
##
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
server_name SERVER_NAME;
|
||||||
|
|
||||||
|
ssl on;
|
||||||
|
ssl_certificate /etc/letsencrypt/live/SERVER_NAME/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/SERVER_NAME/privkey.pem;
|
||||||
|
ssl_session_timeout 5m;
|
||||||
|
# DO WE NEED TO REVIEW THE FOLLOWING SETTINGS?
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
|
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
fastcgi_param HTTPS on;
|
||||||
|
|
||||||
|
charset utf-8;
|
||||||
|
root INSTALL_PATH;
|
||||||
|
index index.php;
|
||||||
|
access_log /var/log/nginx/ZOTSERVER_LOG;
|
||||||
|
|
||||||
|
#Uncomment the following line to include a standard configuration file
|
||||||
|
#Note that the most specific rule wins and your standard configuration
|
||||||
|
#will therefore *add* to this file, but not override it.
|
||||||
|
#include standard.conf
|
||||||
|
|
||||||
|
# allow uploads up to 20MB in size
|
||||||
|
client_max_body_size 20m;
|
||||||
|
client_body_buffer_size 128k;
|
||||||
|
|
||||||
|
include mime.types;
|
||||||
|
|
||||||
|
# rewrite to front controller as default rule
|
||||||
|
location / {
|
||||||
|
if (!-e $request_filename) {
|
||||||
|
rewrite ^(.*)$ /index.php?req=$1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# make sure webfinger and other well known services aren't blocked
|
||||||
|
# by denying dot files and rewrite request to the front controller
|
||||||
|
location ^~ /.well-known/ {
|
||||||
|
allow all;
|
||||||
|
if (!-e $request_filename) {
|
||||||
|
rewrite ^(.*)$ /index.php?req=$1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# statically serve these file types when possible
|
||||||
|
# otherwise fall back to front controller
|
||||||
|
# allow browser to cache them
|
||||||
|
# added .htm for advanced source code editor library
|
||||||
|
# location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ {
|
||||||
|
# expires 30d;
|
||||||
|
# try_files $uri /index.php?req=$uri&$args;
|
||||||
|
# }
|
||||||
|
# SHOULD WE UNCOMMENT THE ABOVE LINES ?
|
||||||
|
|
||||||
|
# block these file types
|
||||||
|
location ~* \.(tpl|md|tgz|log|out)$ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||||
|
# or a unix socket
|
||||||
|
location ~* \.php$ {
|
||||||
|
# IS THE FOLLOWING STILL RELEVANT AS OF AUGUST 2020?
|
||||||
|
# Zero-day exploit defense.
|
||||||
|
# http://forum.nginx.org/read.php?2,88845,page=3
|
||||||
|
# Won't work properly (404 error) if the file is not stored on this
|
||||||
|
# server, which is entirely possible with php-fpm/php-fcgi.
|
||||||
|
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
|
||||||
|
# another machine. And then cross your fingers that you won't get hacked.
|
||||||
|
try_files $uri =404;
|
||||||
|
|
||||||
|
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
|
||||||
|
# With php5-cgi alone:
|
||||||
|
# fastcgi_pass 127.0.0.1:9000;
|
||||||
|
|
||||||
|
# With php-fpm:
|
||||||
|
fastcgi_pass unix:PHP_FPM_SOCK;
|
||||||
|
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
}
|
||||||
|
|
||||||
|
# deny access to all dot files
|
||||||
|
location ~ /\. {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
#deny access to store
|
||||||
|
|
||||||
|
location ~ /store {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -29,6 +29,18 @@ db_pass=
|
||||||
le_domain=
|
le_domain=
|
||||||
le_email=
|
le_email=
|
||||||
|
|
||||||
|
###############################################
|
||||||
|
### OPTIONAL - Webserver choice ###############
|
||||||
|
#
|
||||||
|
# Please indicate if you want to choose Nginx
|
||||||
|
# or Apache as your web server
|
||||||
|
#
|
||||||
|
# Valid strings are nginx or apache (lower case),
|
||||||
|
# any other will stop the setup script.
|
||||||
|
#
|
||||||
|
webserver=apache
|
||||||
|
|
||||||
|
|
||||||
###############################################
|
###############################################
|
||||||
### OPTIONAL - selfHOST - dynamic IP address ##
|
### OPTIONAL - selfHOST - dynamic IP address ##
|
||||||
#
|
#
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
# - zap: https://zotlabs.com/zap/
|
# - zap: https://zotlabs.com/zap/
|
||||||
# - misty : https://zotlabs.com/misty/
|
# - misty : https://zotlabs.com/misty/
|
||||||
# - osada : https://codeberg.org/zot/osada
|
# - osada : https://codeberg.org/zot/osada
|
||||||
|
# - redmatrix : https://codeberg.org/zot/redmatrix
|
||||||
# under Debian Linux "Buster"
|
# under Debian Linux "Buster"
|
||||||
#
|
#
|
||||||
# 1) Copy the file "zotserver-config.txt.template" to "zotserver-config.txt"
|
# 1) Copy the file "zotserver-config.txt.template" to "zotserver-config.txt"
|
||||||
|
@ -60,7 +61,7 @@
|
||||||
#
|
#
|
||||||
# The script makes a (daily) backup of all relevant files
|
# The script makes a (daily) backup of all relevant files
|
||||||
# - /var/lib/mysql/ > database
|
# - /var/lib/mysql/ > database
|
||||||
# - /var/www/ > hubzilla/zap/misty from github
|
# - /var/www/ > hubzilla/zap/misty from git repository
|
||||||
# - /etc/letsencrypt/ > certificates
|
# - /etc/letsencrypt/ > certificates
|
||||||
#
|
#
|
||||||
# The backup will be written on an external disk compatible to LUKS+ext4 (see zotserver-config.txt)
|
# The backup will be written on an external disk compatible to LUKS+ext4 (see zotserver-config.txt)
|
||||||
|
@ -209,8 +210,15 @@ function print_warn {
|
||||||
}
|
}
|
||||||
|
|
||||||
function stop_zotserver {
|
function stop_zotserver {
|
||||||
|
if [ $webserver = "nginx" ]
|
||||||
|
then
|
||||||
|
print_info "stopping nginx webserver..."
|
||||||
|
systemctl stop nginx
|
||||||
|
elif [ $webserver = "apache" ]
|
||||||
|
then
|
||||||
print_info "stopping apache webserver..."
|
print_info "stopping apache webserver..."
|
||||||
systemctl stop apache2
|
systemctl stop apache2
|
||||||
|
fi
|
||||||
print_info "stopping mysql db..."
|
print_info "stopping mysql db..."
|
||||||
systemctl stop mariadb
|
systemctl stop mariadb
|
||||||
}
|
}
|
||||||
|
@ -222,8 +230,14 @@ function install_apache {
|
||||||
systemctl restart apache2
|
systemctl restart apache2
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function install_nginx {
|
||||||
|
print_info "installing nginx..."
|
||||||
|
nocheck_install "nginx"
|
||||||
|
systemctl restart nginx
|
||||||
|
}
|
||||||
|
|
||||||
function add_vhost {
|
function add_vhost {
|
||||||
print_info "adding vhost"
|
print_info "adding apache vhost"
|
||||||
echo "<VirtualHost *:80>" >> "/etc/apache2/sites-available/${le_domain}.conf"
|
echo "<VirtualHost *:80>" >> "/etc/apache2/sites-available/${le_domain}.conf"
|
||||||
echo "ServerName ${le_domain}" >> "/etc/apache2/sites-available/${le_domain}.conf"
|
echo "ServerName ${le_domain}" >> "/etc/apache2/sites-available/${le_domain}.conf"
|
||||||
echo "DocumentRoot $install_path" >> "/etc/apache2/sites-available/${le_domain}.conf"
|
echo "DocumentRoot $install_path" >> "/etc/apache2/sites-available/${le_domain}.conf"
|
||||||
|
@ -231,6 +245,12 @@ function add_vhost {
|
||||||
a2ensite $le_domain
|
a2ensite $le_domain
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function add_nginx_block {
|
||||||
|
print_info "adding nginx block"
|
||||||
|
sed "s|SERVER_NAME|${le_domain}|g;s|INSTALL_PATH|${install_path}|g;s|ZOTSERVER_LOG|${install_folder}-${zotserver}.log|;s|PHP_FPM_SOCK|$(ls /var/run/php/*sock)|;" nginx-zotserver.conf.template >> /etc/nginx/sites-enabled/${le_domain}.conf
|
||||||
|
ln -s /etc/nginx/sites-enabled/${le_domain}.conf /etc/nginx/sites-available/
|
||||||
|
}
|
||||||
|
|
||||||
function install_imagemagick {
|
function install_imagemagick {
|
||||||
print_info "installing imagemagick..."
|
print_info "installing imagemagick..."
|
||||||
nocheck_install "imagemagick"
|
nocheck_install "imagemagick"
|
||||||
|
@ -254,9 +274,18 @@ function install_sendmail {
|
||||||
function install_php {
|
function install_php {
|
||||||
# openssl and mbstring are included in libapache2-mod-php
|
# openssl and mbstring are included in libapache2-mod-php
|
||||||
print_info "installing php..."
|
print_info "installing php..."
|
||||||
|
if [ $webserver = "nginx" ]
|
||||||
|
then
|
||||||
|
nocheck_install "php php-pear php-curl php-gd php-mbstring php-xml php-zip php-fpm"
|
||||||
|
sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/fpm/php.ini
|
||||||
|
sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/fpm/php.ini
|
||||||
|
systemctl reload php7.3-fpm
|
||||||
|
elif [ $webserver = "apache" ]
|
||||||
|
then
|
||||||
nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mbstring php-xml php-zip"
|
nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mbstring php-xml php-zip"
|
||||||
sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/apache2/php.ini
|
sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/apache2/php.ini
|
||||||
sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/apache2/php.ini
|
sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/apache2/php.ini
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function install_mysql {
|
function install_mysql {
|
||||||
|
@ -452,10 +481,20 @@ function install_letsencrypt {
|
||||||
then
|
then
|
||||||
die "Failed to install let's encrypt: 'le_email' is empty in $configfile"
|
die "Failed to install let's encrypt: 'le_email' is empty in $configfile"
|
||||||
fi
|
fi
|
||||||
|
if [ $webserver = "nginx" ]
|
||||||
|
then
|
||||||
|
nocheck_install "certbot"
|
||||||
|
print_info "run certbot..."
|
||||||
|
systemctl stop nginx
|
||||||
|
certbot certonly --standalone -d $le_domain -m $le_email --agree-tos --non-interactive
|
||||||
|
systemctl start nginx
|
||||||
|
elif [ $webserver = "apache" ]
|
||||||
|
then
|
||||||
nocheck_install "certbot python-certbot-apache"
|
nocheck_install "certbot python-certbot-apache"
|
||||||
print_info "run certbot ..."
|
print_info "run certbot ..."
|
||||||
certbot --apache -w $install_path -d $le_domain -m $le_email --agree-tos --non-interactive --redirect --hsts --uir
|
certbot --apache -w $install_path -d $le_domain -m $le_email --agree-tos --non-interactive --redirect --hsts --uir
|
||||||
service apache2 restart
|
service apache2 restart
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_https {
|
function check_https {
|
||||||
|
@ -483,8 +522,11 @@ function zotserver_name {
|
||||||
elif git remote -v | grep -i "origin.*osada.*"
|
elif git remote -v | grep -i "origin.*osada.*"
|
||||||
then
|
then
|
||||||
zotserver=osada
|
zotserver=osada
|
||||||
|
elif git remote -v | grep -i "origin.*redmatrix.*"
|
||||||
|
then
|
||||||
|
zotserver=redmatrix
|
||||||
else
|
else
|
||||||
die "neither osada,misty, zap nor hubzilla repository > did not install osada/misty/zap/hubzilla"
|
die "neither redmatrix, osada, misty, zap nor hubzilla repository > did not install redmatrix/osada/misty/zap/hubzilla"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -507,8 +549,12 @@ function install_zotserver {
|
||||||
then
|
then
|
||||||
print_info "osada"
|
print_info "osada"
|
||||||
util/add_addon_repo https://codeberg.org/zot/osada-addons.git oaddons
|
util/add_addon_repo https://codeberg.org/zot/osada-addons.git oaddons
|
||||||
|
elif [ $zotserver = "redmatrix" ]
|
||||||
|
then
|
||||||
|
print_info "redmatrix"
|
||||||
|
util/add_addon_repo https://codeberg.org/zot/redmatrix-addons.git raddons
|
||||||
else
|
else
|
||||||
die "neither osada, misty, zap nor hubzilla repository > did not install addons or osada/misty/zap/hubzilla"
|
die "neither redmatrix, osada, misty, zap nor hubzilla repository > did not install addons or redmatrix/osada/misty/zap/hubzilla"
|
||||||
fi
|
fi
|
||||||
mkdir -p "cache/smarty3"
|
mkdir -p "cache/smarty3"
|
||||||
mkdir -p "store"
|
mkdir -p "store"
|
||||||
|
@ -533,6 +579,22 @@ function install_cryptosetup {
|
||||||
nocheck_install "cryptsetup"
|
nocheck_install "cryptsetup"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function configure_zotserverdaily {
|
||||||
|
echo "#!/bin/sh" >> /var/www/$zotserverdaily
|
||||||
|
echo "#" >> /var/www/$zotserverdaily
|
||||||
|
echo "# update of $le_domain Zot hub/instance" >> /var/www/$zotserverdaily
|
||||||
|
echo "echo \"\$(date) - updating core and addons...\"" >> /var/www/$zotserverdaily
|
||||||
|
echo "echo \"reaching git repository for $le_domain $zotserver hub/instance...\"" >> /var/www/$zotserverdaily
|
||||||
|
echo "(cd $install_path ; util/udall)" >> /var/www/$zotserverdaily
|
||||||
|
echo "chown -R www-data:www-data $install_path # make all accessible for the webserver" >> /var/www/$zotserverdaily
|
||||||
|
if [ $webserver = "apache" ]
|
||||||
|
then
|
||||||
|
echo "chown root:www-data $install_path/.htaccess" >> /var/www/$zotserverdaily
|
||||||
|
echo "chmod 0644 $install_path/.htaccess # www-data can read but not write it" >> /var/www/$zotserverdaily
|
||||||
|
fi
|
||||||
|
chmod a+x /var/www/$zotserverdaily
|
||||||
|
}
|
||||||
|
|
||||||
function configure_cron_daily {
|
function configure_cron_daily {
|
||||||
print_info "configuring cron..."
|
print_info "configuring cron..."
|
||||||
# every 10 min for poller.php
|
# every 10 min for poller.php
|
||||||
|
@ -541,99 +603,105 @@ function configure_cron_daily {
|
||||||
echo "*/10 * * * * www-data cd $install_path; php Zotlabs/Daemon/Run.php Cron >> /dev/null 2>&1" >> /etc/crontab
|
echo "*/10 * * * * www-data cd $install_path; php Zotlabs/Daemon/Run.php Cron >> /dev/null 2>&1" >> /etc/crontab
|
||||||
fi
|
fi
|
||||||
# Run external script daily at 05:30
|
# Run external script daily at 05:30
|
||||||
# - stop apache and mysql-server
|
# - stop apache/nginx and mysql-server
|
||||||
# - renew the certificate of letsencrypt
|
# - renew the certificate of letsencrypt
|
||||||
# - backup db, files ($install_path), certificates if letsencrypt
|
# - backup db, files ($install_path), certificates if letsencrypt
|
||||||
# - update zotserver core and addon
|
# - update zotserver core and addon
|
||||||
# - update and upgrade linux
|
# - update and upgrade linux
|
||||||
# - reboot is done by "shutdown -h now" because "reboot" hangs sometimes depending on the system
|
# - reboot is done by "shutdown -h now" because "reboot" hangs sometimes depending on the system
|
||||||
echo "#!/bin/sh" > /var/www/$zotserverdaily
|
echo "#!/bin/sh" > /var/www/$zotcron
|
||||||
echo "#" >> /var/www/$zotserverdaily
|
echo "#" >> /var/www/$zotcron
|
||||||
echo "echo \" \"" >> /var/www/$zotserverdaily
|
echo "echo \" \"" >> /var/www/$zotcron
|
||||||
echo "echo \"+++ \$(date) +++\"" >> /var/www/$zotserverdaily
|
echo "echo \"+++ \$(date) +++\"" >> /var/www/$zotcron
|
||||||
echo "echo \" \"" >> /var/www/$zotserverdaily
|
echo "echo \" \"" >> /var/www/$zotcron
|
||||||
echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$zotserverdaily
|
echo "echo \"\$(date) - stopping $webserver and mysql...\"" >> /var/www/$zotcron
|
||||||
echo "certbot renew --noninteractive" >> /var/www/$zotserverdaily
|
if [ $webserver = "nginx" ]
|
||||||
echo "#" >> /var/www/$zotserverdaily
|
|
||||||
echo "echo \"\$(date) - stopping apache and mysql...\"" >> /var/www/$zotserverdaily
|
|
||||||
echo "service apache2 stop" >> /var/www/$zotserverdaily
|
|
||||||
echo "/etc/init.d/mysql stop # to avoid inconsistencies" >> /var/www/$zotserverdaily
|
|
||||||
echo "#" >> /var/www/$zotserverdaily
|
|
||||||
echo "# backup" >> /var/www/$zotserverdaily
|
|
||||||
echo "echo \"\$(date) - try to mount external device for backup...\"" >> /var/www/$zotserverdaily
|
|
||||||
echo "backup_device_name=$backup_device_name" >> /var/www/$zotserverdaily
|
|
||||||
echo "backup_device_pass=$backup_device_pass" >> /var/www/$zotserverdaily
|
|
||||||
echo "backup_mount_point=$backup_mount_point" >> /var/www/$zotserverdaily
|
|
||||||
echo "device_mounted=0" >> /var/www/$zotserverdaily
|
|
||||||
echo "if [ -n \"$backup_device_name\" ]" >> /var/www/$zotserverdaily
|
|
||||||
echo "then" >> /var/www/$zotserverdaily
|
|
||||||
echo " if blkid | grep $backup_device_name" >> /var/www/$zotserverdaily
|
|
||||||
echo " then" >> /var/www/$zotserverdaily
|
|
||||||
if [ -n "$backup_device_pass" ]
|
|
||||||
then
|
then
|
||||||
echo " echo \"decrypting backup device...\"" >> /var/www/$zotserverdaily
|
echo "systemctl stop nginx" >> /var/www/$zotcron
|
||||||
echo " echo "\"$backup_device_pass\"" | cryptsetup luksOpen $backup_device_name cryptobackup" >> /var/www/$zotserverdaily
|
elif [ $webserver = "apache" ]
|
||||||
|
then
|
||||||
|
echo "service apache2 stop" >> /var/www/$zotcron
|
||||||
fi
|
fi
|
||||||
echo " if [ ! -d $backup_mount_point ]" >> /var/www/$zotserverdaily
|
echo "/etc/init.d/mysql stop # to avoid inconsistencies" >> /var/www/$zotcron
|
||||||
echo " then" >> /var/www/$zotserverdaily
|
echo "#" >> /var/www/$zotcron
|
||||||
echo " mkdir $backup_mount_point" >> /var/www/$zotserverdaily
|
echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$zotcron
|
||||||
echo " fi" >> /var/www/$zotserverdaily
|
echo "certbot renew --noninteractive" >> /var/www/$zotcron
|
||||||
echo " echo \"mounting backup device...\"" >> /var/www/$zotserverdaily
|
echo "#" >> /var/www/$zotcron
|
||||||
|
echo "# backup" >> /var/www/$zotcron
|
||||||
|
echo "echo \"\$(date) - try to mount external device for backup...\"" >> /var/www/$zotcron
|
||||||
|
echo "backup_device_name=$backup_device_name" >> /var/www/$zotcron
|
||||||
|
echo "backup_device_pass=$backup_device_pass" >> /var/www/$zotcron
|
||||||
|
echo "backup_mount_point=$backup_mount_point" >> /var/www/$zotcron
|
||||||
|
echo "device_mounted=0" >> /var/www/$zotcron
|
||||||
|
echo "if [ -n \"\$backup_device_name\" ]" >> /var/www/$zotcron
|
||||||
|
echo "then" >> /var/www/$zotcron
|
||||||
|
echo " if blkid | grep $backup_device_name" >> /var/www/$zotcron
|
||||||
|
echo " then" >> /var/www/$zotcron
|
||||||
if [ -n "$backup_device_pass" ]
|
if [ -n "$backup_device_pass" ]
|
||||||
then
|
then
|
||||||
echo " if mount /dev/mapper/cryptobackup $backup_mount_point" >> /var/www/$zotserverdaily
|
echo " echo \"decrypting backup device...\"" >> /var/www/$zotcron
|
||||||
|
echo " echo "\"$backup_device_pass\"" | cryptsetup luksOpen $backup_device_name cryptobackup" >> /var/www/$zotcron
|
||||||
|
fi
|
||||||
|
echo " if [ ! -d $backup_mount_point ]" >> /var/www/$zotcron
|
||||||
|
echo " then" >> /var/www/$zotcron
|
||||||
|
echo " mkdir $backup_mount_point" >> /var/www/$zotcron
|
||||||
|
echo " fi" >> /var/www/$zotcron
|
||||||
|
echo " echo \"mounting backup device...\"" >> /var/www/$zotcron
|
||||||
|
if [ -n "$backup_device_pass" ]
|
||||||
|
then
|
||||||
|
echo " if mount /dev/mapper/cryptobackup $backup_mount_point" >> /var/www/$zotcron
|
||||||
else
|
else
|
||||||
echo " if mount $backup_device_name $backup_mount_point" >> /var/www/$zotserverdaily
|
echo " if mount $backup_device_name $backup_mount_point" >> /var/www/$zotcron
|
||||||
fi
|
fi
|
||||||
echo " then" >> /var/www/$zotserverdaily
|
echo " then" >> /var/www/$zotcron
|
||||||
echo " device_mounted=1" >> /var/www/$zotserverdaily
|
echo " device_mounted=1" >> /var/www/$zotcron
|
||||||
echo " echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$zotserverdaily
|
echo " echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$zotcron
|
||||||
echo " rsync -a --delete /var/lib/mysql/ /media/zotserver_backup/mysql" >> /var/www/$zotserverdaily
|
echo " rsync -a --delete /var/lib/mysql/ /media/zotserver_backup/mysql" >> /var/www/$zotcron
|
||||||
echo " rsync -a --delete /var/www/ /media/zotserver_backup/www" >> /var/www/$zotserverdaily
|
echo " rsync -a --delete /var/www/ /media/zotserver_backup/www" >> /var/www/$zotcron
|
||||||
echo " rsync -a --delete /etc/letsencrypt/ /media/zotserver_backup/letsencrypt" >> /var/www/$zotserverdaily
|
echo " rsync -a --delete /etc/letsencrypt/ /media/zotserver_backup/letsencrypt" >> /var/www/$zotcron
|
||||||
echo " echo \"\$(date) - disk sizes...\"" >> /var/www/$zotserverdaily
|
echo " echo \"\$(date) - disk sizes...\"" >> /var/www/$zotcron
|
||||||
echo " df -h" >> /var/www/$zotserverdaily
|
echo " df -h" >> /var/www/$zotcron
|
||||||
echo " echo \"\$(date) - db size...\"" >> /var/www/$zotserverdaily
|
echo " echo \"\$(date) - db size...\"" >> /var/www/$zotcron
|
||||||
echo " du -h $backup_mount_point | grep mysql/zotserver" >> /var/www/$zotserverdaily
|
echo " du -h $backup_mount_point | grep mysql/zotserver" >> /var/www/$zotcron
|
||||||
echo " echo \"unmounting backup device...\"" >> /var/www/$zotserverdaily
|
echo " echo \"unmounting backup device...\"" >> /var/www/$zotcron
|
||||||
echo " umount $backup_mount_point" >> /var/www/$zotserverdaily
|
echo " umount $backup_mount_point" >> /var/www/$zotcron
|
||||||
echo " else" >> /var/www/$zotserverdaily
|
echo " else" >> /var/www/$zotcron
|
||||||
echo " echo \"failed to mount device $backup_device_name\"" >> /var/www/$zotserverdaily
|
echo " echo \"failed to mount device $backup_device_name\"" >> /var/www/$zotcron
|
||||||
echo " fi" >> /var/www/$zotserverdaily
|
echo " fi" >> /var/www/$zotcron
|
||||||
if [ -n "$backup_device_pass" ]
|
if [ -n "$backup_device_pass" ]
|
||||||
then
|
then
|
||||||
echo " echo \"closing decrypted backup device...\"" >> /var/www/$zotserverdaily
|
echo " echo \"closing decrypted backup device...\"" >> /var/www/$zotcron
|
||||||
echo " cryptsetup luksClose cryptobackup" >> /var/www/$zotserverdaily
|
echo " cryptsetup luksClose cryptobackup" >> /var/www/$zotcron
|
||||||
fi
|
fi
|
||||||
echo " fi" >> /var/www/$zotserverdaily
|
echo " fi" >> /var/www/$zotcron
|
||||||
echo "fi" >> /var/www/$zotserverdaily
|
echo "fi" >> /var/www/$zotcron
|
||||||
echo "if [ \$device_mounted == 0 ]" >> /var/www/$zotserverdaily
|
echo "if [ \$device_mounted == 0 ]" >> /var/www/$zotcron
|
||||||
echo "then" >> /var/www/$zotserverdaily
|
echo "then" >> /var/www/$zotcron
|
||||||
echo " echo \"device could not be mounted $backup_device_name. No backup written.\"" >> /var/www/$zotserverdaily
|
echo " echo \"device could not be mounted $backup_device_name. No backup written.\"" >> /var/www/$zotcron
|
||||||
echo "fi" >> /var/www/$zotserverdaily
|
echo "fi" >> /var/www/$zotcron
|
||||||
echo "#" >> /var/www/$zotserverdaily
|
echo "#" >> /var/www/$zotcron
|
||||||
echo "echo \"\$(date) - db size...\"" >> /var/www/$zotserverdaily
|
echo "echo \"\$(date) - db size...\"" >> /var/www/$zotcron
|
||||||
echo "du -h /var/lib/mysql/ | grep mysql/zotserver" >> /var/www/$zotserverdaily
|
echo "du -h /var/lib/mysql/ | grep mysql/" >> /var/www/$zotcron
|
||||||
echo "#" >> /var/www/$zotserverdaily
|
echo "#" >> /var/www/$zotcron
|
||||||
echo "# update" >> /var/www/$zotserverdaily
|
echo "cd /var/www" >> /var/www/$zotcron
|
||||||
echo "echo \"\$(date) - updating core and addons...\"" >> /var/www/$zotserverdaily
|
echo "for f in *-daily.sh; do \"./\${f}\"; done" >> /var/www/$zotcron
|
||||||
echo "(cd $install_path/ ; util/udall)" >> /var/www/$zotserverdaily
|
echo "echo \"\$(date) - updating linux...\"" >> /var/www/$zotcron
|
||||||
echo "chown -R www-data:www-data $install_path/ # make all accessable for the webserver" >> /var/www/$zotserverdaily
|
echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$zotcron
|
||||||
echo "chown root:www-data $install_path/.htaccess" >> /var/www/$zotserverdaily
|
echo "echo \"\$(date) - Backup and update finished. Rebooting...\"" >> /var/www/$zotcron
|
||||||
echo "chmod 0644 $install_path/.htaccess # www-data can read but not write it" >> /var/www/$zotserverdaily
|
echo "#" >> /var/www/$zotcron
|
||||||
echo "echo \"\$(date) - updating linux...\"" >> /var/www/$zotserverdaily
|
echo "shutdown -r now" >> /var/www/$zotcron
|
||||||
echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$zotserverdaily
|
|
||||||
echo "echo \"\$(date) - Backup and update finished. Rebooting...\"" >> /var/www/$zotserverdaily
|
|
||||||
echo "#" >> /var/www/$zotserverdaily
|
|
||||||
echo "shutdown -r now" >> /var/www/$zotserverdaily
|
|
||||||
|
|
||||||
if [ -z "`grep '$zotserverdaily' /etc/crontab`" ]
|
# If global cron job does not exist we add it to /etc/crontab
|
||||||
|
if grep -q $zotcron /etc/crontab
|
||||||
then
|
then
|
||||||
echo "30 05 * * * root /bin/bash /var/www/$zotserverdaily >> $install_path/${install_folder}-${zotserver}-daily.log 2>&1" >> /etc/crontab
|
echo "cron job already in /etc/crontab"
|
||||||
echo "0 0 1 * * root rm $install_path/${install_folder}-${zotserver}-daily.log" >> /etc/crontab
|
else
|
||||||
|
echo "30 05 * * * root /bin/bash /var/www/$zotcron >> /var/www/zot-daily.log 2>&1" >> /etc/crontab
|
||||||
|
echo "0 0 1 * * root rm /var/www/zot-daily.log" >> /etc/crontab
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# This is active after either "reboot" or "/etc/init.d/cron reload"
|
# This is active after either "reboot" or cron reload"
|
||||||
|
systemctl restart cron
|
||||||
print_info "configured cron for updates/upgrades"
|
print_info "configured cron for updates/upgrades"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -641,7 +709,6 @@ echo "shutdown -r now" >> /var/www/$zotserverdaily
|
||||||
# START OF PROGRAM
|
# START OF PROGRAM
|
||||||
########################################################################
|
########################################################################
|
||||||
export PATH=/bin:/usr/bin:/sbin:/usr/sbin
|
export PATH=/bin:/usr/bin:/sbin:/usr/sbin
|
||||||
|
|
||||||
check_sanity
|
check_sanity
|
||||||
|
|
||||||
zotserver_name
|
zotserver_name
|
||||||
|
@ -655,8 +722,9 @@ source $configfile
|
||||||
|
|
||||||
selfhostdir=/etc/selfhost
|
selfhostdir=/etc/selfhost
|
||||||
selfhostscript=selfhost-updater.sh
|
selfhostscript=selfhost-updater.sh
|
||||||
|
zotcron="zotcron.sh"
|
||||||
zotserverdaily="${install_folder}-${zotserver}-daily.sh"
|
zotserverdaily="${install_folder}-${zotserver}-daily.sh"
|
||||||
backup_mount_point="/media/${install_folder}-${zotserver}_backup"
|
backup_mount_point="/media/zotserver_backup"
|
||||||
|
|
||||||
#set -x # activate debugging from here
|
#set -x # activate debugging from here
|
||||||
|
|
||||||
|
@ -666,15 +734,32 @@ update_upgrade
|
||||||
install_curl
|
install_curl
|
||||||
install_wget
|
install_wget
|
||||||
install_sendmail
|
install_sendmail
|
||||||
|
if [ $webserver = "nginx" ]
|
||||||
|
then
|
||||||
|
install_nginx
|
||||||
|
elif [ $webserver = "apache" ]
|
||||||
|
then
|
||||||
install_apache
|
install_apache
|
||||||
|
else
|
||||||
|
die "Failed to install a Web server: 'webserver' not set to \"apache\" or \"nginx\" in $configfile"
|
||||||
|
fi
|
||||||
|
install_imagemagick
|
||||||
|
install_php
|
||||||
|
if [ $webserver = "nginx" ]
|
||||||
|
then
|
||||||
|
add_nginx_block
|
||||||
|
elif [ $webserver = "apache" ]
|
||||||
|
then
|
||||||
if [ "$install_path" != "/var/www/html" ]
|
if [ "$install_path" != "/var/www/html" ]
|
||||||
then
|
then
|
||||||
add_vhost
|
add_vhost
|
||||||
fi
|
fi
|
||||||
install_imagemagick
|
fi
|
||||||
install_php
|
|
||||||
install_mysql
|
install_mysql
|
||||||
|
if [ $webserver = "apache" ]
|
||||||
|
then
|
||||||
install_adminer
|
install_adminer
|
||||||
|
fi
|
||||||
create_zotserver_db
|
create_zotserver_db
|
||||||
run_freedns
|
run_freedns
|
||||||
install_run_selfhost
|
install_run_selfhost
|
||||||
|
@ -692,6 +777,8 @@ fi
|
||||||
|
|
||||||
install_zotserver
|
install_zotserver
|
||||||
|
|
||||||
|
configure_zotserverdaily
|
||||||
|
|
||||||
configure_cron_daily
|
configure_cron_daily
|
||||||
|
|
||||||
if [ "$le_domain" != "localhost" ]
|
if [ "$le_domain" != "localhost" ]
|
||||||
|
@ -704,5 +791,3 @@ fi
|
||||||
|
|
||||||
|
|
||||||
#set +x # stop debugging from here
|
#set +x # stop debugging from here
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue