Merge branch 'dev' of https://codeberg.org/zot/zap into dev

2024-09-20 18:35:13 +00:00 · 2020-08-30 02:26:13 -07:00 · 2020-08-30 02:26:13 -07:00 · 22d0a81a43
commit 22d0a81a43
parent 1bb5fd38a0 cb8e259764
4 changed files with 347 additions and 106 deletions
--- a/.homeinstall/README.md
+++ b/.homeinstall/README.md
@ -65,7 +65,7 @@ Switch the verification on/off (1/0)

 ## What the script will do for you...

-+ install everything required by your Zot hub/instance, basically a web server (Apache), PHP, a database (MySQL), certbot,...
+ install everything required by your Zot hub/instance, basically a web server (Apache or Nginx), PHP, a database (MySQL), certbot,...
 + create a database
 + run certbot to have everything for a secure connection (httpS)
 + create a script for daily maintenance
@ -142,5 +142,5 @@ DO NOT FORGET TO CHANGE THE DEFAULT PASSWORD FOR USER PI!

 ## Reminder for Different Web Wervers

-For those of you who feel adventurous enough to use a different web server (Nginx, Lighttpd...), don't forget that this script will install Apache and that you can only have one web server listening to ports 80 & 443. Also, don't forget to tweak your daily shell script in /var/www/ accordingly.
+For those of you who feel adventurous enough to use a different web server (i.e. Lighttpd...), don't forget that this script will install Apache or Nginx and that you can only have one web server listening to ports 80 & 443. Also, don't forget to tweak your daily shell script in /var/www/ accordingly.

--- a/.homeinstall/nginx-zotserver.conf.template
+++ b/.homeinstall/nginx-zotserver.conf.template
@ -0,0 +1,144 @@
+##
+# Hubzilla/Zap/Mistpark/Osada Nginx block configuration template
+# based on the example created by Olaf Conradi
+#
+# The files generated with this template will be added to
+# /etc/nginx/sites-available & /etc/nginx/sites-enabled (symlink)
+##
+
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+#
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+##
+
+##
+# This configuration assumes 
+# You filled the zotserver-config.txt file
+# Your domain/subdomain is functionnal
+# You want all traffic to be https
+# You have PHP FastCGI Process Manager (php-fpm) running on localhost
+##
+
+server {
+  listen 80;
+  server_name SERVER_NAME;
+
+# HTTP > HTTPS #
+  return 301 https://$server_name$request_uri;
+}
+
+##
+# Configure Red with SSL
+#
+# All requests are routed to the front controller
+# except for certain known file types like images, css, etc.
+# Those are served statically whenever possible with a
+# fall back to the front controller (needed for avatars, for example)
+##
+
+server {
+  listen 443 ssl;
+  server_name SERVER_NAME;
+
+  ssl on;
+  ssl_certificate /etc/letsencrypt/live/SERVER_NAME/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/SERVER_NAME/privkey.pem;
+  ssl_session_timeout 5m;
+# DO WE NEED TO REVIEW THE FOLLOWING SETTINGS?
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
+  ssl_prefer_server_ciphers on;
+
+  fastcgi_param HTTPS on;
+
+  charset utf-8;
+  root INSTALL_PATH;
+  index index.php;
+  access_log /var/log/nginx/ZOTSERVER_LOG;
+
+  #Uncomment the following line to include a standard configuration file
+  #Note that the most specific rule wins and your standard configuration
+  #will therefore *add* to this file, but not override it.
+  #include standard.conf
+
+  # allow uploads up to 20MB in size
+  client_max_body_size 20m;
+  client_body_buffer_size 128k;
+
+  include mime.types;
+
+  # rewrite to front controller as default rule
+  location / {
+    if (!-e $request_filename) {
+      rewrite ^(.*)$ /index.php?req=$1;
+    }
+  }
+
+  # make sure webfinger and other well known services aren't blocked
+  # by denying dot files and rewrite request to the front controller
+  location ^~ /.well-known/ {
+    allow all;
+    if (!-e $request_filename) {
+      rewrite ^(.*)$ /index.php?req=$1;
+    }
+  }
+
+  # statically serve these file types when possible
+  # otherwise fall back to front controller
+  # allow browser to cache them
+  # added .htm for advanced source code editor library
+  # location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ {
+  #  expires 30d;
+  #  try_files $uri /index.php?req=$uri&$args;
+  # }
+  # SHOULD WE UNCOMMENT THE ABOVE LINES ?
+
+  # block these file types
+  location ~* \.(tpl|md|tgz|log|out)$ {
+    deny all;
+  }
+
+  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+  # or a unix socket
+  location ~* \.php$ {
+    # IS THE FOLLOWING STILL RELEVANT AS OF AUGUST 2020?
+    # Zero-day exploit defense.
+    # http://forum.nginx.org/read.php?2,88845,page=3
+    # Won't work properly (404 error) if the file is not stored on this
+    # server, which is entirely possible with php-fpm/php-fcgi.
+    # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
+    # another machine.  And then cross your fingers that you won't get hacked.
+    try_files $uri =404;
+
+    # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+    # With php5-cgi alone:
+    # fastcgi_pass 127.0.0.1:9000;
+
+    # With php-fpm:
+    fastcgi_pass unix:PHP_FPM_SOCK;
+
+    include fastcgi_params;
+    fastcgi_index index.php;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+  }
+
+  # deny access to all dot files
+  location ~ /\. {
+    deny all;
+  }
+	
+#deny access to store
+
+	location ~ /store {
+        deny  all;
+	}
+
+
+}
+
--- a/.homeinstall/zotserver-config.txt.template
+++ b/.homeinstall/zotserver-config.txt.template
@ -29,6 +29,18 @@ db_pass=
 le_domain=
 le_email=

+###############################################
+### OPTIONAL - Webserver choice ###############
+#
+# Please indicate if you want to choose Nginx
+# or Apache as your web server
+#
+# Valid strings are nginx or apache (lower case),
+# any other will stop the setup script.
+# 
+webserver=apache
+
+
 ###############################################
 ### OPTIONAL - selfHOST - dynamic IP address ##
 #
--- a/.homeinstall/zotserver-setup.sh
+++ b/.homeinstall/zotserver-setup.sh
@ -8,6 +8,7 @@
 # - zap: https://zotlabs.com/zap/
 # - misty : https://zotlabs.com/misty/
 # - osada : https://codeberg.org/zot/osada
+# - redmatrix : https://codeberg.org/zot/redmatrix
 # under Debian Linux "Buster"
 #
 # 1) Copy the file "zotserver-config.txt.template" to "zotserver-config.txt"
@ -60,7 +61,7 @@
 #
 # The script makes a (daily) backup of all relevant files
 # - /var/lib/mysql/ > database
-# - /var/www/ > hubzilla/zap/misty from github
+# - /var/www/ > hubzilla/zap/misty from git repository
 # - /etc/letsencrypt/ > certificates
 #
 # The backup will be written on an external disk compatible to LUKS+ext4 (see zotserver-config.txt)
@ -209,8 +210,15 @@ function print_warn {
 }

 function stop_zotserver {
-    print_info "stopping apache webserver..."
-    systemctl stop apache2
+    if [ $webserver = "nginx" ]
+    then
+        print_info "stopping nginx webserver..."
+        systemctl stop nginx
+    elif [ $webserver = "apache" ]
+    then
+        print_info "stopping apache webserver..."
+        systemctl stop apache2
+    fi
    print_info "stopping mysql db..."
    systemctl stop mariadb
 }
@ -222,8 +230,14 @@ function install_apache {
    systemctl restart apache2
 }

+function install_nginx {
+    print_info "installing nginx..."
+    nocheck_install "nginx"
+    systemctl restart nginx
+}
+
 function add_vhost {
-    print_info "adding vhost"
+    print_info "adding apache vhost"
    echo "<VirtualHost *:80>" >> "/etc/apache2/sites-available/${le_domain}.conf"
    echo "ServerName ${le_domain}" >> "/etc/apache2/sites-available/${le_domain}.conf"
    echo "DocumentRoot $install_path" >> "/etc/apache2/sites-available/${le_domain}.conf"
@ -231,6 +245,12 @@ function add_vhost {
    a2ensite $le_domain
 }

+function add_nginx_block {
+    print_info "adding nginx block"
+    sed "s|SERVER_NAME|${le_domain}|g;s|INSTALL_PATH|${install_path}|g;s|ZOTSERVER_LOG|${install_folder}-${zotserver}.log|;s|PHP_FPM_SOCK|$(ls /var/run/php/*sock)|;" nginx-zotserver.conf.template >> /etc/nginx/sites-enabled/${le_domain}.conf
+    ln -s /etc/nginx/sites-enabled/${le_domain}.conf /etc/nginx/sites-available/
+}
+
 function install_imagemagick {
    print_info "installing imagemagick..."
    nocheck_install "imagemagick"
@ -254,9 +274,18 @@ function install_sendmail {
 function install_php {
    # openssl and mbstring are included in libapache2-mod-php
    print_info "installing php..."
-    nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mbstring php-xml php-zip"
-    sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/apache2/php.ini
-    sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/apache2/php.ini
+    if [ $webserver = "nginx" ]
+    then
+        nocheck_install "php php-pear php-curl php-gd php-mbstring php-xml php-zip php-fpm"
+        sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/fpm/php.ini
+        sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/fpm/php.ini
+        systemctl reload php7.3-fpm
+    elif [ $webserver = "apache" ]
+    then
+        nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mbstring php-xml php-zip"
+        sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/apache2/php.ini
+        sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/apache2/php.ini
+    fi
 }

 function install_mysql {
@ -452,10 +481,20 @@ function install_letsencrypt {
    then
        die "Failed to install let's encrypt: 'le_email' is empty in $configfile"
    fi
-    nocheck_install "certbot python-certbot-apache"
-    print_info "run certbot ..."
+    if [ $webserver = "nginx" ]
+    then
+        nocheck_install "certbot"
+        print_info "run certbot..."
+        systemctl stop nginx
+        certbot certonly --standalone -d $le_domain -m $le_email --agree-tos --non-interactive
+        systemctl start nginx
+    elif [ $webserver = "apache" ]
+    then
+        nocheck_install "certbot python-certbot-apache"
+        print_info "run certbot ..."
 	certbot --apache -w $install_path -d $le_domain -m $le_email --agree-tos --non-interactive --redirect --hsts --uir
-    service apache2 restart
+        service apache2 restart
+    fi
 }

 function check_https {
@ -483,8 +522,11 @@ function zotserver_name {
    elif git remote -v | grep -i "origin.*osada.*"
    then
        zotserver=osada
+    elif git remote -v | grep -i "origin.*redmatrix.*"
+    then
+        zotserver=redmatrix
    else
-        die "neither osada,misty, zap nor hubzilla repository > did not install osada/misty/zap/hubzilla"
+        die "neither redmatrix, osada, misty, zap nor hubzilla repository > did not install redmatrix/osada/misty/zap/hubzilla"
    fi
 }

@ -507,8 +549,12 @@ function install_zotserver {
    then
        print_info "osada"
        util/add_addon_repo https://codeberg.org/zot/osada-addons.git oaddons
+    elif [ $zotserver = "redmatrix" ]
+    then
+        print_info "redmatrix"
+        util/add_addon_repo https://codeberg.org/zot/redmatrix-addons.git raddons
    else
-        die "neither osada, misty, zap nor hubzilla repository > did not install addons or osada/misty/zap/hubzilla"
+        die "neither redmatrix, osada, misty, zap nor hubzilla repository > did not install addons or redmatrix/osada/misty/zap/hubzilla"
    fi
    mkdir -p "cache/smarty3"
    mkdir -p "store"
@ -533,6 +579,22 @@ function install_cryptosetup {
    nocheck_install "cryptsetup"
 }

+function configure_zotserverdaily {
+    echo "#!/bin/sh" >> /var/www/$zotserverdaily
+    echo "#" >> /var/www/$zotserverdaily
+    echo "# update of $le_domain Zot hub/instance" >> /var/www/$zotserverdaily
+    echo "echo \"\$(date) - updating core and addons...\"" >> /var/www/$zotserverdaily
+    echo "echo \"reaching git repository for $le_domain $zotserver hub/instance...\"" >> /var/www/$zotserverdaily
+    echo "(cd $install_path ; util/udall)" >> /var/www/$zotserverdaily
+    echo "chown -R www-data:www-data $install_path # make all accessible for the webserver" >> /var/www/$zotserverdaily
+    if [ $webserver = "apache" ]
+    then
+        echo "chown root:www-data $install_path/.htaccess" >> /var/www/$zotserverdaily
+        echo "chmod 0644 $install_path/.htaccess # www-data can read but not write it" >> /var/www/$zotserverdaily
+    fi
+    chmod a+x /var/www/$zotserverdaily
+}
+
 function configure_cron_daily {
    print_info "configuring cron..."
    # every 10 min for poller.php
@ -541,99 +603,105 @@ function configure_cron_daily {
        echo "*/10 * * * * www-data cd $install_path; php Zotlabs/Daemon/Run.php Cron >> /dev/null 2>&1" >> /etc/crontab
    fi
    # Run external script daily at 05:30
-    # - stop apache and mysql-server
+    # - stop apache/nginx and mysql-server
    # - renew the certificate of letsencrypt
    # - backup db, files ($install_path), certificates if letsencrypt
    # - update zotserver core and addon
    # - update and upgrade linux
    # - reboot is done by "shutdown -h now" because "reboot" hangs sometimes depending on the system
-echo "#!/bin/sh" > /var/www/$zotserverdaily
-echo "#" >> /var/www/$zotserverdaily
-echo "echo \" \"" >> /var/www/$zotserverdaily
-echo "echo \"+++ \$(date) +++\"" >> /var/www/$zotserverdaily
-echo "echo \" \"" >> /var/www/$zotserverdaily
-echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$zotserverdaily
-echo "certbot renew --noninteractive" >> /var/www/$zotserverdaily
-echo "#" >> /var/www/$zotserverdaily
-echo "echo \"\$(date) - stopping apache and mysql...\"" >> /var/www/$zotserverdaily
-echo "service apache2 stop" >> /var/www/$zotserverdaily
-echo "/etc/init.d/mysql stop # to avoid inconsistencies" >> /var/www/$zotserverdaily
-echo "#" >> /var/www/$zotserverdaily
-echo "# backup" >> /var/www/$zotserverdaily
-echo "echo \"\$(date) - try to mount external device for backup...\"" >> /var/www/$zotserverdaily
-echo "backup_device_name=$backup_device_name" >> /var/www/$zotserverdaily
-echo "backup_device_pass=$backup_device_pass" >> /var/www/$zotserverdaily
-echo "backup_mount_point=$backup_mount_point" >> /var/www/$zotserverdaily
-echo "device_mounted=0" >> /var/www/$zotserverdaily
-echo "if [ -n \"$backup_device_name\" ]" >> /var/www/$zotserverdaily
-echo "then" >> /var/www/$zotserverdaily
-echo "    if blkid | grep $backup_device_name" >> /var/www/$zotserverdaily
-echo "    then" >> /var/www/$zotserverdaily
-	if [ -n "$backup_device_pass" ]
-	then
-echo "        echo \"decrypting backup device...\"" >> /var/www/$zotserverdaily
-echo "        echo "\"$backup_device_pass\"" | cryptsetup luksOpen $backup_device_name cryptobackup" >> /var/www/$zotserverdaily
-    fi
-echo "        if [ ! -d $backup_mount_point ]" >> /var/www/$zotserverdaily
-echo "        then" >> /var/www/$zotserverdaily
-echo "            mkdir $backup_mount_point" >> /var/www/$zotserverdaily
-echo "        fi" >> /var/www/$zotserverdaily
-echo "        echo \"mounting backup device...\"" >> /var/www/$zotserverdaily
-	if [ -n "$backup_device_pass" ]
-	then
-echo "        if mount /dev/mapper/cryptobackup $backup_mount_point" >> /var/www/$zotserverdaily
-	else
-echo "        if mount $backup_device_name $backup_mount_point" >> /var/www/$zotserverdaily
-	fi
-echo "        then" >> /var/www/$zotserverdaily
-echo "            device_mounted=1" >> /var/www/$zotserverdaily
-echo "            echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$zotserverdaily
-echo "            rsync -a --delete /var/lib/mysql/ /media/zotserver_backup/mysql" >> /var/www/$zotserverdaily
-echo "            rsync -a --delete /var/www/ /media/zotserver_backup/www" >> /var/www/$zotserverdaily
-echo "            rsync -a --delete /etc/letsencrypt/ /media/zotserver_backup/letsencrypt" >> /var/www/$zotserverdaily
-echo "            echo \"\$(date) - disk sizes...\"" >> /var/www/$zotserverdaily
-echo "            df -h" >> /var/www/$zotserverdaily
-echo "            echo \"\$(date) - db size...\"" >> /var/www/$zotserverdaily
-echo "            du -h $backup_mount_point | grep mysql/zotserver" >> /var/www/$zotserverdaily
-echo "            echo \"unmounting backup device...\"" >> /var/www/$zotserverdaily
-echo "            umount $backup_mount_point" >> /var/www/$zotserverdaily
-echo "        else" >> /var/www/$zotserverdaily
-echo "            echo \"failed to mount device $backup_device_name\"" >> /var/www/$zotserverdaily
-echo "        fi" >> /var/www/$zotserverdaily
-	if [ -n "$backup_device_pass" ]
-	then
-echo "        echo \"closing decrypted backup device...\"" >> /var/www/$zotserverdaily
-echo "        cryptsetup luksClose cryptobackup" >> /var/www/$zotserverdaily
-	fi
-echo "    fi" >> /var/www/$zotserverdaily
-echo "fi" >> /var/www/$zotserverdaily
-echo "if [ \$device_mounted == 0 ]" >> /var/www/$zotserverdaily
-echo "then" >> /var/www/$zotserverdaily
-echo "    echo \"device could not be mounted $backup_device_name. No backup written.\"" >> /var/www/$zotserverdaily
-echo "fi" >> /var/www/$zotserverdaily
-echo "#" >> /var/www/$zotserverdaily
-echo "echo \"\$(date) - db size...\"" >> /var/www/$zotserverdaily
-echo "du -h /var/lib/mysql/ | grep mysql/zotserver" >> /var/www/$zotserverdaily
-echo "#" >> /var/www/$zotserverdaily
-echo "# update" >> /var/www/$zotserverdaily
-echo "echo \"\$(date) - updating core and addons...\"" >> /var/www/$zotserverdaily
-echo "(cd $install_path/ ; util/udall)" >> /var/www/$zotserverdaily
-echo "chown -R www-data:www-data $install_path/ # make all accessable for the webserver" >> /var/www/$zotserverdaily
-echo "chown root:www-data $install_path/.htaccess" >> /var/www/$zotserverdaily
-echo "chmod 0644 $install_path/.htaccess # www-data can read but not write it" >> /var/www/$zotserverdaily
-echo "echo \"\$(date) - updating linux...\"" >> /var/www/$zotserverdaily
-echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$zotserverdaily
-echo "echo \"\$(date) - Backup and update finished. Rebooting...\"" >> /var/www/$zotserverdaily
-echo "#" >> /var/www/$zotserverdaily
-echo "shutdown -r now" >> /var/www/$zotserverdaily
-
-    if [ -z "`grep '$zotserverdaily' /etc/crontab`" ]
+    echo "#!/bin/sh" > /var/www/$zotcron
+    echo "#" >> /var/www/$zotcron
+    echo "echo \" \"" >> /var/www/$zotcron
+    echo "echo \"+++ \$(date) +++\"" >> /var/www/$zotcron
+    echo "echo \" \"" >> /var/www/$zotcron
+    echo "echo \"\$(date) - stopping $webserver and mysql...\"" >> /var/www/$zotcron
+    if [ $webserver = "nginx" ]
    then
-        echo "30 05 * * * root /bin/bash /var/www/$zotserverdaily >> $install_path/${install_folder}-${zotserver}-daily.log 2>&1" >> /etc/crontab
-        echo "0 0 1 * * root rm $install_path/${install_folder}-${zotserver}-daily.log" >> /etc/crontab
+        echo "systemctl stop nginx" >> /var/www/$zotcron
+    elif [ $webserver = "apache" ]
+    then
+        echo "service apache2 stop" >> /var/www/$zotcron
+    fi
+    echo "/etc/init.d/mysql stop # to avoid inconsistencies" >> /var/www/$zotcron
+    echo "#" >> /var/www/$zotcron
+    echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$zotcron
+    echo "certbot renew --noninteractive" >> /var/www/$zotcron
+    echo "#" >> /var/www/$zotcron
+    echo "# backup" >> /var/www/$zotcron
+    echo "echo \"\$(date) - try to mount external device for backup...\"" >> /var/www/$zotcron
+    echo "backup_device_name=$backup_device_name" >> /var/www/$zotcron
+    echo "backup_device_pass=$backup_device_pass" >> /var/www/$zotcron
+    echo "backup_mount_point=$backup_mount_point" >> /var/www/$zotcron
+    echo "device_mounted=0" >> /var/www/$zotcron
+    echo "if [ -n \"\$backup_device_name\" ]" >> /var/www/$zotcron
+    echo "then" >> /var/www/$zotcron
+    echo "    if blkid | grep $backup_device_name" >> /var/www/$zotcron
+    echo "    then" >> /var/www/$zotcron
+    if [ -n "$backup_device_pass" ]
+    then
+        echo "        echo \"decrypting backup device...\"" >> /var/www/$zotcron
+        echo "        echo "\"$backup_device_pass\"" | cryptsetup luksOpen $backup_device_name cryptobackup" >> /var/www/$zotcron
+    fi
+    echo "        if [ ! -d $backup_mount_point ]" >> /var/www/$zotcron
+    echo "        then" >> /var/www/$zotcron
+    echo "            mkdir $backup_mount_point" >> /var/www/$zotcron
+    echo "        fi" >> /var/www/$zotcron
+    echo "        echo \"mounting backup device...\"" >> /var/www/$zotcron
+    if [ -n "$backup_device_pass" ]
+    then
+        echo "        if mount /dev/mapper/cryptobackup $backup_mount_point" >> /var/www/$zotcron
+    else
+        echo "        if mount $backup_device_name $backup_mount_point" >> /var/www/$zotcron
+    fi
+    echo "        then" >> /var/www/$zotcron
+    echo "            device_mounted=1" >> /var/www/$zotcron
+    echo "            echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$zotcron
+    echo "            rsync -a --delete /var/lib/mysql/ /media/zotserver_backup/mysql" >> /var/www/$zotcron
+    echo "            rsync -a --delete /var/www/ /media/zotserver_backup/www" >> /var/www/$zotcron
+    echo "            rsync -a --delete /etc/letsencrypt/ /media/zotserver_backup/letsencrypt" >> /var/www/$zotcron
+    echo "            echo \"\$(date) - disk sizes...\"" >> /var/www/$zotcron
+    echo "            df -h" >> /var/www/$zotcron
+    echo "            echo \"\$(date) - db size...\"" >> /var/www/$zotcron
+    echo "            du -h $backup_mount_point | grep mysql/zotserver" >> /var/www/$zotcron
+    echo "            echo \"unmounting backup device...\"" >> /var/www/$zotcron
+    echo "            umount $backup_mount_point" >> /var/www/$zotcron
+    echo "        else" >> /var/www/$zotcron
+    echo "            echo \"failed to mount device $backup_device_name\"" >> /var/www/$zotcron
+    echo "        fi" >> /var/www/$zotcron
+    if [ -n "$backup_device_pass" ]
+    then
+        echo "        echo \"closing decrypted backup device...\"" >> /var/www/$zotcron
+        echo "        cryptsetup luksClose cryptobackup" >> /var/www/$zotcron
+    fi
+    echo "    fi" >> /var/www/$zotcron
+    echo "fi" >> /var/www/$zotcron
+    echo "if [ \$device_mounted == 0 ]" >> /var/www/$zotcron
+    echo "then" >> /var/www/$zotcron
+    echo "    echo \"device could not be mounted $backup_device_name. No backup written.\"" >> /var/www/$zotcron
+    echo "fi" >> /var/www/$zotcron
+    echo "#" >> /var/www/$zotcron
+    echo "echo \"\$(date) - db size...\"" >> /var/www/$zotcron
+    echo "du -h /var/lib/mysql/ | grep mysql/" >> /var/www/$zotcron
+    echo "#" >> /var/www/$zotcron
+    echo "cd /var/www" >> /var/www/$zotcron
+    echo "for f in *-daily.sh; do \"./\${f}\"; done" >> /var/www/$zotcron
+    echo "echo \"\$(date) - updating linux...\"" >> /var/www/$zotcron
+    echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$zotcron
+    echo "echo \"\$(date) - Backup and update finished. Rebooting...\"" >> /var/www/$zotcron
+    echo "#" >> /var/www/$zotcron
+    echo "shutdown -r now" >> /var/www/$zotcron
+
+    # If global cron job does not exist we add it to /etc/crontab
+    if grep -q $zotcron /etc/crontab
+    then
+        echo "cron job already in /etc/crontab"
+    else
+        echo "30 05 * * * root /bin/bash /var/www/$zotcron >> /var/www/zot-daily.log 2>&1" >> /etc/crontab
+        echo "0 0 1 * * root rm /var/www/zot-daily.log" >> /etc/crontab
    fi

-    # This is active after either "reboot" or "/etc/init.d/cron reload"
+    # This is active after either "reboot" or cron reload"
+    systemctl restart cron
    print_info "configured cron for updates/upgrades"
 }

@ -641,7 +709,6 @@ echo "shutdown -r now" >> /var/www/$zotserverdaily
 # START OF PROGRAM
 ########################################################################
 export PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
 check_sanity

 zotserver_name
@ -655,8 +722,9 @@ source $configfile

 selfhostdir=/etc/selfhost
 selfhostscript=selfhost-updater.sh
+zotcron="zotcron.sh"
 zotserverdaily="${install_folder}-${zotserver}-daily.sh"
-backup_mount_point="/media/${install_folder}-${zotserver}_backup"
+backup_mount_point="/media/zotserver_backup"

 #set -x    # activate debugging from here

@ -666,15 +734,32 @@ update_upgrade
 install_curl
 install_wget
 install_sendmail
-install_apache
-if [ "$install_path" != "/var/www/html" ]
+if [ $webserver = "nginx" ]
 then
-    add_vhost
+    install_nginx
+elif [ $webserver = "apache" ]
+then
+    install_apache
+else
+die "Failed to install a Web server: 'webserver' not set to \"apache\" or \"nginx\" in $configfile" 
 fi
 install_imagemagick
 install_php
+if [ $webserver = "nginx" ]
+then
+    add_nginx_block
+elif [ $webserver = "apache" ]
+then
+    if [ "$install_path" != "/var/www/html" ]
+    then
+        add_vhost
+    fi
+fi
 install_mysql
+if [ $webserver = "apache" ]
+then
 install_adminer
+fi
 create_zotserver_db
 run_freedns
 install_run_selfhost
@ -692,6 +777,8 @@ fi

 install_zotserver

+configure_zotserverdaily
+
 configure_cron_daily

 if [ "$le_domain" != "localhost" ]
@ -704,5 +791,3 @@ fi


 #set +x    # stop debugging from here
-
-