diff --git a/contrib/autoinstall/autoinstall.sh b/contrib/autoinstall/autoinstall.sh index 47daa2cbe..497a2aa8c 100755 --- a/contrib/autoinstall/autoinstall.sh +++ b/contrib/autoinstall/autoinstall.sh @@ -80,7 +80,8 @@ function check_sanity { then die "You can only run this script on a Debian GNU/Linux 11 server" else - system=debian + pkgsys=deb + os=debian print_info "Running the autoinstall script on a Debian GNU/Linux 11 server" fi } @@ -179,6 +180,13 @@ function create_website_db { else die "database named \"$website_db_name\" already exists..." fi + # We check that the database and its user were successfully created + if [[ ! -z $(mysql -h localhost -u $website_db_user -p$website_db_pass -e "SHOW DATABASES;" | grep -w "$website_db_name") ]] + then + print_info "The website's database and database user were successfully created" + else + die "Something went wrong, the website's database and database user do no seem to exist" + fi } function ping_domain { @@ -209,9 +217,10 @@ function check_https { wget_output=$(wget -nv --spider --max-redirect 0 $url_https) if [ $? -ne 0 ] then - print_warn "check not ok" + print_warn "It seems that your website is not reachable through a secured https connection, you should investigate this" else - print_info "check ok" + print_info "Check OK" + final_message fi } @@ -314,7 +323,7 @@ function configure_cron_daily { echo "#" >> /var/www/$cron_job echo "cd /var/www" >> /var/www/$cron_job echo "for f in *-daily.sh; do \"./\${f}\"; done" >> /var/www/$cron_job - if [[ $system == "debian" ]] + if [[ $os == "debian" ]] then echo "echo \"\$(date) - updating Debian GNU/Linux...\"" >> /var/www/$cron_job echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update Debian GNU/Linux and upgrade" >> /var/www/$cron_job @@ -345,13 +354,20 @@ function configure_cron_daily { ######################################################################## export PATH=/bin:/usr/bin:/sbin:/usr/sbin +install_path="$(dirname $(dirname "$(pwd)"))" +if [ "$install_path" == "/var/www/html" ] +then + die "Please don't install your website in /var/www/html." +fi +install_folder="$(basename $install_path)" + for arg in "$@" ; do shift case "$arg" in --local) local_install=yes print "We're doing a local install, option is $local_install" ;; - *) die "not a valid option" + *) die "\"$arg\" is not a valid argument or option, \"--local\" is the only option you can use with autoinstall.sh" ;; esac done @@ -359,24 +375,16 @@ done check_sanity repo_name print_info "We're installing a website using the $repository repository" -install_path="$(dirname $(dirname "$(pwd)"))" -if [ "$install_path" == "/var/www/html" ] -then - die "Please don't install your website in /var/www/html." -fi -install_folder="$(basename $install_path)" -domain_regex="^([a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]\.)+[a-zA-Z]{2,}$" -local_regex="^([a-zA-Z0-9]){2,25}$" print_info "Now using scripts/dialogs.sh to obtain all necessary settings for the install" source scripts/dialogs.sh #set -x # activate debugging from here -if [[ $system == "debian" ]] +if [[ $pkgsys == "deb" ]] then - source scripts/debian.sh + source scripts/deb.sh # Scripts for other Debian based distros could be added later -# elif [[ $system == "other_distro" ]] +# elif [[ $pkgsys == "other_distro" ]] # then # source scripts/other_distro.sh fi @@ -389,9 +397,12 @@ install_wget install_sendmail install_imagemagick # DNS stuff -install_run_ddns -ping_domain -configure_cron_ddns +if [ -z $local_install ] +then + install_run_ddns + ping_domain + configure_cron_ddns +fi # Web server install_webserver # PHP @@ -416,8 +427,11 @@ daily_update="${domain_name}-daily.sh" cron_job="cron_job.sh" configure_daily_update configure_cron_daily -# Final checks -check_https +# Final https check +if [ -z $local_install ] +then + check_https +fi # Put a nice message here no confirm the website was successfully installed diff --git a/contrib/autoinstall/scripts/common_conf.sh b/contrib/autoinstall/scripts/common_conf.sh index 165ea3544..52878b8df 100644 --- a/contrib/autoinstall/scripts/common_conf.sh +++ b/contrib/autoinstall/scripts/common_conf.sh @@ -17,6 +17,10 @@ function vhost_le { print_info "run certbot ..." certbot --apache -w $install_path -d $domain_name -m $le_email --agree-tos --non-interactive --redirect --hsts --uir service apache2 restart + if [ "$(systemctl is-active apache2)" == "failed" ] + then + die "Something went wrong with the Apache configuration of your website" + fi vhost_le_configured=yes } @@ -29,10 +33,20 @@ function nginx_conf_le { function add_nginx_conf { print_info "adding nginx conf files" + if [ -z $local_install ] + then + nginx_template="templates/nginx-server.conf.template" + else + nginx_template="templates/nginx-server.localhost.conf.template" + fi sed "s|SERVER_NAME|${domain_name}|g;s|INSTALL_PATH|${install_path}|g;s|SERVER_LOG|${domain_name}.log|;s|DOMAIN_CERT|${cert}|;s|CERT_KEY|${cert_key}|;" nginx-server.conf.template >> /etc/nginx/sites-available/${domain_name}.conf ln -s /etc/nginx/sites-available/${domain_name}.conf /etc/nginx/sites-enabled/ - nginx_conf=yes systemctl restart nginx + if [ "$(systemctl is-active nginx)" == "failed" ] + then + die "Something went wrong with the Nginx configuration of your website" + fi + nginx_conf=yes } function webserver_conf { diff --git a/contrib/autoinstall/scripts/common_install.sh b/contrib/autoinstall/scripts/common_install.sh index d9d2a5257..f057c42b8 100644 --- a/contrib/autoinstall/scripts/common_install.sh +++ b/contrib/autoinstall/scripts/common_install.sh @@ -25,22 +25,30 @@ function install_sendmail { } function install_apache { - if [[ -z "$(which apache2)" ]] + if [[ -z "$(which apache2)" ]] && if [[ -z "$(which nginx)" ]] then print_info "installing apache..." nocheck_install "apache2 apache2-utils" a2enmod rewrite systemctl restart apache2 fi + if [ "$(systemctl is-active apache2)" == "failed" ] + then + die "Something went wrong with the installation of Apache" + fi } function install_nginx { - if [[ -z "$(which nginx)" ]] + if [[ -z "$(which nginx)" ]] && if [[ -z "$(which apache2)" ]] then print_info "installing nginx..." nocheck_install "nginx" systemctl restart nginx fi + if [ "$(systemctl is-active nginx)" == "failed" ] + then + die "Something went wrong with the installation of Nginx" + fi } function install_letsencrypt { diff --git a/contrib/autoinstall/scripts/debian.sh b/contrib/autoinstall/scripts/deb.sh similarity index 98% rename from contrib/autoinstall/scripts/debian.sh rename to contrib/autoinstall/scripts/deb.sh index 14df6f1d2..45e62687f 100644 --- a/contrib/autoinstall/scripts/debian.sh +++ b/contrib/autoinstall/scripts/deb.sh @@ -67,4 +67,8 @@ function php_version { fi } -install_sury_repo +if [[ $os == "debian" ]] +then + install_sury_repo +if + diff --git a/contrib/autoinstall/scripts/dialogs.sh b/contrib/autoinstall/scripts/dialogs.sh index dd8fa9090..3bdab9d73 100755 --- a/contrib/autoinstall/scripts/dialogs.sh +++ b/contrib/autoinstall/scripts/dialogs.sh @@ -1,7 +1,7 @@ #!/bin/bash function script_debut { # First we check if we're running the script on a freshly installed Debian 11 server - if [[ $system == "debian" ]] + if [[ $os == "debian" ]] then if [[ ! -z "$(which php)" ]] || [[ ! -z "$(which mysql)" ]] || [[ ! -z "$(which apache)" ]] || [[ ! -z "$(which nginx)" ]] then @@ -242,7 +242,6 @@ function summary { summary_db_name="Website database name : $website_db_name\n" summary_db_user="Website database user : $website_db_user\n" # This will be used to display the settings for our install - summary_display="$summary_domain$summary_db_name$summary_db_user$summary_db_pass" summary_display="$summary_domain$summary_email$summary_webserver$summary_ddns_provider$summary_ddns_key$summary_ddns_id$summary_ddns_password$summary_db_pass$summary_db_name$summary_db_user" # We display all settings if (whiptail \ @@ -256,7 +255,7 @@ function summary { # Reset all settings before sarting over. We keep domain name, email address for Let's Encrypt # and mysql root, which will most likely remain the same unset webserver summary_webserver - unset ddns_provider ddns_provider_name + unset ddns_provider ddns_provider_name summary_ddns_provider unset ddns_key_type ddns_key summary_ddns_key unset ddns_id ddns_password summary_ddns_id summary_ddns_password unset website_db_pass website_db_name website_db_user @@ -279,6 +278,17 @@ function launch_install { fi } +function final_message { + whiptail \ + --title "Website successfully installed" \ + --msgbox "Your website was successfully installed. You must now visit https://$domain_name with your web browser to finish the setup. You will need the following:\n\n$summary_db_name$summary_db_pass$summary_db_user" \ + 10 80 + print_info "Website successfully installed\n\n$summary_domain$summary_db_name$summary_db_pass$summary_db_user" +} + + +domain_regex="^([a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]\.)+[a-zA-Z]{2,}$" +local_regex="^([a-zA-Z0-9]){2,25}$" # set -x script_debut diff --git a/contrib/autoinstall/scripts/more_dialogs.sh b/contrib/autoinstall/scripts/more_dialogs.sh index 8dc18861b..2fc97d777 100644 --- a/contrib/autoinstall/scripts/more_dialogs.sh +++ b/contrib/autoinstall/scripts/more_dialogs.sh @@ -199,10 +199,7 @@ function ddns_config { fi else # The following part is for FreeDNS and Gandi which both only need a single key - if [ -z "$inputbox_ddns_key" ] - then - inputbox_ddns_key="Please provide your $ddns_provider_name $ddns_key_type :" - fi + inputbox_ddns_key="Please provide your $ddns_provider_name $ddns_key_type :" ddns_key=$(whiptail \ --title "$ddns_provider_name $ddns_key_type" \ --inputbox "$inputbox_ddns_key" \ diff --git a/contrib/autoinstall/nginx-server.conf.template b/contrib/autoinstall/templates/nginx-server.conf.template similarity index 100% rename from contrib/autoinstall/nginx-server.conf.template rename to contrib/autoinstall/templates/nginx-server.conf.template diff --git a/contrib/autoinstall/templates/nginx-server.localhost.conf.template b/contrib/autoinstall/templates/nginx-server.localhost.conf.template new file mode 100644 index 000000000..e16ba1861 --- /dev/null +++ b/contrib/autoinstall/templates/nginx-server.localhost.conf.template @@ -0,0 +1,117 @@ +## +# Nginx block configuration template +# based on the example created by Olaf Conradi +# +# The files generated with this template will be added to +# /etc/nginx/sites-available & /etc/nginx/sites-enabled (symlink) +## + +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# +# http://wiki.nginx.org/Pitfalls +# http://wiki.nginx.org/QuickStart +# http://wiki.nginx.org/Configuration +## + +## +# This configuration assumes +# You filled the zotserver-config.txt file +# Your use a local domain +# You have PHP FastCGI Process Manager (php-fpm) running on localhost +## + +server { + listen 80; + listen [::]:80; + server_name SERVER_NAME; + + charset utf-8; + root INSTALL_PATH; + index index.php; + access_log /var/log/nginx/SERVER_LOG; + + #Uncomment the following line to include a standard configuration file + #Note that the most specific rule wins and your standard configuration + #will therefore *add* to this file, but not override it. + #include standard.conf + + # allow uploads up to 20MB in size + client_max_body_size 20m; + client_body_buffer_size 128k; + + include mime.types; + + # rewrite to front controller as default rule + location / { + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?req=$1; + } + } + + # make sure webfinger and other well known services aren't blocked + # by denying dot files and rewrite request to the front controller + location ^~ /.well-known/ { + allow all; + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?req=$1; + } + } + + # statically serve these file types when possible + # otherwise fall back to front controller + # allow browser to cache them + # added .htm for advanced source code editor library + # location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ { + # expires 30d; + # try_files $uri /index.php?req=$uri&$args; + # } + # SHOULD WE UNCOMMENT THE ABOVE LINES ? + + # block these file types + location ~* \.(tpl|md|tgz|log|out)$ { + deny all; + } + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # or a unix socket + location ~* \.php$ { + # IS THE FOLLOWING STILL RELEVANT AS OF AUGUST 2020? + # Zero-day exploit defense. + # http://forum.nginx.org/read.php?2,88845,page=3 + # Won't work properly (404 error) if the file is not stored on this + # server, which is entirely possible with php-fpm/php-fcgi. + # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on + # another machine. And then cross your fingers that you won't get hacked. + try_files $uri =404; + + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + # With php5-cgi alone: + # fastcgi_pass 127.0.0.1:9000; + + # With php-fpm: + fastcgi_pass unix:/var/run/php/php-fpm.sock; + + include fastcgi_params; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + # include adminer configuration + include /etc/nginx/snippets/adminer-nginx.inc; + + # deny access to all dot files + location ~ /\. { + deny all; + } + + #deny access to store + location ~ /store { + deny all; + } + + +}