Perfecting things

contrib/autoinstall/autoinstall.sh

@@ -80,7 +80,8 @@ function check_sanity {
     then
         die "You can only run this script on a Debian GNU/Linux 11 server"
     else
-        system=debian
+        pkgsys=deb
+        os=debian
         print_info "Running the autoinstall script on a Debian GNU/Linux 11 server"
     fi
 }
@@ -179,6 +180,13 @@ function create_website_db {
     else
         die "database named \"$website_db_name\" already exists..."
     fi
+    # We check that the database and its user were successfully created
+    if [[ ! -z $(mysql -h localhost -u $website_db_user -p$website_db_pass -e "SHOW DATABASES;" | grep -w "$website_db_name") ]]
+    then
+        print_info "The website's database and database user were successfully created"
+    else
+        die "Something went wrong, the website's database and database user do no seem to exist"
+    fi
 }
 
 function ping_domain {
@@ -209,9 +217,10 @@ function check_https {
     wget_output=$(wget -nv --spider --max-redirect 0 $url_https)
     if [ $? -ne 0 ]
     then
-        print_warn "check not ok"
+        print_warn "It seems that your website is not reachable through a secured https connection, you should investigate this"
     else
-        print_info "check ok"
+        print_info "Check OK"
+        final_message
     fi
 }
 
@@ -314,7 +323,7 @@ function configure_cron_daily {
     echo "#" >> /var/www/$cron_job
     echo "cd /var/www" >> /var/www/$cron_job
     echo "for f in *-daily.sh; do \"./\${f}\"; done" >> /var/www/$cron_job
-    if [[ $system == "debian" ]]
+    if [[ $os == "debian" ]]
     then
         echo "echo \"\$(date) - updating Debian GNU/Linux...\"" >> /var/www/$cron_job
         echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update Debian GNU/Linux and upgrade" >> /var/www/$cron_job
@@ -345,13 +354,20 @@ function configure_cron_daily {
 ########################################################################
 export PATH=/bin:/usr/bin:/sbin:/usr/sbin
 
+install_path="$(dirname $(dirname "$(pwd)"))"
+if [ "$install_path" == "/var/www/html" ]
+then
+    die "Please don't install your website in /var/www/html."
+fi
+install_folder="$(basename $install_path)"
+
 for arg in "$@" ; do
    shift
    case "$arg" in
       --local) local_install=yes
                print "We're doing a local install, option is $local_install"
       ;;
-      *) die "not a valid option"
+      *) die "\"$arg\" is not a valid argument or option, \"--local\" is the only option you can use with autoinstall.sh"
       ;;
    esac
 done
@@ -359,24 +375,16 @@ done
 check_sanity
 repo_name
 print_info "We're installing a website using the $repository repository"
-install_path="$(dirname $(dirname "$(pwd)"))"
-if [ "$install_path" == "/var/www/html" ]
-then
-    die "Please don't install your website in /var/www/html."
-fi
-install_folder="$(basename $install_path)"
-domain_regex="^([a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]\.)+[a-zA-Z]{2,}$"
-local_regex="^([a-zA-Z0-9]){2,25}$"
 print_info "Now using scripts/dialogs.sh to obtain all necessary settings for the install"
 source scripts/dialogs.sh
 
 #set -x    # activate debugging from here
 
-if [[ $system == "debian" ]]
+if [[ $pkgsys == "deb" ]]
 then
-    source scripts/debian.sh
+    source scripts/deb.sh
 # Scripts for other Debian based distros could be added later
-# elif [[ $system == "other_distro" ]]
+# elif [[ $pkgsys == "other_distro" ]]
 # then
 #     source scripts/other_distro.sh
 fi
@@ -389,9 +397,12 @@ install_wget
 install_sendmail
 install_imagemagick
 # DNS stuff
-install_run_ddns
-ping_domain
-configure_cron_ddns
+if [ -z $local_install ]
+then
+    install_run_ddns
+    ping_domain
+    configure_cron_ddns
+fi
 # Web server
 install_webserver
 # PHP
@@ -416,8 +427,11 @@ daily_update="${domain_name}-daily.sh"
 cron_job="cron_job.sh"
 configure_daily_update
 configure_cron_daily
-# Final checks
-check_https
+# Final https check
+if [ -z $local_install ]
+then
+    check_https
+fi
 
 # Put a nice message here no confirm the website was successfully installed
 

contrib/autoinstall/scripts/common_conf.sh

@@ -17,6 +17,10 @@ function vhost_le {
     print_info "run certbot ..."
     certbot --apache -w $install_path -d $domain_name -m $le_email --agree-tos --non-interactive --redirect --hsts --uir
     service apache2 restart
+    if [ "$(systemctl is-active apache2)" == "failed" ]
+    then
+        die "Something went wrong with the Apache configuration of your website"
+    fi
     vhost_le_configured=yes
 }
 
@@ -29,10 +33,20 @@ function nginx_conf_le {
 
 function add_nginx_conf {
     print_info "adding nginx conf files"
+    if [ -z $local_install ]
+    then
+        nginx_template="templates/nginx-server.conf.template"
+    else
+        nginx_template="templates/nginx-server.localhost.conf.template"
+    fi
     sed "s|SERVER_NAME|${domain_name}|g;s|INSTALL_PATH|${install_path}|g;s|SERVER_LOG|${domain_name}.log|;s|DOMAIN_CERT|${cert}|;s|CERT_KEY|${cert_key}|;" nginx-server.conf.template >> /etc/nginx/sites-available/${domain_name}.conf
     ln -s /etc/nginx/sites-available/${domain_name}.conf /etc/nginx/sites-enabled/
-    nginx_conf=yes
     systemctl restart nginx
+    if [ "$(systemctl is-active nginx)" == "failed" ]
+    then
+        die "Something went wrong with the Nginx configuration of your website"
+    fi
+    nginx_conf=yes
 }
 
 function webserver_conf {

contrib/autoinstall/scripts/common_install.sh

@@ -25,22 +25,30 @@ function install_sendmail {
 }
 
 function install_apache {
-    if [[ -z "$(which apache2)" ]]
+    if [[ -z "$(which apache2)" ]] && if [[ -z "$(which nginx)" ]]
     then
         print_info "installing apache..."
         nocheck_install "apache2 apache2-utils"
         a2enmod rewrite
         systemctl restart apache2
     fi
+    if [ "$(systemctl is-active apache2)" == "failed" ]
+    then
+        die "Something went wrong with the installation of Apache"
+    fi
 }
 
 function install_nginx {
-    if [[ -z "$(which nginx)" ]]
+    if [[ -z "$(which nginx)" ]] && if [[ -z "$(which apache2)" ]]
     then
         print_info "installing nginx..."
         nocheck_install "nginx"
         systemctl restart nginx
     fi
+    if [ "$(systemctl is-active nginx)" == "failed" ]
+    then
+        die "Something went wrong with the installation of Nginx"
+    fi
 }
 
 function install_letsencrypt {

contrib/autoinstall/scripts/deb.sh

@@ -67,4 +67,8 @@ function php_version {
     fi
 }
 
-install_sury_repo
+if [[ $os == "debian" ]]
+then
+    install_sury_repo
+if
+

contrib/autoinstall/scripts/dialogs.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 function script_debut {
     # First we check if we're running the script on a freshly installed Debian 11 server
-    if [[ $system == "debian" ]]
+    if [[ $os == "debian" ]]
     then
         if [[ ! -z "$(which php)" ]] || [[ ! -z "$(which mysql)" ]] || [[ ! -z "$(which apache)" ]] || [[ ! -z "$(which nginx)" ]]
         then
@@ -242,7 +242,6 @@ function summary {
     summary_db_name="Website database name       :   $website_db_name\n"
     summary_db_user="Website database user       :   $website_db_user\n"
     # This will be used to display the settings for our install
-    summary_display="$summary_domain$summary_db_name$summary_db_user$summary_db_pass"
     summary_display="$summary_domain$summary_email$summary_webserver$summary_ddns_provider$summary_ddns_key$summary_ddns_id$summary_ddns_password$summary_db_pass$summary_db_name$summary_db_user"
     # We display all settings
     if (whiptail \
@@ -256,7 +255,7 @@ function summary {
         # Reset all settings before sarting over. We keep domain name, email address for Let's Encrypt
         # and mysql root, which will most likely remain the same
         unset webserver summary_webserver
-        unset ddns_provider ddns_provider_name
+        unset ddns_provider ddns_provider_name summary_ddns_provider
         unset ddns_key_type ddns_key summary_ddns_key
         unset ddns_id ddns_password summary_ddns_id summary_ddns_password
         unset website_db_pass website_db_name website_db_user
@@ -279,6 +278,17 @@ function launch_install {
     fi
 }
 
+function final_message {
+    whiptail \
+        --title "Website successfully installed" \
+        --msgbox "Your website was successfully installed. You must now visit https://$domain_name with your web browser to finish the setup. You will need the following:\n\n$summary_db_name$summary_db_pass$summary_db_user" \
+        10 80
+    print_info "Website successfully installed\n\n$summary_domain$summary_db_name$summary_db_pass$summary_db_user"
+}
+
+
+domain_regex="^([a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]\.)+[a-zA-Z]{2,}$"
+local_regex="^([a-zA-Z0-9]){2,25}$"
 
 # set -x
 script_debut

contrib/autoinstall/scripts/more_dialogs.sh

@@ -199,10 +199,7 @@ function ddns_config {
         fi
     else
     # The following part is for FreeDNS and Gandi which both only need a single key
-        if [ -z "$inputbox_ddns_key" ]
-        then
-            inputbox_ddns_key="Please provide your $ddns_provider_name $ddns_key_type :"
-        fi
+        inputbox_ddns_key="Please provide your $ddns_provider_name $ddns_key_type :"
         ddns_key=$(whiptail \
         --title "$ddns_provider_name $ddns_key_type" \
         --inputbox "$inputbox_ddns_key" \

contrib/autoinstall/templates/nginx-server.localhost.conf.template

@@ -0,0 +1,117 @@
+##
+# Nginx block configuration template
+# based on the example created by Olaf Conradi
+#
+# The files generated with this template will be added to
+# /etc/nginx/sites-available & /etc/nginx/sites-enabled (symlink)
+##
+
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+#
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+##
+
+##
+# This configuration assumes 
+# You filled the zotserver-config.txt file
+# Your use a local domain
+# You have PHP FastCGI Process Manager (php-fpm) running on localhost
+##
+
+server {
+  listen 80;
+  listen [::]:80;
+  server_name SERVER_NAME;
+
+  charset utf-8;
+  root INSTALL_PATH;
+  index index.php;
+  access_log /var/log/nginx/SERVER_LOG;
+
+  #Uncomment the following line to include a standard configuration file
+  #Note that the most specific rule wins and your standard configuration
+  #will therefore *add* to this file, but not override it.
+  #include standard.conf
+
+  # allow uploads up to 20MB in size
+  client_max_body_size 20m;
+  client_body_buffer_size 128k;
+
+  include mime.types;
+
+  # rewrite to front controller as default rule
+  location / {
+    if (!-e $request_filename) {
+      rewrite ^(.*)$ /index.php?req=$1;
+    }
+  }
+
+  # make sure webfinger and other well known services aren't blocked
+  # by denying dot files and rewrite request to the front controller
+  location ^~ /.well-known/ {
+    allow all;
+    if (!-e $request_filename) {
+      rewrite ^(.*)$ /index.php?req=$1;
+    }
+  }
+
+  # statically serve these file types when possible
+  # otherwise fall back to front controller
+  # allow browser to cache them
+  # added .htm for advanced source code editor library
+  # location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ {
+  #  expires 30d;
+  #  try_files $uri /index.php?req=$uri&$args;
+  # }
+  # SHOULD WE UNCOMMENT THE ABOVE LINES ?
+
+  # block these file types
+  location ~* \.(tpl|md|tgz|log|out)$ {
+    deny all;
+  }
+
+  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+  # or a unix socket
+  location ~* \.php$ {
+    # IS THE FOLLOWING STILL RELEVANT AS OF AUGUST 2020?
+    # Zero-day exploit defense.
+    # http://forum.nginx.org/read.php?2,88845,page=3
+    # Won't work properly (404 error) if the file is not stored on this
+    # server, which is entirely possible with php-fpm/php-fcgi.
+    # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
+    # another machine.  And then cross your fingers that you won't get hacked.
+    try_files $uri =404;
+
+    # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+    # With php5-cgi alone:
+    # fastcgi_pass 127.0.0.1:9000;
+
+    # With php-fpm:
+    fastcgi_pass unix:/var/run/php/php-fpm.sock;
+
+    include fastcgi_params;
+    fastcgi_index index.php;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+  }
+
+  # include adminer configuration
+  include /etc/nginx/snippets/adminer-nginx.inc;
+
+  # deny access to all dot files
+  location ~ /\. {
+    deny all;
+  }
+	
+  #deny access to store
+  location ~ /store {
+    deny  all;
+  }
+
+
+}