mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-19 21:55:15 +00:00
Perfecting things
This commit is contained in:
parent
7149200cf7
commit
33fbfc9578
8 changed files with 196 additions and 32 deletions
|
@ -80,7 +80,8 @@ function check_sanity {
|
|||
then
|
||||
die "You can only run this script on a Debian GNU/Linux 11 server"
|
||||
else
|
||||
system=debian
|
||||
pkgsys=deb
|
||||
os=debian
|
||||
print_info "Running the autoinstall script on a Debian GNU/Linux 11 server"
|
||||
fi
|
||||
}
|
||||
|
@ -179,6 +180,13 @@ function create_website_db {
|
|||
else
|
||||
die "database named \"$website_db_name\" already exists..."
|
||||
fi
|
||||
# We check that the database and its user were successfully created
|
||||
if [[ ! -z $(mysql -h localhost -u $website_db_user -p$website_db_pass -e "SHOW DATABASES;" | grep -w "$website_db_name") ]]
|
||||
then
|
||||
print_info "The website's database and database user were successfully created"
|
||||
else
|
||||
die "Something went wrong, the website's database and database user do no seem to exist"
|
||||
fi
|
||||
}
|
||||
|
||||
function ping_domain {
|
||||
|
@ -209,9 +217,10 @@ function check_https {
|
|||
wget_output=$(wget -nv --spider --max-redirect 0 $url_https)
|
||||
if [ $? -ne 0 ]
|
||||
then
|
||||
print_warn "check not ok"
|
||||
print_warn "It seems that your website is not reachable through a secured https connection, you should investigate this"
|
||||
else
|
||||
print_info "check ok"
|
||||
print_info "Check OK"
|
||||
final_message
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -314,7 +323,7 @@ function configure_cron_daily {
|
|||
echo "#" >> /var/www/$cron_job
|
||||
echo "cd /var/www" >> /var/www/$cron_job
|
||||
echo "for f in *-daily.sh; do \"./\${f}\"; done" >> /var/www/$cron_job
|
||||
if [[ $system == "debian" ]]
|
||||
if [[ $os == "debian" ]]
|
||||
then
|
||||
echo "echo \"\$(date) - updating Debian GNU/Linux...\"" >> /var/www/$cron_job
|
||||
echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update Debian GNU/Linux and upgrade" >> /var/www/$cron_job
|
||||
|
@ -345,13 +354,20 @@ function configure_cron_daily {
|
|||
########################################################################
|
||||
export PATH=/bin:/usr/bin:/sbin:/usr/sbin
|
||||
|
||||
install_path="$(dirname $(dirname "$(pwd)"))"
|
||||
if [ "$install_path" == "/var/www/html" ]
|
||||
then
|
||||
die "Please don't install your website in /var/www/html."
|
||||
fi
|
||||
install_folder="$(basename $install_path)"
|
||||
|
||||
for arg in "$@" ; do
|
||||
shift
|
||||
case "$arg" in
|
||||
--local) local_install=yes
|
||||
print "We're doing a local install, option is $local_install"
|
||||
;;
|
||||
*) die "not a valid option"
|
||||
*) die "\"$arg\" is not a valid argument or option, \"--local\" is the only option you can use with autoinstall.sh"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
@ -359,24 +375,16 @@ done
|
|||
check_sanity
|
||||
repo_name
|
||||
print_info "We're installing a website using the $repository repository"
|
||||
install_path="$(dirname $(dirname "$(pwd)"))"
|
||||
if [ "$install_path" == "/var/www/html" ]
|
||||
then
|
||||
die "Please don't install your website in /var/www/html."
|
||||
fi
|
||||
install_folder="$(basename $install_path)"
|
||||
domain_regex="^([a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]\.)+[a-zA-Z]{2,}$"
|
||||
local_regex="^([a-zA-Z0-9]){2,25}$"
|
||||
print_info "Now using scripts/dialogs.sh to obtain all necessary settings for the install"
|
||||
source scripts/dialogs.sh
|
||||
|
||||
#set -x # activate debugging from here
|
||||
|
||||
if [[ $system == "debian" ]]
|
||||
if [[ $pkgsys == "deb" ]]
|
||||
then
|
||||
source scripts/debian.sh
|
||||
source scripts/deb.sh
|
||||
# Scripts for other Debian based distros could be added later
|
||||
# elif [[ $system == "other_distro" ]]
|
||||
# elif [[ $pkgsys == "other_distro" ]]
|
||||
# then
|
||||
# source scripts/other_distro.sh
|
||||
fi
|
||||
|
@ -389,9 +397,12 @@ install_wget
|
|||
install_sendmail
|
||||
install_imagemagick
|
||||
# DNS stuff
|
||||
install_run_ddns
|
||||
ping_domain
|
||||
configure_cron_ddns
|
||||
if [ -z $local_install ]
|
||||
then
|
||||
install_run_ddns
|
||||
ping_domain
|
||||
configure_cron_ddns
|
||||
fi
|
||||
# Web server
|
||||
install_webserver
|
||||
# PHP
|
||||
|
@ -416,8 +427,11 @@ daily_update="${domain_name}-daily.sh"
|
|||
cron_job="cron_job.sh"
|
||||
configure_daily_update
|
||||
configure_cron_daily
|
||||
# Final checks
|
||||
check_https
|
||||
# Final https check
|
||||
if [ -z $local_install ]
|
||||
then
|
||||
check_https
|
||||
fi
|
||||
|
||||
# Put a nice message here no confirm the website was successfully installed
|
||||
|
||||
|
|
|
@ -17,6 +17,10 @@ function vhost_le {
|
|||
print_info "run certbot ..."
|
||||
certbot --apache -w $install_path -d $domain_name -m $le_email --agree-tos --non-interactive --redirect --hsts --uir
|
||||
service apache2 restart
|
||||
if [ "$(systemctl is-active apache2)" == "failed" ]
|
||||
then
|
||||
die "Something went wrong with the Apache configuration of your website"
|
||||
fi
|
||||
vhost_le_configured=yes
|
||||
}
|
||||
|
||||
|
@ -29,10 +33,20 @@ function nginx_conf_le {
|
|||
|
||||
function add_nginx_conf {
|
||||
print_info "adding nginx conf files"
|
||||
if [ -z $local_install ]
|
||||
then
|
||||
nginx_template="templates/nginx-server.conf.template"
|
||||
else
|
||||
nginx_template="templates/nginx-server.localhost.conf.template"
|
||||
fi
|
||||
sed "s|SERVER_NAME|${domain_name}|g;s|INSTALL_PATH|${install_path}|g;s|SERVER_LOG|${domain_name}.log|;s|DOMAIN_CERT|${cert}|;s|CERT_KEY|${cert_key}|;" nginx-server.conf.template >> /etc/nginx/sites-available/${domain_name}.conf
|
||||
ln -s /etc/nginx/sites-available/${domain_name}.conf /etc/nginx/sites-enabled/
|
||||
nginx_conf=yes
|
||||
systemctl restart nginx
|
||||
if [ "$(systemctl is-active nginx)" == "failed" ]
|
||||
then
|
||||
die "Something went wrong with the Nginx configuration of your website"
|
||||
fi
|
||||
nginx_conf=yes
|
||||
}
|
||||
|
||||
function webserver_conf {
|
||||
|
|
|
@ -25,22 +25,30 @@ function install_sendmail {
|
|||
}
|
||||
|
||||
function install_apache {
|
||||
if [[ -z "$(which apache2)" ]]
|
||||
if [[ -z "$(which apache2)" ]] && if [[ -z "$(which nginx)" ]]
|
||||
then
|
||||
print_info "installing apache..."
|
||||
nocheck_install "apache2 apache2-utils"
|
||||
a2enmod rewrite
|
||||
systemctl restart apache2
|
||||
fi
|
||||
if [ "$(systemctl is-active apache2)" == "failed" ]
|
||||
then
|
||||
die "Something went wrong with the installation of Apache"
|
||||
fi
|
||||
}
|
||||
|
||||
function install_nginx {
|
||||
if [[ -z "$(which nginx)" ]]
|
||||
if [[ -z "$(which nginx)" ]] && if [[ -z "$(which apache2)" ]]
|
||||
then
|
||||
print_info "installing nginx..."
|
||||
nocheck_install "nginx"
|
||||
systemctl restart nginx
|
||||
fi
|
||||
if [ "$(systemctl is-active nginx)" == "failed" ]
|
||||
then
|
||||
die "Something went wrong with the installation of Nginx"
|
||||
fi
|
||||
}
|
||||
|
||||
function install_letsencrypt {
|
||||
|
|
|
@ -67,4 +67,8 @@ function php_version {
|
|||
fi
|
||||
}
|
||||
|
||||
install_sury_repo
|
||||
if [[ $os == "debian" ]]
|
||||
then
|
||||
install_sury_repo
|
||||
if
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
function script_debut {
|
||||
# First we check if we're running the script on a freshly installed Debian 11 server
|
||||
if [[ $system == "debian" ]]
|
||||
if [[ $os == "debian" ]]
|
||||
then
|
||||
if [[ ! -z "$(which php)" ]] || [[ ! -z "$(which mysql)" ]] || [[ ! -z "$(which apache)" ]] || [[ ! -z "$(which nginx)" ]]
|
||||
then
|
||||
|
@ -242,7 +242,6 @@ function summary {
|
|||
summary_db_name="Website database name : $website_db_name\n"
|
||||
summary_db_user="Website database user : $website_db_user\n"
|
||||
# This will be used to display the settings for our install
|
||||
summary_display="$summary_domain$summary_db_name$summary_db_user$summary_db_pass"
|
||||
summary_display="$summary_domain$summary_email$summary_webserver$summary_ddns_provider$summary_ddns_key$summary_ddns_id$summary_ddns_password$summary_db_pass$summary_db_name$summary_db_user"
|
||||
# We display all settings
|
||||
if (whiptail \
|
||||
|
@ -256,7 +255,7 @@ function summary {
|
|||
# Reset all settings before sarting over. We keep domain name, email address for Let's Encrypt
|
||||
# and mysql root, which will most likely remain the same
|
||||
unset webserver summary_webserver
|
||||
unset ddns_provider ddns_provider_name
|
||||
unset ddns_provider ddns_provider_name summary_ddns_provider
|
||||
unset ddns_key_type ddns_key summary_ddns_key
|
||||
unset ddns_id ddns_password summary_ddns_id summary_ddns_password
|
||||
unset website_db_pass website_db_name website_db_user
|
||||
|
@ -279,6 +278,17 @@ function launch_install {
|
|||
fi
|
||||
}
|
||||
|
||||
function final_message {
|
||||
whiptail \
|
||||
--title "Website successfully installed" \
|
||||
--msgbox "Your website was successfully installed. You must now visit https://$domain_name with your web browser to finish the setup. You will need the following:\n\n$summary_db_name$summary_db_pass$summary_db_user" \
|
||||
10 80
|
||||
print_info "Website successfully installed\n\n$summary_domain$summary_db_name$summary_db_pass$summary_db_user"
|
||||
}
|
||||
|
||||
|
||||
domain_regex="^([a-zA-Z0-9][a-zA-Z0-9-]{0,61}[a-zA-Z0-9]\.)+[a-zA-Z]{2,}$"
|
||||
local_regex="^([a-zA-Z0-9]){2,25}$"
|
||||
|
||||
# set -x
|
||||
script_debut
|
||||
|
|
|
@ -199,10 +199,7 @@ function ddns_config {
|
|||
fi
|
||||
else
|
||||
# The following part is for FreeDNS and Gandi which both only need a single key
|
||||
if [ -z "$inputbox_ddns_key" ]
|
||||
then
|
||||
inputbox_ddns_key="Please provide your $ddns_provider_name $ddns_key_type :"
|
||||
fi
|
||||
inputbox_ddns_key="Please provide your $ddns_provider_name $ddns_key_type :"
|
||||
ddns_key=$(whiptail \
|
||||
--title "$ddns_provider_name $ddns_key_type" \
|
||||
--inputbox "$inputbox_ddns_key" \
|
||||
|
|
|
@ -0,0 +1,117 @@
|
|||
##
|
||||
# Nginx block configuration template
|
||||
# based on the example created by Olaf Conradi
|
||||
#
|
||||
# The files generated with this template will be added to
|
||||
# /etc/nginx/sites-available & /etc/nginx/sites-enabled (symlink)
|
||||
##
|
||||
|
||||
##
|
||||
# You should look at the following URL's in order to grasp a solid understanding
|
||||
# of Nginx configuration files in order to fully unleash the power of Nginx.
|
||||
#
|
||||
# http://wiki.nginx.org/Pitfalls
|
||||
# http://wiki.nginx.org/QuickStart
|
||||
# http://wiki.nginx.org/Configuration
|
||||
##
|
||||
|
||||
##
|
||||
# This configuration assumes
|
||||
# You filled the zotserver-config.txt file
|
||||
# Your use a local domain
|
||||
# You have PHP FastCGI Process Manager (php-fpm) running on localhost
|
||||
##
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name SERVER_NAME;
|
||||
|
||||
charset utf-8;
|
||||
root INSTALL_PATH;
|
||||
index index.php;
|
||||
access_log /var/log/nginx/SERVER_LOG;
|
||||
|
||||
#Uncomment the following line to include a standard configuration file
|
||||
#Note that the most specific rule wins and your standard configuration
|
||||
#will therefore *add* to this file, but not override it.
|
||||
#include standard.conf
|
||||
|
||||
# allow uploads up to 20MB in size
|
||||
client_max_body_size 20m;
|
||||
client_body_buffer_size 128k;
|
||||
|
||||
include mime.types;
|
||||
|
||||
# rewrite to front controller as default rule
|
||||
location / {
|
||||
if (!-e $request_filename) {
|
||||
rewrite ^(.*)$ /index.php?req=$1;
|
||||
}
|
||||
}
|
||||
|
||||
# make sure webfinger and other well known services aren't blocked
|
||||
# by denying dot files and rewrite request to the front controller
|
||||
location ^~ /.well-known/ {
|
||||
allow all;
|
||||
if (!-e $request_filename) {
|
||||
rewrite ^(.*)$ /index.php?req=$1;
|
||||
}
|
||||
}
|
||||
|
||||
# statically serve these file types when possible
|
||||
# otherwise fall back to front controller
|
||||
# allow browser to cache them
|
||||
# added .htm for advanced source code editor library
|
||||
# location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ {
|
||||
# expires 30d;
|
||||
# try_files $uri /index.php?req=$uri&$args;
|
||||
# }
|
||||
# SHOULD WE UNCOMMENT THE ABOVE LINES ?
|
||||
|
||||
# block these file types
|
||||
location ~* \.(tpl|md|tgz|log|out)$ {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
# or a unix socket
|
||||
location ~* \.php$ {
|
||||
# IS THE FOLLOWING STILL RELEVANT AS OF AUGUST 2020?
|
||||
# Zero-day exploit defense.
|
||||
# http://forum.nginx.org/read.php?2,88845,page=3
|
||||
# Won't work properly (404 error) if the file is not stored on this
|
||||
# server, which is entirely possible with php-fpm/php-fcgi.
|
||||
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
|
||||
# another machine. And then cross your fingers that you won't get hacked.
|
||||
try_files $uri =404;
|
||||
|
||||
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
|
||||
# With php5-cgi alone:
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
|
||||
# With php-fpm:
|
||||
fastcgi_pass unix:/var/run/php/php-fpm.sock;
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
}
|
||||
|
||||
# include adminer configuration
|
||||
include /etc/nginx/snippets/adminer-nginx.inc;
|
||||
|
||||
# deny access to all dot files
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
}
|
||||
|
||||
#deny access to store
|
||||
location ~ /store {
|
||||
deny all;
|
||||
}
|
||||
|
||||
|
||||
}
|
Loading…
Reference in a new issue