move from postgresql to master (#528)
This commit is contained in:
Родитель
dfa51692e6
Коммит
c3fc43cc60
|
@ -30,13 +30,17 @@ DigitalOcean example: https://youtu.be/LlqY5Y6P9Oc
|
|||
#### Minimum requirements:
|
||||
* A clean Ubuntu Server 16.04.X
|
||||
* OpenSSH (preferred)
|
||||
* 20 GB HDD
|
||||
* 20 GB HDD for OS
|
||||
* XX GB HDD for DATA (/mnt/ncdata)
|
||||
* At least 1 vCPU and 2 GB RAM (4 GB minimum if you are running OnlyOffice)
|
||||
* A working internet connection (the script needs it to download files and variables)
|
||||
|
||||
#### Recommended
|
||||
* Thick provisioned (better performance and easier to maintain)
|
||||
* DHCP available
|
||||
* 40 GB HDD for OS
|
||||
* 4 vCPU
|
||||
* 4 GB RAM
|
||||
|
||||
#### Installation
|
||||
1. Get the latest install script from master:<br>
|
||||
|
|
|
@ -162,7 +162,7 @@ then
|
|||
SSLCertificateKeyFile $CERTFILES/$SUBDOMAIN/privkey.pem
|
||||
SSLOpenSSLConfCmd DHParameters $DHPARAMS
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
||||
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
||||
SSLHonorCipherOrder on
|
||||
SSLCompression off
|
||||
|
||||
|
|
|
@ -160,7 +160,8 @@ then
|
|||
SSLOpenSSLConfCmd DHParameters $DHPARAMS
|
||||
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
||||
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
|
||||
|
||||
LogLevel warn
|
||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||
|
|
|
@ -1,171 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Tech and Me © - 2018, https://www.techandme.se/
|
||||
|
||||
# shellcheck disable=2034,2059
|
||||
true
|
||||
# shellcheck source=lib.sh
|
||||
MYCNFPW=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
unset MYCNFPW
|
||||
|
||||
# Check for errors + debug code and abort if something isn't right
|
||||
# 1 = ON
|
||||
# 0 = OFF
|
||||
DEBUG=0
|
||||
debug_mode
|
||||
|
||||
# Check if root
|
||||
root_check
|
||||
|
||||
# Check that the script can see the external IP (apache fails otherwise)
|
||||
if [ -z "$WANIP4" ]
|
||||
then
|
||||
echo "WANIP4 is an emtpy value, Apache will fail on reboot due to this. Please check your network and try again"
|
||||
sleep 3
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check Ubuntu version
|
||||
if [ "$OS" != 1 ]
|
||||
then
|
||||
echo "Ubuntu Server is required to run this script."
|
||||
echo "Please install that distro and try again."
|
||||
sleep 3
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
if ! version 16.04 "$DISTRO" 16.04.4; then
|
||||
echo "Ubuntu version seems to be $DISTRO"
|
||||
echo "It must be between 16.04 - 16.04.4"
|
||||
echo "Please install that version and try again."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo
|
||||
echo "Installing and securing phpMyadmin..."
|
||||
echo "This may take a while, please don't abort."
|
||||
echo
|
||||
|
||||
# Install phpmyadmin
|
||||
echo "phpmyadmin phpmyadmin/dbconfig-install boolean true" | debconf-set-selections
|
||||
echo "phpmyadmin phpmyadmin/app-password-confirm password $MARIADBMYCNFPASS" | debconf-set-selections
|
||||
echo "phpmyadmin phpmyadmin/mysql/admin-pass password $MARIADBMYCNFPASS" | debconf-set-selections
|
||||
echo "phpmyadmin phpmyadmin/mysql/app-pass password $MARIADBMYCNFPASS" | debconf-set-selections
|
||||
echo "phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2" | debconf-set-selections
|
||||
apt update -q4 & spinner_loading
|
||||
apt install -y -q \
|
||||
php-gettext \
|
||||
phpmyadmin
|
||||
|
||||
# Secure phpMyadmin
|
||||
if [ -f $PHPMYADMIN_CONF ]
|
||||
then
|
||||
rm $PHPMYADMIN_CONF
|
||||
fi
|
||||
touch "$PHPMYADMIN_CONF"
|
||||
cat << CONF_CREATE > "$PHPMYADMIN_CONF"
|
||||
# phpMyAdmin default Apache configuration
|
||||
|
||||
Alias /phpmyadmin $PHPMYADMINDIR
|
||||
|
||||
<Directory $PHPMYADMINDIR>
|
||||
Options FollowSymLinks
|
||||
DirectoryIndex index.php
|
||||
|
||||
<IfModule mod_php.c>
|
||||
<IfModule mod_mime.c>
|
||||
AddType application/x-httpd-php .php
|
||||
</IfModule>
|
||||
<FilesMatch ".+\.php$">
|
||||
SetHandler application/x-httpd-php
|
||||
</FilesMatch>
|
||||
|
||||
php_flag magic_quotes_gpc Off
|
||||
php_flag track_vars On
|
||||
php_flag register_globals Off
|
||||
php_admin_flag allow_url_fopen On
|
||||
php_value include_path .
|
||||
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
|
||||
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/:/usr/share/doc/phpm$
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_authz_core.c>
|
||||
# Apache 2.4
|
||||
<RequireAny>
|
||||
Require ip $WANIP4
|
||||
Require ip $ADDRESS
|
||||
Require ip 127.0.0.1
|
||||
Require ip ::1
|
||||
</RequireAny>
|
||||
</IfModule>
|
||||
|
||||
<IfModule !mod_authz_core.c>
|
||||
# Apache 2.2
|
||||
Order Deny,Allow
|
||||
Deny from All
|
||||
Allow from $WANIP4
|
||||
Allow from $ADDRESS
|
||||
Allow from ::1
|
||||
Allow from localhost
|
||||
</IfModule>
|
||||
</Directory>
|
||||
|
||||
# Authorize for setup
|
||||
<Directory $PHPMYADMINDIR/setup>
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
# Authorize for setup
|
||||
<Directory $PHPMYADMINDIR/setup>
|
||||
<IfModule mod_authz_core.c>
|
||||
<IfModule mod_authn_file.c>
|
||||
AuthType Basic
|
||||
AuthName "phpMyAdmin Setup"
|
||||
AuthUserFile /etc/phpmyadmin/htpasswd.setup
|
||||
</IfModule>
|
||||
Require valid-user
|
||||
</IfModule>
|
||||
</Directory>
|
||||
|
||||
# Disallow web access to directories that don't need it
|
||||
<Directory $PHPMYADMINDIR/libraries>
|
||||
Require all denied
|
||||
</Directory>
|
||||
<Directory $PHPMYADMINDIR/setup/lib>
|
||||
Require all denied
|
||||
</Directory>
|
||||
CONF_CREATE
|
||||
|
||||
# Secure phpMyadmin even more
|
||||
CONFIG=/var/lib/phpmyadmin/config.inc.php
|
||||
touch $CONFIG
|
||||
cat << CONFIG_CREATE >> "$CONFIG"
|
||||
<?php
|
||||
\$i = 0;
|
||||
\$i++;
|
||||
\$cfg['Servers'][\$i]['host'] = 'localhost';
|
||||
\$cfg['Servers'][\$i]['extension'] = 'mysql';
|
||||
\$cfg['Servers'][\$i]['connect_type'] = 'socket';
|
||||
\$cfg['Servers'][\$i]['compress'] = false;
|
||||
\$cfg['Servers'][\$i]['auth_type'] = 'cookie';
|
||||
\$cfg['UploadDir'] = '$SAVEPATH';
|
||||
\$cfg['SaveDir'] = '$UPLOADPATH';
|
||||
\$cfg['BZipDump'] = false;
|
||||
\$cfg['Lang'] = 'en';
|
||||
\$cfg['ServerDefault'] = 1;
|
||||
\$cfg['ShowPhpInfo'] = true;
|
||||
\$cfg['Export']['lock_tables'] = true;
|
||||
?>
|
||||
CONFIG_CREATE
|
||||
|
||||
if ! service apache2 restart
|
||||
then
|
||||
echo "Apache2 could not restart..."
|
||||
echo "The script will exit."
|
||||
exit 1
|
||||
else
|
||||
echo
|
||||
echo "$PHPMYADMIN_CONF was successfully secured."
|
||||
echo
|
||||
fi
|
|
@ -0,0 +1,54 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Tech and Me © - 2018, https://www.techandme.se/
|
||||
|
||||
# shellcheck disable=2034,2059
|
||||
true
|
||||
# shellcheck source=lib.sh
|
||||
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
|
||||
# Check for errors + debug code and abort if something isn't right
|
||||
# 1 = ON
|
||||
# 0 = OFF
|
||||
DEBUG=0
|
||||
debug_mode
|
||||
|
||||
# Check if root
|
||||
if ! is_root
|
||||
then
|
||||
printf "\n${Red}Sorry, you are not root.\n${Color_Off}You must type: ${Cyan}sudo ${Color_Off}bash %s/phppgadmin_install_ubuntu16.sh\n" "$SCRIPTS"
|
||||
sleep 3
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check that the script can see the external IP (apache fails otherwise)
|
||||
if [ -z "$WANIP4" ]
|
||||
then
|
||||
echo "WANIP4 is an emtpy value, Apache will fail on reboot due to this. Please check your network and try again"
|
||||
sleep 3
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check distrobution and version
|
||||
check_distro_version
|
||||
|
||||
echo
|
||||
echo "Installing and securing phpPGadmin..."
|
||||
echo "This may take a while, please don't abort."
|
||||
echo
|
||||
|
||||
# Install phpPGadmin
|
||||
apt update -q4 & spinner_loading
|
||||
apt install -y -q \
|
||||
php-gettext \
|
||||
phppgadmin
|
||||
|
||||
# Allow local access
|
||||
sed -i "s|Require local|Require ip $GATEWAY/24|g" /etc/apache2/conf-available/phppgadmin.conf
|
||||
|
||||
if ! service apache2 restart
|
||||
then
|
||||
echo "Apache2 could not restart..."
|
||||
echo "The script will exit."
|
||||
exit 1
|
||||
fi
|
|
@ -0,0 +1,36 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Tech and Me © - 2018, https://www.techandme.se/
|
||||
|
||||
# shellcheck disable=2034,2059
|
||||
true
|
||||
# shellcheck source=lib.sh
|
||||
PREVIEW_INSTALL=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
unset PREVIEW_INSTALL
|
||||
|
||||
# Check for errors + debug code and abort if something isn't right
|
||||
# 1 = ON
|
||||
# 0 = OFF
|
||||
DEBUG=0
|
||||
debug_mode
|
||||
|
||||
# Download and install Preview Generator
|
||||
if [ ! -d "$NCPATH"/apps/previewgenerator ]
|
||||
then
|
||||
echo "Installing Preview Generator..."
|
||||
wget -q "$PREVER_REPO/v$PREVER/$PREVER_FILE" -P "$NCPATH/apps"
|
||||
tar -zxf "$NCPATH/apps/$PREVER_FILE" -C "$NCPATH/apps"
|
||||
cd "$NCPATH/apps"
|
||||
rm "$PREVER_FILE"
|
||||
fi
|
||||
|
||||
# Enable Preview Generator
|
||||
if [ -d "$NCPATH"/apps/previewgenerator ]
|
||||
then
|
||||
sudo -u www-data php "$NCPATH"/occ app:enable previewgenerator
|
||||
chown -R www-data:www-data $NCPATH/apps
|
||||
crontab -u www-data -l | { cat; echo "@daily php -f $NCPATH/occ preview:pre-generate >> /var/log/previewgenerator.log"; } | crontab -u www-data -
|
||||
sudo -u www-data php "$NCPATH"/occ preview:generate-all
|
||||
touch /var/log/previewgenerator.log
|
||||
chown www-data:www-data /var/log/previewgenerator.log
|
||||
fi
|
64
lib.sh
64
lib.sh
|
@ -9,7 +9,7 @@ true
|
|||
SCRIPTS=/var/scripts
|
||||
NCPATH=/var/www/nextcloud
|
||||
HTML=/var/www
|
||||
NCDATA=/var/ncdata
|
||||
NCDATA=/mnt/ncdata
|
||||
SNAPDIR=/var/snap/spreedme
|
||||
GPGDIR=/tmp/gpg
|
||||
BACKUP=/var/NCBACKUP
|
||||
|
@ -25,10 +25,10 @@ WGET="/usr/bin/wget"
|
|||
# WANIP4=$(dig +short myip.opendns.com @resolver1.opendns.com) # as an alternative
|
||||
WANIP4=$(curl -s -m 5 ipinfo.io/ip)
|
||||
[ ! -z "$LOAD_IP6" ] && WANIP6=$(curl -s -k -m 7 https://6.ifcfg.me)
|
||||
IFCONFIG="/sbin/ifconfig"
|
||||
INTERFACES="/etc/network/interfaces"
|
||||
NETMASK=$($IFCONFIG | grep -w inet |grep -v 127.0.0.1| awk '{print $4}' | cut -d ":" -f 2)
|
||||
INTERFACES="/etc/netplan/01-netcfg.yaml"
|
||||
GATEWAY=$(route -n|grep "UG"|grep -v "UGH"|cut -f 10 -d " ")
|
||||
DNS1="9.9.9.9"
|
||||
DNS2="149.112.112.112"
|
||||
# Repo
|
||||
GITHUB_REPO="https://raw.githubusercontent.com/nextcloud/vm/master"
|
||||
STATIC="$GITHUB_REPO/static"
|
||||
|
@ -42,7 +42,7 @@ NCUSER=ncadmin
|
|||
UNIXUSER=$SUDO_USER
|
||||
UNIXUSER_PROFILE="/home/$UNIXUSER/.bash_profile"
|
||||
ROOT_PROFILE="/root/.bash_profile"
|
||||
# MARIADB
|
||||
# Database
|
||||
SHUF=$(shuf -i 25-29 -n 1)
|
||||
MARIADB_PASS=$(tr -dc "a-zA-Z0-9@#*=" < /dev/urandom | fold -w "$SHUF" | head -n 1)
|
||||
NEWMARIADBPASS=$(tr -dc "a-zA-Z0-9@#*=" < /dev/urandom | fold -w "$SHUF" | head -n 1)
|
||||
|
@ -50,14 +50,16 @@ NEWMARIADBPASS=$(tr -dc "a-zA-Z0-9@#*=" < /dev/urandom | fold -w "$SHUF" | head
|
|||
ETCMYCNF=/etc/mysql/my.cnf
|
||||
MYCNF=/root/.my.cnf
|
||||
[ ! -z "$MYCNFPW" ] && MARIADBMYCNFPASS=$(grep "password" $MYCNF | sed -n "/password/s/^password='\(.*\)'$/\1/p")
|
||||
PGDB_PASS=$(tr -dc "a-zA-Z0-9@#*=" < /dev/urandom | fold -w "$SHUF" | head -n 1)
|
||||
NEWPGPASS=$(tr -dc "a-zA-Z0-9@#*=" < /dev/urandom | fold -w "$SHUF" | head -n 1)
|
||||
[ ! -z "$NCDB" ] && NCCONFIGDB=$(grep "dbname" $NCPATH/config/config.php | awk '{print $3}' | sed "s/[',]//g")
|
||||
[ ! -z "$NCDBPASS" ] && NCCONFIGDBPASS=$(grep "dbpassword" $NCPATH/config/config.php | awk '{print $3}' | sed "s/[',]//g")
|
||||
# Path to specific files
|
||||
PHPMYADMIN_CONF="/etc/apache2/conf-available/phpmyadmin.conf"
|
||||
PHPMPGDMIN_CONF="/etc/apache2/conf-available/phppgadmin.conf"
|
||||
SECURE="$SCRIPTS/setup_secure_permissions_nextcloud.sh"
|
||||
SSL_CONF="/etc/apache2/sites-available/nextcloud_ssl_domain_self_signed.conf"
|
||||
HTTP_CONF="/etc/apache2/sites-available/nextcloud_http_domain_self_signed.conf"
|
||||
HTTP2_CONF="/etc/apache2/mods-available/http2.conf"
|
||||
# Nextcloud version
|
||||
[ ! -z "$NC_UPDATE" ] && CURRENTVERSION=$(sudo -u www-data php $NCPATH/occ status | grep "versionstring" | awk '{print $3}')
|
||||
NCVERSION=$(curl -s -m 900 $NCREPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)
|
||||
|
@ -80,6 +82,7 @@ CERTFILES="$LETSENCRYPTPATH/live"
|
|||
DHPARAMS="$CERTFILES/$SUBDOMAIN/dhparam.pem"
|
||||
# Collabora App
|
||||
HTTPS_CONF="/etc/apache2/sites-available/$SUBDOMAIN.conf"
|
||||
HTTP2_CONF="/etc/apache2/mods-available/http2.conf"
|
||||
# Nextant
|
||||
# this var get's the latest automatically:
|
||||
SOLR_VERSION=$(curl -s https://github.com/apache/lucene-solr/tags | grep -o "release.*</span>$" | grep -o '[0-6].[0-9].[0-9]' | sort -t. -k1,1n -k2,2n -k3,3n | tail -n1)
|
||||
|
@ -99,7 +102,7 @@ UPLOADPATH=""
|
|||
SAVEPATH=""
|
||||
# Redis
|
||||
REDIS_CONF=/etc/redis/redis.conf
|
||||
REDIS_SOCK=/var/run/redis/redis.sock
|
||||
REDIS_SOCK=/var/run/redis/redis-server.sock
|
||||
RSHUF=$(shuf -i 30-35 -n 1)
|
||||
REDIS_PASS=$(tr -dc "a-zA-Z0-9@#*=" < /dev/urandom | fold -w "$RSHUF" | head -n 1)
|
||||
# Extra security
|
||||
|
@ -196,6 +199,25 @@ do
|
|||
done
|
||||
}
|
||||
|
||||
test_connection() {
|
||||
install_if_not dnsutils
|
||||
install_if_not network-manager
|
||||
check_command service network-manager restart
|
||||
ip link set "$IFACE" down
|
||||
wait
|
||||
ip link set "$IFACE" up
|
||||
wait
|
||||
check_command service network-manager restart
|
||||
echo "Checking connection..."
|
||||
sleep 3
|
||||
if ! nslookup github.com
|
||||
then
|
||||
msg_box "Network NOT OK. You must have a working network connection to run this script
|
||||
If you think that this is a bug, please report it to https://github.com/nextcloud/vm/issues."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Install certbot (Let's Encrypt)
|
||||
install_certbot() {
|
||||
certbot --version 2> /dev/null
|
||||
|
@ -211,9 +233,7 @@ else
|
|||
apt update -q4 & spinner_loading
|
||||
apt install certbot -y -q
|
||||
apt update -q4 & spinner_loading
|
||||
apt-mark hold mariadb*
|
||||
apt dist-upgrade -y
|
||||
apt-mark unhold mariadb*
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -224,7 +244,7 @@ service apache2 reload
|
|||
certbot certonly --standalone --pre-hook "service apache2 stop" --post-hook "service apache2 start" --agree-tos --rsa-key-size 4096 -d "$SUBDOMAIN"
|
||||
}
|
||||
|
||||
# Check if port is open # check_open_port 443
|
||||
# Check if port is open # check_open_port 443 domain.example.com
|
||||
check_open_port() {
|
||||
# Check to see if user already has nmap installed on their system
|
||||
if [ "$(dpkg-query -s nmap 2> /dev/null | grep -c "ok installed")" == "1" ]
|
||||
|
@ -275,8 +295,27 @@ else
|
|||
fi
|
||||
}
|
||||
|
||||
check_distro_version() {
|
||||
# Check Ubuntu version
|
||||
echo "Checking server OS and version..."
|
||||
if [ "$OS" != 1 ]
|
||||
then
|
||||
msg_box "Ubuntu Server is required to run this script.
|
||||
Please install that distro and try again.
|
||||
|
||||
You can find the download link here: https://www.ubuntu.com/download/server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
if ! version 18.04 "$DISTRO" 18.04.4; then
|
||||
msg_box "Ubuntu version $DISTRO must be between 18.04 - 18.04.4"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
configure_max_upload() {
|
||||
# Increase max filesize (expects that changes are made in /etc/php/7.0/apache2/php.ini)
|
||||
# Increase max filesize (expects that changes are made in /etc/php/7.2/apache2/php.ini)
|
||||
# Here is a guide: https://www.techandme.se/increase-max-file-size/
|
||||
sed -i 's/ php_value upload_max_filesize.*/# php_value upload_max_filesize 511M/g' "$NCPATH"/.htaccess
|
||||
sed -i 's/ php_value post_max_size.*/# php_value post_max_size 511M/g' "$NCPATH"/.htaccess
|
||||
|
@ -353,7 +392,7 @@ check_command sudo -u www-data php "$NCPATH"/occ "$@";
|
|||
|
||||
network_ok() {
|
||||
echo "Testing if network is OK..."
|
||||
service networking restart
|
||||
service network-manager restart
|
||||
if wget -q -T 20 -t 2 http://github.com -O /dev/null & spinner_loading
|
||||
then
|
||||
return 0
|
||||
|
@ -584,7 +623,6 @@ then
|
|||
sleep 1
|
||||
else
|
||||
msg_box "It appears that something went wrong with the update.
|
||||
|
||||
Please report this to $ISSUES"
|
||||
occ_command -V
|
||||
exit
|
||||
|
|
|
@ -2,15 +2,22 @@
|
|||
# shellcheck disable=2034,2059
|
||||
true
|
||||
# shellcheck source=lib.sh
|
||||
NC_UPDATE=1 && FIRST_IFACE=1 && CHECK_CURRENT_REPO=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
NCDB=1 && FIRST_IFACE=1 && CHECK_CURRENT_REPO=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
unset FIRST_IFACE
|
||||
unset CHECK_CURRENT_REPO
|
||||
unset NC_UPDATE
|
||||
unset NCDB
|
||||
|
||||
# Tech and Me © - 2018, https://www.techandme.se/
|
||||
|
||||
## If you want debug mode, please activate it further down in the code at line ~60
|
||||
|
||||
# FUNCTIONS #
|
||||
|
||||
msg_box() {
|
||||
local PROMPT="$1"
|
||||
whiptail --msgbox "${PROMPT}" "$WT_HEIGHT" "$WT_WIDTH"
|
||||
}
|
||||
|
||||
is_root() {
|
||||
if [[ "$EUID" -ne 0 ]]
|
||||
then
|
||||
|
@ -20,11 +27,6 @@ is_root() {
|
|||
fi
|
||||
}
|
||||
|
||||
msg_box() {
|
||||
local PROMPT="$1"
|
||||
whiptail --msgbox "${PROMPT}" "$WT_HEIGHT" "$WT_WIDTH"
|
||||
}
|
||||
|
||||
root_check() {
|
||||
if ! is_root
|
||||
then
|
||||
|
@ -45,7 +47,7 @@ fi
|
|||
|
||||
network_ok() {
|
||||
echo "Testing if network is OK..."
|
||||
service networking restart
|
||||
service network-manager restart
|
||||
if wget -q -T 20 -t 2 http://github.com -O /dev/null
|
||||
then
|
||||
return 0
|
||||
|
@ -54,12 +56,20 @@ network_ok() {
|
|||
fi
|
||||
}
|
||||
|
||||
check_command() {
|
||||
if ! "$@";
|
||||
then
|
||||
printf "${IRed}Sorry but something went wrong. Please report this issue to $ISSUES and include the output of the error message. Thank you!${Color_Off}\n"
|
||||
echo "$* failed"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
# END OF FUNCTIONS #
|
||||
|
||||
# Check if root
|
||||
root_check
|
||||
|
||||
# Nextcloud 13 is required.
|
||||
lowest_compatible_nc 13
|
||||
|
||||
# Check network
|
||||
if network_ok
|
||||
then
|
||||
|
@ -68,16 +78,47 @@ else
|
|||
echo "Setting correct interface..."
|
||||
[ -z "$IFACE" ] && IFACE=$(lshw -c network | grep "logical name" | awk '{print $3; exit}')
|
||||
# Set correct interface
|
||||
{
|
||||
sed '/# The primary network interface/q' /etc/network/interfaces
|
||||
printf 'auto %s\niface %s inet dhcp\n# This is an autoconfigured IPv6 interface\niface %s inet6 auto\n' "$IFACE" "$IFACE" "$IFACE"
|
||||
} > /etc/network/interfaces.new
|
||||
mv /etc/network/interfaces.new /etc/network/interfaces
|
||||
service networking restart
|
||||
# shellcheck source=lib.sh
|
||||
CHECK_CURRENT_REPO=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
unset CHECK_CURRENT_REPO
|
||||
cat <<-SETDHCP > "/etc/netplan/01-netcfg.yaml"
|
||||
network:
|
||||
version: 2
|
||||
renderer: networkd
|
||||
ethernets:
|
||||
$IFACE:
|
||||
dhcp4: yes
|
||||
dhcp6: yes
|
||||
SETDHCP
|
||||
check_command netplan apply
|
||||
check_command service network-manager restart
|
||||
ip link set "$IFACE" down
|
||||
wait
|
||||
ip link set "$IFACE" up
|
||||
wait
|
||||
check_command service network-manager restart
|
||||
echo "Checking connection..."
|
||||
sleep 3
|
||||
if ! nslookup github.com
|
||||
then
|
||||
msg_box "Network NOT OK. You must have a working network connection to run this script
|
||||
If you think that this is a bug, please report it to https://github.com/nextcloud/vm/issues."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Check network again
|
||||
if network_ok
|
||||
then
|
||||
printf "${Green}Online!${Color_Off}\n"
|
||||
else
|
||||
msg_box "Network NOT OK. You must have a working network connection to run this script
|
||||
If you think that this is a bug, please report it to https://github.com/nextcloud/vm/issues."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# shellcheck source=lib.sh
|
||||
NCDB=1 && CHECK_CURRENT_REPO=1 && NC_UPDATE=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
unset NC_UPDATE
|
||||
unset CHECK_CURRENT_REPO
|
||||
unset NCDB
|
||||
|
||||
# Check for errors + debug code and abort if something isn't right
|
||||
# 1 = ON
|
||||
|
@ -85,15 +126,14 @@ fi
|
|||
DEBUG=0
|
||||
debug_mode
|
||||
|
||||
# Check network
|
||||
if network_ok
|
||||
then
|
||||
printf "${Green}Online!${Color_Off}\n"
|
||||
else
|
||||
msg_box "Network NOT OK!
|
||||
# Nextcloud 13 is required.
|
||||
lowest_compatible_nc 13
|
||||
|
||||
You must have a working Network connection to run this script.
|
||||
Please report this issue here: $ISSUES"
|
||||
# Check that this run on the PostgreSQL VM
|
||||
if ! which psql > /dev/null
|
||||
then
|
||||
echo "This script is intended to be run on then PostgreSQL VM but PostgreSQL is not installed."
|
||||
echo "Aborting..."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
@ -167,7 +207,7 @@ download_static_script update
|
|||
download_static_script trusted
|
||||
download_static_script test_connection
|
||||
download_static_script setup_secure_permissions_nextcloud
|
||||
download_static_script change_mysql_pass
|
||||
download_static_script change_db_pass
|
||||
download_static_script nextcloud
|
||||
download_static_script update-config
|
||||
download_static_script index
|
||||
|
@ -190,8 +230,8 @@ msg_box "This script will configure your Nextcloud and activate SSL.
|
|||
It will also do the following:
|
||||
|
||||
- Generate new SSH keys for the server
|
||||
- Generate new MariaDB password
|
||||
- Install phpMyadmin and make it secure
|
||||
- Generate new PotgreSQL password
|
||||
- Install phpPGadmin and make it secure
|
||||
- Install selected apps and automatically configure them
|
||||
- Detect and set hostname
|
||||
- Upgrade your system and Nextcloud to latest version
|
||||
|
@ -242,12 +282,11 @@ printf "\nGenerating new SSH keys for the server...\n"
|
|||
rm -v /etc/ssh/ssh_host_*
|
||||
dpkg-reconfigure openssh-server
|
||||
|
||||
# Generate new MariaDB password
|
||||
echo "Generating new MARIADB password..."
|
||||
if bash "$SCRIPTS/change_mysql_pass.sh" && wait
|
||||
then
|
||||
rm "$SCRIPTS/change_mysql_pass.sh"
|
||||
fi
|
||||
# Generate new PostgreSQL password
|
||||
echo "Generating new PostgreSQL password..."
|
||||
check_command bash "$SCRIPTS/change_db_pass.sh"
|
||||
sleep 3
|
||||
clear
|
||||
|
||||
msg_box "The following script will install a trusted
|
||||
SSL certificate through Let's Encrypt.
|
||||
|
@ -272,7 +311,7 @@ clear
|
|||
# Install Apps
|
||||
whiptail --title "Which apps do you want to install?" --checklist --separate-output "Automatically configure and install selected apps\nSelect by pressing the spacebar" "$WT_HEIGHT" "$WT_WIDTH" 4 \
|
||||
"Fail2ban" "(Extra Bruteforce protection) " OFF \
|
||||
"phpMyadmin" "(*SQL GUI) " OFF \
|
||||
"phpPGadmin" "(PostgreSQL GUI) " OFF \
|
||||
"Netdata" "(Real-time server monitoring) " OFF \
|
||||
"Collabora" "(Online editing 2GB RAM) " OFF \
|
||||
"OnlyOffice" "(Online editing 4GB RAM) " OFF \
|
||||
|
@ -288,12 +327,12 @@ do
|
|||
run_app_script fail2ban
|
||||
;;
|
||||
|
||||
Netdata)
|
||||
run_app_script netdata
|
||||
phpPGadmin)
|
||||
run_app_script phppgadmin_install_ubuntu
|
||||
;;
|
||||
|
||||
phpMyadmin)
|
||||
run_app_script phpmyadmin_install_ubuntu16
|
||||
Netdata)
|
||||
run_app_script netdata
|
||||
;;
|
||||
|
||||
OnlyOffice)
|
||||
|
@ -390,8 +429,9 @@ rm "$SCRIPTS"/temporary-fix.sh
|
|||
|
||||
# Cleanup 1
|
||||
occ_command maintenance:repair
|
||||
rm -f "$SCRIPTS/ip.sh"
|
||||
rm -f "$SCRIPTS/change_db_pass.sh"
|
||||
rm -f "$SCRIPTS/test_connection.sh"
|
||||
rm -f "$SCRIPTS/change_mysql_pass.sh"
|
||||
rm -f "$SCRIPTS/instruction.sh"
|
||||
rm -f "$NCDATA/nextcloud.log"
|
||||
rm -f "$SCRIPTS/nextcloud-startup-script.sh"
|
||||
|
@ -472,7 +512,7 @@ Login to Nextcloud in your browser:
|
|||
|
||||
Some tips and tricks:
|
||||
1. Publish your server online: https://goo.gl/iUGE2U
|
||||
2. To login to MariaDB just type: mysql -u root
|
||||
2. To login to PostgreSQL just type: sudo -u postgres psql nextcloud_db
|
||||
3. To update this VM just type: sudo bash /var/scripts/update.sh
|
||||
4. Change IP to something outside DHCP: sudo nano /etc/network/interfaces
|
||||
5. Please report any bugs here: https://github.com/nextcloud/vm/issues
|
||||
|
@ -493,12 +533,6 @@ fi
|
|||
# Prefer IPv6
|
||||
sed -i "s|precedence ::ffff:0:0/96 100|#precedence ::ffff:0:0/96 100|g" /etc/gai.conf
|
||||
|
||||
# Shutdown MariaDB gracefully
|
||||
echo "Shutting down MariaDB..."
|
||||
check_command sudo systemctl stop mariadb.service
|
||||
rm -f /var/lib/mysql/ib_logfile[01]
|
||||
echo
|
||||
|
||||
# Reboot
|
||||
any_key "Installation finished, press any key to reboot system..."
|
||||
rm -f "$SCRIPTS/nextcloud-startup-script.sh"
|
||||
|
|
|
@ -48,6 +48,10 @@ debug_mode
|
|||
# Check if root
|
||||
root_check
|
||||
|
||||
# Set locales
|
||||
install_if_not language-pack-en-base
|
||||
sudo locale-gen "sv_SE.UTF-8" && sudo dpkg-reconfigure --frontend=noninteractive locales
|
||||
|
||||
# Test RAM size (2GB min) + CPUs (min 1)
|
||||
ram_check 2 Nextcloud
|
||||
cpu_check 1 Nextcloud
|
||||
|
@ -55,21 +59,8 @@ cpu_check 1 Nextcloud
|
|||
# Create new current user
|
||||
run_static_script adduser nextcloud_install_production.sh
|
||||
|
||||
# Check Ubuntu version
|
||||
echo "Checking server OS and version..."
|
||||
if [ "$OS" != 1 ]
|
||||
then
|
||||
msg_box "Ubuntu Server is required to run this script.
|
||||
Please install that distro and try again.
|
||||
|
||||
You can find the download link here: https://www.ubuntu.com/download/server"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! version 16.04 "$DISTRO" 16.04.4; then
|
||||
msg_box "Ubuntu version $DISTRO must be between 16.04 - 16.04.4"
|
||||
exit 1
|
||||
fi
|
||||
# Check distrobution and version
|
||||
check_distro_version
|
||||
|
||||
# Check if key is available
|
||||
if ! wget -q -T 10 -t 2 "$NCREPO" > /dev/null
|
||||
|
@ -91,34 +82,8 @@ then
|
|||
mkdir -p "$SCRIPTS"
|
||||
fi
|
||||
|
||||
# Change DNS
|
||||
if ! [ -x "$(command -v resolvconf)" ]
|
||||
then
|
||||
apt install resolvconf -y -q
|
||||
dpkg-reconfigure resolvconf
|
||||
fi
|
||||
echo "nameserver 9.9.9.9" > /etc/resolvconf/resolv.conf.d/base
|
||||
echo "nameserver 149.112.112.112" >> /etc/resolvconf/resolv.conf.d/base
|
||||
|
||||
# Check network
|
||||
if ! [ -x "$(command -v nslookup)" ]
|
||||
then
|
||||
apt install dnsutils -y -q
|
||||
fi
|
||||
if ! [ -x "$(command -v ifup)" ]
|
||||
then
|
||||
apt install ifupdown -y -q
|
||||
fi
|
||||
sudo ifdown "$IFACE" && sudo ifup "$IFACE"
|
||||
if ! nslookup google.com
|
||||
then
|
||||
msg_box "Network NOT OK. You must have a working network connection to run this script."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Set locales
|
||||
apt install language-pack-en-base -y
|
||||
sudo locale-gen "sv_SE.UTF-8" && sudo dpkg-reconfigure --frontend=noninteractive locales
|
||||
test_connection
|
||||
|
||||
# Check where the best mirrors are and update
|
||||
echo
|
||||
|
@ -155,56 +120,19 @@ else
|
|||
clear
|
||||
fi
|
||||
|
||||
# Update system
|
||||
# Install PostgreSQL
|
||||
# sudo add-apt-repository "deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main"
|
||||
# wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
|
||||
apt update -q4 & spinner_loading
|
||||
apt install postgresql-10 -y
|
||||
|
||||
# Write MariaDB pass to file and keep it safe
|
||||
{
|
||||
echo "[client]"
|
||||
echo "password='$MARIADB_PASS'"
|
||||
} > "$MYCNF"
|
||||
chmod 0600 $MYCNF
|
||||
chown root:root $MYCNF
|
||||
|
||||
# Install MARIADB
|
||||
apt install software-properties-common -y
|
||||
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
|
||||
sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://ftp.ddg.lth.se/mariadb/repo/10.2/ubuntu xenial main'
|
||||
sudo debconf-set-selections <<< "mariadb-server-10.2 mysql-server/root_password password $MARIADB_PASS"
|
||||
sudo debconf-set-selections <<< "mariadb-server-10.2 mysql-server/root_password_again password $MARIADB_PASS"
|
||||
apt update -q4 & spinner_loading
|
||||
check_command apt install mariadb-server-10.2 -y
|
||||
|
||||
# Prepare for Nextcloud installation
|
||||
# https://blog.v-gar.de/2018/02/en-solved-error-1698-28000-in-mysqlmariadb/
|
||||
mysql -u root mysql -p"$MARIADB_PASS" -e "UPDATE user SET plugin='' WHERE user='root';"
|
||||
mysql -u root mysql -p"$MARIADB_PASS" -e "UPDATE user SET password=PASSWORD('$MARIADB_PASS') WHERE user='root';"
|
||||
mysql -u root -p"$MARIADB_PASS" -e "flush privileges;"
|
||||
|
||||
# mysql_secure_installation
|
||||
apt -y install expect
|
||||
SECURE_MYSQL=$(expect -c "
|
||||
set timeout 10
|
||||
spawn mysql_secure_installation
|
||||
expect \"Enter current password for root (enter for none):\"
|
||||
send \"$MARIADB_PASS\r\"
|
||||
expect \"Change the root password?\"
|
||||
send \"n\r\"
|
||||
expect \"Remove anonymous users?\"
|
||||
send \"y\r\"
|
||||
expect \"Disallow root login remotely?\"
|
||||
send \"y\r\"
|
||||
expect \"Remove test database and access to it?\"
|
||||
send \"y\r\"
|
||||
expect \"Reload privilege tables now?\"
|
||||
send \"y\r\"
|
||||
expect eof
|
||||
")
|
||||
echo "$SECURE_MYSQL"
|
||||
apt -y purge expect
|
||||
|
||||
# Write a new MariaDB config
|
||||
run_static_script new_etc_mycnf
|
||||
# Create DB
|
||||
cd /tmp
|
||||
sudo -u postgres psql <<END
|
||||
CREATE USER $NCUSER WITH PASSWORD '$PGDB_PASS';
|
||||
CREATE DATABASE nextcloud_db WITH OWNER $NCUSER TEMPLATE template0 ENCODING 'UTF8';
|
||||
END
|
||||
service postgresql restart
|
||||
|
||||
# Install Apache
|
||||
check_command apt install apache2 -y
|
||||
|
@ -216,35 +144,35 @@ a2enmod rewrite \
|
|||
ssl \
|
||||
setenvif
|
||||
|
||||
# Install PHP 7.0
|
||||
# Install PHP 7.2
|
||||
apt update -q4 & spinner_loading
|
||||
check_command apt install -y \
|
||||
libapache2-mod-php7.0 \
|
||||
php7.0-common \
|
||||
php7.0-mysql \
|
||||
php7.0-intl \
|
||||
php7.0-mcrypt \
|
||||
php7.0-ldap \
|
||||
php7.0-imap \
|
||||
php7.0-cli \
|
||||
php7.0-gd \
|
||||
php7.0-pgsql \
|
||||
php7.0-json \
|
||||
php7.0-sqlite3 \
|
||||
php7.0-curl \
|
||||
php7.0-xml \
|
||||
php7.0-zip \
|
||||
php7.0-mbstring \
|
||||
libapache2-mod-php7.2 \
|
||||
php7.2-common \
|
||||
php7.2-intl \
|
||||
php7.2-ldap \
|
||||
php7.2-imap \
|
||||
php7.2-cli \
|
||||
php7.2-gd \
|
||||
php7.2-pgsql \
|
||||
php7.2-json \
|
||||
php7.2-curl \
|
||||
php7.2-xml \
|
||||
php7.2-zip \
|
||||
php7.2-mbstring \
|
||||
php-smbclient \
|
||||
php-imagick \
|
||||
libmagickcore-6.q16-2-extra
|
||||
libmagickcore-6.q16-3-extra
|
||||
|
||||
# Enable SMB client
|
||||
# echo '# This enables php-smbclient' >> /etc/php/7.0/apache2/php.ini
|
||||
# echo 'extension="smbclient.so"' >> /etc/php/7.0/apache2/php.ini
|
||||
|
||||
# Install VM-tools
|
||||
apt install open-vm-tools -y
|
||||
install_if_not open-vm-tools
|
||||
|
||||
# Format /dev/sdb to host the ncdata
|
||||
run_static_script format-sdb
|
||||
|
||||
# Download and validate Nextcloud package
|
||||
check_command download_verify_nextcloud_stable
|
||||
|
@ -263,17 +191,14 @@ rm "$HTML/$STABLEVERSION.tar.bz2"
|
|||
download_static_script setup_secure_permissions_nextcloud
|
||||
bash $SECURE & spinner_loading
|
||||
|
||||
# Create database nextcloud_db
|
||||
mysql -u root -p"$MARIADB_PASS" -e "CREATE DATABASE IF NOT EXISTS nextcloud_db;"
|
||||
|
||||
# Install Nextcloud
|
||||
cd "$NCPATH"
|
||||
occ_command maintenance:install \
|
||||
--data-dir="$NCDATA" \
|
||||
--database=mysql \
|
||||
--database=pgsql \
|
||||
--database-name=nextcloud_db \
|
||||
--database-user=root \
|
||||
--database-pass="$MARIADB_PASS" \
|
||||
--database-user="$NCUSER" \
|
||||
--database-pass="$PGDB_PASS" \
|
||||
--admin-user="$NCUSER" \
|
||||
--admin-pass="$NCPASS"
|
||||
echo
|
||||
|
@ -282,41 +207,20 @@ occ_command status
|
|||
sleep 3
|
||||
echo
|
||||
|
||||
# Enable UTF8mb4 (4-byte support)
|
||||
databases=$(mysql -u root -p"$MARIADB_PASS" -e "SHOW DATABASES;" | tr -d "| " | grep -v Database)
|
||||
for db in $databases; do
|
||||
if [[ "$db" != "performance_schema" ]] && [[ "$db" != _* ]] && [[ "$db" != "information_schema" ]];
|
||||
then
|
||||
echo "Changing to UTF8mb4 on: $db"
|
||||
mysql -u root -p"$MARIADB_PASS" -e "ALTER DATABASE $db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
|
||||
fi
|
||||
done
|
||||
#if [ $? -ne 0 ]
|
||||
#then
|
||||
# echo "UTF8mb4 was not set. Something is wrong."
|
||||
# echo "Please report this bug to $ISSUES. Thank you!"
|
||||
# exit 1
|
||||
#fi
|
||||
|
||||
# Repair and set Nextcloud config values
|
||||
mysqlcheck -u root -p"$MARIADB_PASS" --auto-repair --optimize --all-databases
|
||||
occ_command config:system:set mysql.utf8mb4 --type boolean --value="true"
|
||||
occ_command maintenance:repair
|
||||
|
||||
# Prepare cron.php to be run every 15 minutes
|
||||
crontab -u www-data -l | { cat; echo "*/15 * * * * php -f $NCPATH/cron.php > /dev/null 2>&1"; } | crontab -u www-data -
|
||||
|
||||
# Change values in php.ini (increase max file size)
|
||||
# max_execution_time
|
||||
sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" /etc/php/7.0/apache2/php.ini
|
||||
sed -i "s|max_execution_time =.*|max_execution_time = 3500|g" /etc/php/7.2/apache2/php.ini
|
||||
# max_input_time
|
||||
sed -i "s|max_input_time =.*|max_input_time = 3600|g" /etc/php/7.0/apache2/php.ini
|
||||
sed -i "s|max_input_time =.*|max_input_time = 3600|g" /etc/php/7.2/apache2/php.ini
|
||||
# memory_limit
|
||||
sed -i "s|memory_limit =.*|memory_limit = 512M|g" /etc/php/7.0/apache2/php.ini
|
||||
sed -i "s|memory_limit =.*|memory_limit = 512M|g" /etc/php/7.2/apache2/php.ini
|
||||
# post_max
|
||||
sed -i "s|post_max_size =.*|post_max_size = 1100M|g" /etc/php/7.0/apache2/php.ini
|
||||
sed -i "s|post_max_size =.*|post_max_size = 1100M|g" /etc/php/7.2/apache2/php.ini
|
||||
# upload_max
|
||||
sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1000M|g" /etc/php/7.0/apache2/php.ini
|
||||
sed -i "s|upload_max_filesize =.*|upload_max_filesize = 1000M|g" /etc/php/7.2/apache2/php.ini
|
||||
|
||||
# Set max upload in Nextcloud .htaccess
|
||||
configure_max_upload
|
||||
|
@ -340,7 +244,7 @@ echo "opcache.memory_consumption=256"
|
|||
echo "opcache.save_comments=1"
|
||||
echo "opcache.revalidate_freq=1"
|
||||
echo "opcache.validate_timestamps=1"
|
||||
} >> /etc/php/7.0/apache2/php.ini
|
||||
} >> /etc/php/7.2/apache2/php.ini
|
||||
|
||||
# Install preview generator
|
||||
install_and_enable_app previewgenerator
|
||||
|
@ -361,7 +265,10 @@ install_and_enable_app issuetemplate
|
|||
install_and_enable_app caniupdate
|
||||
|
||||
# Install Figlet
|
||||
apt install figlet -y
|
||||
install_if_not figlet
|
||||
|
||||
# To be able to use snakeoil certs
|
||||
install_if_not ssl-cert
|
||||
|
||||
# Generate $HTTP_CONF
|
||||
if [ ! -f $HTTP_CONF ]
|
||||
|
@ -520,7 +427,7 @@ check_command run_static_script change-ncadmin-profile
|
|||
check_command run_static_script change-root-profile
|
||||
|
||||
# Install Redis
|
||||
run_static_script redis-server-ubuntu16
|
||||
run_static_script redis-server-ubuntu
|
||||
|
||||
# Upgrade
|
||||
apt update -q4 & spinner_loading
|
||||
|
@ -537,13 +444,13 @@ apt autoclean
|
|||
find /root "/home/$UNIXUSER" -type f \( -name '*.sh*' -o -name '*.html*' -o -name '*.tar*' -o -name '*.zip*' \) -delete
|
||||
|
||||
# Install virtual kernels for Hyper-V, and extra for UTF8 kernel module + Collabora and OnlyOffice
|
||||
# Kernel 4.4
|
||||
apt install --install-recommends -y \
|
||||
linux-virtual-lts-xenial \
|
||||
linux-tools-virtual-lts-xenial \
|
||||
linux-cloud-tools-virtual-lts-xenial \
|
||||
linux-image-virtual-lts-xenial \
|
||||
linux-image-extra-"$(uname -r)"
|
||||
# Kernel 4.15
|
||||
yes | apt install --install-recommends \
|
||||
linux-virtual \
|
||||
linux-tools-virtual \
|
||||
linux-cloud-tools-virtual \
|
||||
linux-image-virtual \
|
||||
linux-image-extra-virtual
|
||||
|
||||
# Set secure permissions final (./data/.htaccess has wrong permissions otherwise)
|
||||
bash $SECURE & spinner_loading
|
||||
|
|
|
@ -2,9 +2,8 @@
|
|||
# shellcheck disable=2034,2059
|
||||
true
|
||||
# shellcheck source=lib.sh
|
||||
NCDB=1 && MYCNFPW=1 && NC_UPDATE=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
NCDB=1 && NC_UPDATE=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
unset NC_UPDATE
|
||||
unset MYCNFPW
|
||||
unset NCDB
|
||||
|
||||
# Tech and Me © - 2018, https://www.techandme.se/
|
||||
|
@ -28,24 +27,18 @@ is_process_running apt
|
|||
is_process_running dpkg
|
||||
|
||||
# System Upgrade
|
||||
if which mysql > /dev/null
|
||||
then
|
||||
apt-mark hold mariadb*
|
||||
apt-mark hold mariadb-server-10.2*
|
||||
fi
|
||||
apt update -q4 & spinner_loading
|
||||
export DEBIAN_FRONTEND=noninteractive ; apt dist-upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
|
||||
if which mysql > /dev/null
|
||||
then
|
||||
apt-mark unhold mariadb*
|
||||
apt-mark unhold mariadb-server-10.2*
|
||||
echo
|
||||
echo "If you want to upgrade MariaDB, please run 'sudo apt update && sudo apt dist-upgrade -y'"
|
||||
sleep 2
|
||||
|
||||
# Update Redis PHP extention
|
||||
if type pecl > /dev/null 2>&1
|
||||
then
|
||||
install_if_not php7.0-dev
|
||||
echo "Trying to upgrade the Redis Pecl extenstion..."
|
||||
yes no | pecl upgrade redis
|
||||
service redis-server restart
|
||||
service apache2 restart
|
||||
fi
|
||||
|
||||
# Update Netdata
|
||||
|
@ -126,6 +119,42 @@ else
|
|||
exit 0
|
||||
fi
|
||||
|
||||
# Upgrade Nextcloud
|
||||
echo "Checking latest released version on the Nextcloud download server and if it's possible to download..."
|
||||
if ! wget -q --show-progress -T 10 -t 2 "$NCREPO/$STABLEVERSION.tar.bz2"
|
||||
then
|
||||
msg_box "Nextcloud does not exist. You were looking for: $NCVERSION
|
||||
Please check available versions here: $NCREPO"
|
||||
exit 1
|
||||
else
|
||||
rm -f "$STABLEVERSION.tar.bz2"
|
||||
fi
|
||||
|
||||
echo "Backing up files and upgrading to Nextcloud $NCVERSION in 10 seconds..."
|
||||
echo "Press CTRL+C to abort."
|
||||
sleep 10
|
||||
|
||||
# Backup PostgreSQL
|
||||
if which psql > /dev/null
|
||||
then
|
||||
cd /tmp
|
||||
if sudo -u postgres psql -c "SELECT 1 AS result FROM pg_database WHERE datname='$NCCONFIGDB'" | grep "1 row" > /dev/null
|
||||
then
|
||||
echo "Doing pgdump of $NCCONFIGDB..."
|
||||
check_command sudo -u postgres pg_dump "$NCCONFIGDB" > "$BACKUP"/nextclouddb.sql
|
||||
else
|
||||
echo "Doing pgdump of all databases..."
|
||||
check_command sudo -u postgres pg_dumpall > "$BACKUP"/alldatabases.sql
|
||||
fi
|
||||
fi
|
||||
|
||||
# If MariaDB then:
|
||||
mariadb_backup() {
|
||||
MYCNF=/root/.my.cnf
|
||||
MARIADBMYCNFPASS=$(grep "password" $MYCNF | sed -n "/password/s/^password='\(.*\)'$/\1/p")
|
||||
NCCONFIGDB=$(grep "dbname" $NCPATH/config/config.php | awk '{print $3}' | sed "s/[',]//g")
|
||||
NCCONFIGDBPASS=$(grep "dbpassword" $NCPATH/config/config.php | awk '{print $3}' | sed "s/[',]//g")
|
||||
# Path to specific files
|
||||
# Make sure old instaces can upgrade as well
|
||||
if [ ! -f "$MYCNF" ] && [ -f /var/mysql_password.txt ]
|
||||
then
|
||||
|
@ -149,32 +178,23 @@ then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$MARIADBMYCNFPASS" ]
|
||||
# Backup MariaDB
|
||||
if mysql -u root -p"$MARIADBMYCNFPASS" -e "SHOW DATABASES LIKE '$NCCONFIGDB'" > /dev/null
|
||||
then
|
||||
msg_box "Something went wrong with copying your mysql password to $MYCNF.
|
||||
|
||||
We wrote a guide on how to fix this. You can find the guide here:
|
||||
https://www.techandme.se/reset-mysql-5-7-root-password/"
|
||||
exit 1
|
||||
echo "Doing mysqldump of $NCCONFIGDB..."
|
||||
check_command mysqldump -u root -p"$MARIADBMYCNFPASS" -d "$NCCONFIGDB" > "$BACKUP"/nextclouddb.sql
|
||||
else
|
||||
rm -f /var/mysql_password.txt
|
||||
echo "Doing mysqldump of all databases..."
|
||||
check_command mysqldump -u root -p"$MARIADBMYCNFPASS" -d --all-databases > "$BACKUP"/alldatabases.sql
|
||||
fi
|
||||
}
|
||||
|
||||
# Upgrade Nextcloud
|
||||
echo "Checking latest released version on the Nextcloud download server and if it's possible to download..."
|
||||
if ! wget -q --show-progress -T 10 -t 2 "$NCREPO/$STABLEVERSION.tar.bz2"
|
||||
# Do the actual backup
|
||||
if which mysql > /dev/null
|
||||
then
|
||||
msg_box "Nextcloud does not exist. You were looking for: $NCVERSION
|
||||
Please check available versions here: $NCREPO"
|
||||
exit 1
|
||||
else
|
||||
rm -f "$STABLEVERSION.tar.bz2"
|
||||
mariadb_backup
|
||||
fi
|
||||
|
||||
echo "Backing up files and upgrading to Nextcloud $NCVERSION in 10 seconds..."
|
||||
echo "Press CTRL+C to abort."
|
||||
sleep 10
|
||||
|
||||
# Check if backup exists and move to old
|
||||
echo "Backing up data..."
|
||||
DATE=$(date +%Y-%m-%d-%H%M%S)
|
||||
|
@ -205,16 +225,6 @@ else
|
|||
printf "${Green}\nBackup OK!${Color_Off}\n"
|
||||
fi
|
||||
|
||||
# Backup MARIADB
|
||||
if mysql -u root -p"$MARIADBMYCNFPASS" -e "SHOW DATABASES LIKE '$NCCONFIGDB'" > /dev/null
|
||||
then
|
||||
echo "Doing mysqldump of $NCCONFIGDB..."
|
||||
check_command mysqldump -u root -p"$MARIADBMYCNFPASS" -d "$NCCONFIGDB" > "$BACKUP"/nextclouddb.sql
|
||||
else
|
||||
echo "Doing mysqldump of all databases..."
|
||||
check_command mysqldump -u root -p"$MARIADBMYCNFPASS" -d --all-databases > "$BACKUP"/alldatabases.sql
|
||||
fi
|
||||
|
||||
# Download and validate Nextcloud package
|
||||
check_command download_verify_nextcloud_stable
|
||||
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
#!/bin/bash
|
||||
# shellcheck disable=2034,2059
|
||||
true
|
||||
# shellcheck source=lib.sh
|
||||
NCDBPASS=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
unset NCDBPASS
|
||||
|
||||
# Tech and Me © - 2018, https://www.techandme.se/
|
||||
|
||||
# Check for errors + debug code and abort if something isn't right
|
||||
# 1 = ON
|
||||
# 0 = OFF
|
||||
DEBUG=0
|
||||
debug_mode
|
||||
|
||||
# Change PostgreSQL Password
|
||||
cd /tmp
|
||||
sudo -u www-data php "$NCPATH"/occ config:system:set dbpassword --value="$NEWPGPASS"
|
||||
|
||||
if [ "$(sudo -u postgres psql -c "ALTER USER $NCUSER WITH PASSWORD '$NEWPGPASS'";)" == "ALTER ROLE" ]
|
||||
then
|
||||
echo -e "${Green}Your new PosgreSQL Nextcloud password is: $NEWPGPASS${Color_Off}"
|
||||
else
|
||||
echo "Changing PostgreSQL Nextcloud password failed."
|
||||
sed -i "s| 'dbpassword' =>.*| 'dbpassword' => '$NCCONFIGDBPASS',|g" /var/www/nextcloud/config/config.php
|
||||
echo "Nothing is changed. Your old password is: $NCCONFIGDBPASS"
|
||||
exit 1
|
||||
fi
|
|
@ -1,30 +0,0 @@
|
|||
#!/bin/bash
|
||||
# shellcheck disable=2034,2059
|
||||
true
|
||||
# shellcheck source=lib.sh
|
||||
MYCNFPW=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
unset MYCNFPW
|
||||
|
||||
# Tech and Me © - 2018, https://www.techandme.se/
|
||||
|
||||
# Check for errors + debug code and abort if something isn't right
|
||||
# 1 = ON
|
||||
# 0 = OFF
|
||||
DEBUG=0
|
||||
debug_mode
|
||||
|
||||
# Change MARIADB Password
|
||||
if mysqladmin -u root -p"$MARIADBMYCNFPASS" password "$NEWMARIADBPASS" > /dev/null 2>&1
|
||||
then
|
||||
echo -e "${Green}Your new MARIADB root password is: $NEWMARIADBPASS${Color_Off}"
|
||||
cat << LOGIN > "$MYCNF"
|
||||
[client]
|
||||
password='$NEWMARIADBPASS'
|
||||
LOGIN
|
||||
chmod 0600 $MYCNF
|
||||
exit 0
|
||||
else
|
||||
echo "Changing MARIADB root password failed."
|
||||
echo "Your old password is: $MARIADBMYCNFPASS"
|
||||
exit 1
|
||||
fi
|
|
@ -0,0 +1,126 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Tech and Me © - 2018, https://www.techandme.se/
|
||||
|
||||
# shellcheck disable=2034,2059
|
||||
true
|
||||
# shellcheck source=lib.sh
|
||||
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
|
||||
# Check if root
|
||||
root_check
|
||||
|
||||
# Check if ZFS utils are installed
|
||||
install_if_not zfsutils-linux
|
||||
|
||||
LABEL_=ncdata
|
||||
MOUNT_=/mnt/$LABEL_
|
||||
|
||||
format() {
|
||||
# umount if mounted
|
||||
umount /mnt/* &> /dev/null
|
||||
|
||||
# mkdir if not existing
|
||||
mkdir -p "$MOUNT_"
|
||||
|
||||
# Check still not mounted
|
||||
#These functions return exit codes: 0 = found, 1 = not found
|
||||
isMounted() { findmnt -rno SOURCE,TARGET "$1" >/dev/null;} #path or device
|
||||
isDevMounted() { findmnt -rno SOURCE "$1" >/dev/null;} #device only
|
||||
isPathMounted() { findmnt -rno TARGET "$1" >/dev/null;} #path only
|
||||
isDevPartOfZFS() { zpool status | grep "$1" >/dev/null;} #device memeber of a zpool
|
||||
|
||||
if isPathMounted "/mnt/ncdata"; #Spaces in path names are ok.
|
||||
then
|
||||
msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if isDevMounted "/dev/sdb";
|
||||
then
|
||||
msg_box "/dev/sdb is mounted and need to be unmounted before you can run this script."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#Universal:
|
||||
if isMounted "/mnt/ncdata";
|
||||
then
|
||||
msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if isMounted "/dev/sdb1";
|
||||
then
|
||||
msg_box "/dev/sdb1 is mounted and need to be unmounted before you can run this script."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if isDevPartOfZFS "sdb";
|
||||
then
|
||||
msg_box "/dev/sdb is a member of a ZFS pool and needs to be removed from any zpool before you can run this script."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Get the name of the drive
|
||||
SDB=$(fdisk -l | grep sdb | awk '{print $2}' | cut -d ":" -f1 | head -1)
|
||||
if [ "$SDB" != "/dev/sdb" ]
|
||||
then
|
||||
msg_box "It seems like /dev/sdb does not exist.
|
||||
This script requires that you mount a second drive to hold the data.
|
||||
|
||||
Please shutdown the server and mount a second drive, then start this script again.
|
||||
|
||||
If you want help you can buy support in our shop:
|
||||
https://shop.techandme.se/index.php/product/premium-support-per-30-minutes/"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if lsblk -l -n | grep -v mmcblk | grep disk | awk '{ print $1 }' | tail -1 > /dev/null
|
||||
then
|
||||
msg_box "Formatting $SDB when you hit OK.
|
||||
|
||||
*** WARNING: ALL YOUR DATA WILL BE ERASED! ***"
|
||||
if zpool list | grep "$LABEL_" > /dev/null
|
||||
then
|
||||
check_command zpool destroy "$LABEL_"
|
||||
fi
|
||||
check_command wipefs -a -f "$SDB"
|
||||
sleep 0.5
|
||||
check_command zpool create -f -o ashift=12 "$LABEL_" "$SDB"
|
||||
check_command zpool set failmode=continue "$LABEL_"
|
||||
check_command zfs set mountpoint="$MOUNT_" "$LABEL_"
|
||||
check_command zfs set compression=lz4 "$LABEL_"
|
||||
check_command zfs set sync=standard "$LABEL_"
|
||||
check_command zfs set xattr=sa "$LABEL_"
|
||||
check_command zfs set primarycache=all "$LABEL_"
|
||||
check_command zfs set atime=off "$LABEL_"
|
||||
check_command zfs set recordsize=128k "$LABEL_"
|
||||
check_command zfs set logbias=latency "$LABEL_"
|
||||
|
||||
else
|
||||
msg_box "It seems like /dev/sdb does not exist.
|
||||
This script requires that you mount a second drive to hold the data.
|
||||
|
||||
Please shutdown the server and mount a second drive, then start this script again.
|
||||
|
||||
If you want help you can buy support in our shop:
|
||||
https://shop.techandme.se/index.php/product/premium-support-per-30-minutes/"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
format
|
||||
|
||||
# Success!
|
||||
if grep "$LABEL_" /etc/mtab
|
||||
then
|
||||
msg_box "$MOUNT_ mounted successfully as a ZFS volume.
|
||||
|
||||
Automatic scrubbing is done montly via a cronjob that you can find here:
|
||||
/etc/cron.d/zfsutils-linux
|
||||
|
||||
CURRENT STATUS:
|
||||
$(zpool status $LABEL_)
|
||||
|
||||
$(zpool list)"
|
||||
fi
|
||||
|
|
@ -135,21 +135,21 @@
|
|||
<p>Note: Webmin is installed when you run the setup script. To access Webmin externally you have to open port 10000 in your router.</p>
|
||||
</div>
|
||||
|
||||
<h2>Access phpMyadmin</h2>
|
||||
<h2>Access phpPGadmin</h2>
|
||||
|
||||
<div class="information">
|
||||
<p>Use one of the following addresses, HTTPS is preffered:
|
||||
<h3>
|
||||
<ul>
|
||||
<li><a href="http://<?=$_SERVER['SERVER_NAME'];?>/phpmyadmin">http://<?=$_SERVER['SERVER_NAME'];?></a> (HTTP)</li>
|
||||
<li><a href="https://<?=$_SERVER['SERVER_NAME'];?>/phpmyadmin">https://<?=$_SERVER['SERVER_NAME'];?></a> (HTTPS)</li>
|
||||
<li><a href="http://<?=$_SERVER['SERVER_NAME'];?>/phppgadmin">http://<?=$_SERVER['SERVER_NAME'];?></a> (HTTP)</li>
|
||||
<li><a href="https://<?=$_SERVER['SERVER_NAME'];?>/phppgadmin">https://<?=$_SERVER['SERVER_NAME'];?></a> (HTTPS)</li>
|
||||
</ul>
|
||||
</h3>
|
||||
<p>Note: Please accept the warning in the browser if you connect via HTTPS.</p>
|
||||
<h3>
|
||||
<a href="https://www.techandme.se/user-and-password-nextcloud/" target="_blank">Login details</a>
|
||||
</h3>
|
||||
<p>Note: Your external IP is set as approved in /etc/apache2/conf-available/phpmyadmin.conf, all other access is forbidden.</p>
|
||||
<p>Note: Your LAN IP is set as approved in /etc/apache2/conf-available/phppgadmin.conf, all other access is forbidden.</p>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
78
static/ip.sh
78
static/ip.sh
|
@ -15,68 +15,44 @@ DEBUG=0
|
|||
debug_mode
|
||||
|
||||
# Copy old interfaces file
|
||||
msg_box "Copying old interfaces file to:
|
||||
msg_box "Copying old netplan.io config file file to:
|
||||
|
||||
/tmp/interfaces.backup"
|
||||
check_command cp -v /etc/network/interfaces /tmp/interfaces.backup
|
||||
/tmp/01-netcfg.yaml_backup"
|
||||
check_command cp -v /etc/netplan/01-netcfg.yaml /tmp/01-netcfg.yaml_backup
|
||||
|
||||
# Check if this is VMware:
|
||||
install_if_not virt-what
|
||||
if [ "$(virt-what)" == "vmware" ]
|
||||
then
|
||||
cat <<-IPCONFIG > "$INTERFACES"
|
||||
source /etc/network/interfaces.d/*
|
||||
|
||||
# The loopback network interface
|
||||
auto lo $IFACE
|
||||
iface lo inet loopback
|
||||
|
||||
# The primary network interface
|
||||
iface $IFACE inet static
|
||||
pre-up /sbin/ethtool -K $IFACE tso off
|
||||
pre-up /sbin/ethtool -K $IFACE gso off
|
||||
# Fixes https://github.com/nextcloud/vm/issues/92:
|
||||
pre-up ip link set dev $IFACE mtu 1430
|
||||
|
||||
# Best practice is to change the static address
|
||||
# to something outside your DHCP range.
|
||||
address $ADDRESS
|
||||
netmask $NETMASK
|
||||
gateway $GATEWAY
|
||||
|
||||
# This is an autoconfigured IPv6 interface
|
||||
# iface $IFACE inet6 auto
|
||||
|
||||
# Exit and save: [CTRL+X] + [Y] + [ENTER]
|
||||
# Exit without saving: [CTRL+X]
|
||||
|
||||
network:
|
||||
version: 2
|
||||
renderer: networkd
|
||||
ethernets:
|
||||
$IFACE: #object name
|
||||
dhcp4: no # dhcp v4 disable
|
||||
dhcp6: no # dhcp v6 disable
|
||||
addresses: [$ADDRESS/24] # client IP address
|
||||
gateway4: $GATEWAY # gateway address
|
||||
nameservers:
|
||||
addresses: [$DNS1,$DNS2] #name servers
|
||||
IPCONFIG
|
||||
netplan apply
|
||||
else
|
||||
cat <<-IPCONFIGnonvmware > "$INTERFACES"
|
||||
source /etc/network/interfaces.d/*
|
||||
|
||||
# The loopback network interface
|
||||
auto lo $IFACE
|
||||
iface lo inet loopback
|
||||
|
||||
# The primary network interface
|
||||
iface $IFACE inet static
|
||||
# Fixes https://github.com/nextcloud/vm/issues/92:
|
||||
pre-up ip link set dev $IFACE mtu 1430
|
||||
|
||||
# Best practice is to change the static address
|
||||
# to something outside your DHCP range.
|
||||
address $ADDRESS
|
||||
netmask $NETMASK
|
||||
gateway $GATEWAY
|
||||
|
||||
# This is an autoconfigured IPv6 interface
|
||||
# iface $IFACE inet6 auto
|
||||
|
||||
# Exit and save: [CTRL+X] + [Y] + [ENTER]
|
||||
# Exit without saving: [CTRL+X]
|
||||
|
||||
network:
|
||||
version: 2
|
||||
renderer: networkd
|
||||
ethernets:
|
||||
$IFACE: #object name
|
||||
dhcp4: no # dhcp v4 disable
|
||||
dhcp6: no # dhcp v6 disable
|
||||
addresses: [$ADDRESS/24] # client IP address
|
||||
gateway4: $GATEWAY # gateway address
|
||||
nameservers:
|
||||
addresses: [$DNS1,$DNS2] #name servers
|
||||
IPCONFIGnonvmware
|
||||
netplan apply
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
|
|
@ -5,7 +5,8 @@
|
|||
# shellcheck disable=2034,2059
|
||||
true
|
||||
# shellcheck source=lib.sh
|
||||
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
FIRST_IFACE=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
unset FIRST_IFACE
|
||||
|
||||
# Check for errors + debug code and abort if something isn't right
|
||||
# 1 = ON
|
||||
|
@ -14,68 +15,44 @@ DEBUG=0
|
|||
debug_mode
|
||||
|
||||
# Copy old interfaces file
|
||||
msg_box "Copying old interfaces file to:
|
||||
msg_box "Copying old netplan.io config file file to:
|
||||
|
||||
/tmp/interfaces.backup2"
|
||||
check_command cp -v /etc/network/interfaces /tmp/interfaces.backup2
|
||||
/tmp/01-netcfg.yaml_backup2"
|
||||
check_command cp -v /etc/netplan/01-netcfg.yaml /tmp/01-netcfg.yaml_backup2
|
||||
|
||||
# Check if this is VMware:
|
||||
install_if_not virt-what
|
||||
if [ "$(virt-what)" == "vmware" ]
|
||||
then
|
||||
cat <<-IPCONFIG > "$INTERFACES"
|
||||
source /etc/network/interfaces.d/*
|
||||
|
||||
# The loopback network interface
|
||||
auto lo $IFACE2
|
||||
iface lo inet loopback
|
||||
|
||||
# The primary network interface
|
||||
iface $IFACE2 inet static
|
||||
pre-up /sbin/ethtool -K $IFACE2 tso off
|
||||
pre-up /sbin/ethtool -K $IFACE2 gso off
|
||||
# Fixes https://github.com/nextcloud/vm/issues/92:
|
||||
pre-up ip link set dev $IFACE2 mtu 1430
|
||||
|
||||
# Best practice is to change the static address
|
||||
# to something outside your DHCP range.
|
||||
address $ADDRESS
|
||||
netmask $NETMASK
|
||||
gateway $GATEWAY
|
||||
|
||||
# This is an autoconfigured IPv6 interface
|
||||
# iface $IFACE2 inet6 auto
|
||||
|
||||
# Exit and save: [CTRL+X] + [Y] + [ENTER]
|
||||
# Exit without saving: [CTRL+X]
|
||||
|
||||
network:
|
||||
version: 2
|
||||
renderer: networkd
|
||||
ethernets:
|
||||
$IFACE2: #object name
|
||||
dhcp4: no # dhcp v4 disable
|
||||
dhcp6: no # dhcp v6 disable
|
||||
addresses: [$ADDRESS/24] # client IP address
|
||||
gateway4: $GATEWAY # gateway address
|
||||
nameservers:
|
||||
addresses: [$DNS1,$DNS2] #name servers
|
||||
IPCONFIG
|
||||
netplan apply
|
||||
else
|
||||
cat <<-IPCONFIGnonvmware > "$INTERFACES"
|
||||
source /etc/network/interfaces.d/*
|
||||
|
||||
# The loopback network interface
|
||||
auto lo $IFACE2
|
||||
iface lo inet loopback
|
||||
|
||||
# The primary network interface
|
||||
iface $IFACE2 inet static
|
||||
# Fixes https://github.com/nextcloud/vm/issues/92:
|
||||
pre-up ip link set dev $IFACE2 mtu 1430
|
||||
|
||||
# Best practice is to change the static address
|
||||
# to something outside your DHCP range.
|
||||
address $ADDRESS
|
||||
netmask $NETMASK
|
||||
gateway $GATEWAY
|
||||
|
||||
# This is an autoconfigured IPv6 interface
|
||||
# iface $IFACE2 inet6 auto
|
||||
|
||||
# Exit and save: [CTRL+X] + [Y] + [ENTER]
|
||||
# Exit without saving: [CTRL+X]
|
||||
|
||||
network:
|
||||
version: 2
|
||||
renderer: networkd
|
||||
ethernets:
|
||||
$IFACE2: #object name
|
||||
dhcp4: no # dhcp v4 disable
|
||||
dhcp6: no # dhcp v6 disable
|
||||
addresses: [$ADDRESS/24] # client IP address
|
||||
gateway4: $GATEWAY # gateway address
|
||||
nameservers:
|
||||
addresses: [$DNS1,$DNS2] #name servers
|
||||
IPCONFIGnonvmware
|
||||
netplan apply
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
|
|
@ -1,238 +0,0 @@
|
|||
#!/bin/bash
|
||||
# shellcheck disable=2034,2059
|
||||
true
|
||||
# shellcheck source=lib.sh
|
||||
MYCNFPW=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
||||
unset MYCNFPW
|
||||
|
||||
# Check for errors + debug code and abort if something isn't right
|
||||
# 1 = ON
|
||||
# 0 = OFF
|
||||
DEBUG=0
|
||||
debug_mode
|
||||
|
||||
# Check if root
|
||||
if ! is_root
|
||||
then
|
||||
printf "\n${Red}Sorry, you are not root.\n${Color_Off}You must type: ${Cyan}sudo ${Color_Off}bash %s/nextcloud_install_production.sh\n" "$SCRIPTS"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
/bin/cat <<WRITENEW >"$ETCMYCNF"
|
||||
# MariaDB database server configuration file.
|
||||
#
|
||||
# You can copy this file to one of:
|
||||
# - "/etc/mysql/my.cnf" to set global options,
|
||||
# - "~/.my.cnf" to set user-specific options.
|
||||
#
|
||||
# One can use all long options that the program supports.
|
||||
# Run program with --help to get a list of available options and with
|
||||
# --print-defaults to see which it would actually understand and use.
|
||||
#
|
||||
# For explanations see
|
||||
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
|
||||
|
||||
# This will be passed to all mysql clients
|
||||
# It has been reported that passwords should be enclosed with ticks/quotes
|
||||
# escpecially if they contain "#" chars...
|
||||
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
|
||||
[client]
|
||||
port = 3306
|
||||
socket = /var/run/mysqld/mysqld.sock
|
||||
|
||||
# Here is entries for some specific programs
|
||||
# The following values assume you have at least 32M ram
|
||||
|
||||
# This was formally known as [safe_mysqld]. Both versions are currently parsed.
|
||||
[mysqld_safe]
|
||||
socket = /var/run/mysqld/mysqld.sock
|
||||
nice = 0
|
||||
|
||||
[mysqld]
|
||||
#
|
||||
# * Basic Settings
|
||||
#
|
||||
user = mysql
|
||||
pid-file = /var/run/mysqld/mysqld.pid
|
||||
socket = /var/run/mysqld/mysqld.sock
|
||||
port = 3306
|
||||
basedir = /usr
|
||||
datadir = /var/lib/mysql
|
||||
tmpdir = /tmp
|
||||
lc_messages_dir = /usr/share/mysql
|
||||
lc_messages = en_US
|
||||
skip-external-locking
|
||||
transaction-isolation = READ-COMMITTED
|
||||
#
|
||||
# Instead of skip-networking the default is now to listen only on
|
||||
# localhost which is more compatible and is not less secure.
|
||||
bind-address = 127.0.0.1
|
||||
#
|
||||
# * Fine Tuning
|
||||
#
|
||||
max_connections = 100
|
||||
connect_timeout = 5
|
||||
wait_timeout = 600
|
||||
max_allowed_packet = 16M
|
||||
thread_cache_size = 128
|
||||
sort_buffer_size = 4M
|
||||
bulk_insert_buffer_size = 16M
|
||||
tmp_table_size = 32M
|
||||
max_heap_table_size = 32M
|
||||
#
|
||||
# * MyISAM
|
||||
#
|
||||
# This replaces the startup script and checks MyISAM tables if needed
|
||||
# the first time they are touched. On error, make copy and try a repair.
|
||||
myisam_recover_options = BACKUP
|
||||
key_buffer_size = 128M
|
||||
#open-files-limit = 2000
|
||||
table_open_cache = 400
|
||||
myisam_sort_buffer_size = 512M
|
||||
concurrent_insert = 2
|
||||
read_buffer_size = 2M
|
||||
read_rnd_buffer_size = 1M
|
||||
#
|
||||
# * Query Cache Configuration
|
||||
#
|
||||
# Cache only tiny result sets, so we can fit more in the query cache.
|
||||
query_cache_limit = 128K
|
||||
query_cache_size = 64M
|
||||
# for more write intensive setups, set to DEMAND or OFF
|
||||
#query_cache_type = DEMAND
|
||||
#
|
||||
# * Logging and Replication
|
||||
#
|
||||
# Both location gets rotated by the cronjob.
|
||||
# Be aware that this log type is a performance killer.
|
||||
# As of 5.1 you can enable the log at runtime!
|
||||
#general_log_file = /var/log/mysql/mysql.log
|
||||
#general_log = 1
|
||||
#
|
||||
# Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf.
|
||||
#
|
||||
# we do want to know about network errors and such
|
||||
log_warnings = 2
|
||||
#
|
||||
# Enable the slow query log to see queries with especially long duration
|
||||
#slow_query_log[={0|1}]
|
||||
slow_query_log_file = /var/log/mysql/mariadb-slow.log
|
||||
long_query_time = 10
|
||||
#log_slow_rate_limit = 1000
|
||||
log_slow_verbosity = query_plan
|
||||
|
||||
#log-queries-not-using-indexes
|
||||
#log_slow_admin_statements
|
||||
#
|
||||
# The following can be used as easy to replay backup logs or for replication.
|
||||
# note: if you are setting up a replication slave, see README.Debian about
|
||||
# other settings you may need to change.
|
||||
#server-id = 1
|
||||
#report_host = master1
|
||||
#auto_increment_increment = 2
|
||||
#auto_increment_offset = 1
|
||||
log_bin = /var/log/mysql/mariadb-bin
|
||||
log_bin_index = /var/log/mysql/mariadb-bin.index
|
||||
# not fab for performance, but safer
|
||||
#sync_binlog = 1
|
||||
expire_logs_days = 10
|
||||
max_binlog_size = 100M
|
||||
# slaves
|
||||
#relay_log = /var/log/mysql/relay-bin
|
||||
#relay_log_index = /var/log/mysql/relay-bin.index
|
||||
#relay_log_info_file = /var/log/mysql/relay-bin.info
|
||||
#log_slave_updates
|
||||
#read_only
|
||||
#
|
||||
# If applications support it, this stricter sql_mode prevents some
|
||||
# mistakes like inserting invalid dates etc.
|
||||
#sql_mode = NO_ENGINE_SUBSTITUTION,TRADITIONAL
|
||||
#
|
||||
# * InnoDB
|
||||
#
|
||||
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
|
||||
# Read the manual for more InnoDB related options. There are many!
|
||||
default_storage_engine = InnoDB
|
||||
# you can't just change log file size, requires special procedure
|
||||
#innodb_log_file_size = 50M
|
||||
innodb_buffer_pool_size = 256M
|
||||
innodb_log_buffer_size = 8M
|
||||
innodb_file_per_table = 1
|
||||
innodb_open_files = 400
|
||||
innodb_io_capacity = 400
|
||||
innodb_flush_method = O_DIRECT
|
||||
innodb_flush_neighbors = 0
|
||||
innodb_adaptive_flushing = 1
|
||||
innodb_max_dirty_pages_pct = 0
|
||||
innodb_fast_shutdown = 1
|
||||
innodb_large_prefix=on
|
||||
innodb_file_format = barracuda
|
||||
innodb_doublewrite = 0
|
||||
init-connect='SET NAMES utf8mb4'
|
||||
collation_server=utf8mb4_unicode_ci
|
||||
character_set_server = utf8mb4
|
||||
skip-character-set-client-handshake
|
||||
innodb_use_native_aio = 1
|
||||
|
||||
#
|
||||
# * Security Features
|
||||
#
|
||||
# Read the manual, too, if you want chroot!
|
||||
# chroot = /var/lib/mysql/
|
||||
#
|
||||
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
|
||||
#
|
||||
# ssl-ca=/etc/mysql/cacert.pem
|
||||
# ssl-cert=/etc/mysql/server-cert.pem
|
||||
# ssl-key=/etc/mysql/server-key.pem
|
||||
|
||||
#
|
||||
# * Galera-related settings
|
||||
#
|
||||
[galera]
|
||||
# Mandatory settings
|
||||
#wsrep_on=ON
|
||||
#wsrep_provider=
|
||||
#wsrep_cluster_address=
|
||||
#binlog_format=row
|
||||
#default_storage_engine=InnoDB
|
||||
#innodb_autoinc_lock_mode=2
|
||||
#
|
||||
# Allow server to accept connections on all interfaces.
|
||||
#
|
||||
#bind-address=0.0.0.0
|
||||
#
|
||||
# Optional setting
|
||||
#wsrep_slave_threads=1
|
||||
innodb_flush_log_at_trx_commit=1
|
||||
|
||||
[mysqldump]
|
||||
quick
|
||||
quote-names
|
||||
max_allowed_packet = 16M
|
||||
|
||||
[mysql]
|
||||
default-character-set = utf8mb4
|
||||
#no-auto-rehash # faster start of mysql but no tab completion
|
||||
|
||||
[mariadb]
|
||||
innodb_use_fallocate = 1
|
||||
innodb_use_atomic_writes = 1
|
||||
innodb_use_trim = 1
|
||||
|
||||
[isamchk]
|
||||
key_buffer = 16M
|
||||
|
||||
#
|
||||
# * IMPORTANT: Additional settings that can override those from this file!
|
||||
# The files must end with '.cnf', otherwise they'll be ignored.
|
||||
#
|
||||
!includedir /etc/mysql/conf.d/
|
||||
WRITENEW
|
||||
|
||||
# Restart MariaDB
|
||||
mysqladmin -u root -p"$MARIADBMYCNFPASS" shutdown --force & spinner_loading
|
||||
wait
|
||||
check_command systemctl restart mariadb & spinner_loading
|
||||
|
||||
exit
|
|
@ -16,19 +16,7 @@ debug_mode
|
|||
root_check
|
||||
|
||||
# Check Ubuntu version
|
||||
echo "Checking server OS and version..."
|
||||
if [ "$OS" != 1 ]
|
||||
then
|
||||
echo "Ubuntu Server is required to run this script."
|
||||
echo "Please install that distro and try again."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
if ! version 16.04 "$DISTRO" 16.04.4; then
|
||||
echo "Ubuntu version $DISTRO must be between 16.04 - 16.04.4"
|
||||
exit
|
||||
fi
|
||||
check_distro_version
|
||||
|
||||
# Check if dir exists
|
||||
if [ ! -d $SCRIPTS ]
|
||||
|
@ -36,40 +24,18 @@ then
|
|||
mkdir -p $SCRIPTS
|
||||
fi
|
||||
|
||||
# Get packages to be able to install Redis
|
||||
apt update -q4 & spinner_loading
|
||||
sudo apt install -q -y \
|
||||
build-essential \
|
||||
tcl8.5 \
|
||||
php7.0-dev \
|
||||
php-pear
|
||||
# Install Redis
|
||||
install_if_not php-redis
|
||||
install_if_not redis-server
|
||||
|
||||
# Install PHPmodule
|
||||
if ! yes '' | pecl install -Z redis
|
||||
then
|
||||
msg_box "PHP module installation failed"
|
||||
exit 1
|
||||
else
|
||||
printf "${Green}\nPHP module installation OK!${Color_Off}\n"
|
||||
fi
|
||||
# Set globally doesn't work for some reason
|
||||
# touch /etc/php/7.0/mods-available/redis.ini
|
||||
# echo 'extension=redis.so' > /etc/php/7.0/mods-available/redis.ini
|
||||
# phpenmod redis
|
||||
# Setting direct to apache2 works if 'libapache2-mod-php7.0' is installed
|
||||
echo 'extension=redis.so' >> /etc/php/7.0/apache2/php.ini
|
||||
echo 'extension=redis.so' >> /etc/php/7.2/apache2/php.ini
|
||||
service apache2 restart
|
||||
|
||||
|
||||
# Install Redis
|
||||
if ! apt -y install redis-server
|
||||
then
|
||||
msg_box "Installation failed."
|
||||
exit 1
|
||||
else
|
||||
printf "${Green}\nRedis installation OK!${Color_Off}\n"
|
||||
fi
|
||||
|
||||
# Prepare for adding redis configuration
|
||||
sed -i "s|);||g" $NCPATH/config/config.php
|
||||
|
||||
|
@ -83,7 +49,7 @@ cat <<ADD_TO_CONFIG >> $NCPATH/config/config.php
|
|||
array (
|
||||
'host' => '$REDIS_SOCK',
|
||||
'port' => 0,
|
||||
'timeout' => 0,
|
||||
'timeout' => 0.5,
|
||||
'dbindex' => 0,
|
||||
'password' => '$REDIS_PASS',
|
||||
),
|
||||
|
@ -120,11 +86,6 @@ redis-cli SHUTDOWN
|
|||
chown redis:root /etc/redis/redis.conf
|
||||
chmod 600 /etc/redis/redis.conf
|
||||
|
||||
# Cleanup
|
||||
apt purge -y \
|
||||
git \
|
||||
build-essential*
|
||||
|
||||
apt update -q4 & spinner_loading
|
||||
apt autoremove -y
|
||||
apt autoclean
|
|
@ -26,10 +26,7 @@ Write this down, you will need it to set static IP
|
|||
in your router later. It's included in this guide:
|
||||
|
||||
https://www.techandme.se/open-port-80-443/ (step 1 - 5)"
|
||||
ifdown "$IFACE"
|
||||
wait
|
||||
ifup "$IFACE"
|
||||
wait
|
||||
test_connection
|
||||
bash "$SCRIPTS/ip.sh"
|
||||
if [ -z "$IFACE" ]
|
||||
then
|
||||
|
@ -38,40 +35,31 @@ https://www.techandme.se/open-port-80-443/ (step 1 - 5)"
|
|||
bash "$SCRIPTS/ip2.sh"
|
||||
rm -f "$SCRIPTS/ip2.sh"
|
||||
fi
|
||||
ifdown "$IFACE"
|
||||
wait
|
||||
ifup "$IFACE"
|
||||
wait
|
||||
echo
|
||||
echo "Testing if network is OK..."
|
||||
echo
|
||||
CONTEST=$(bash $SCRIPTS/test_connection.sh)
|
||||
if [ "$CONTEST" == "Connected!" ]
|
||||
if network_ok
|
||||
then
|
||||
# Connected!
|
||||
printf "${Green}Connected!${Color_Off}\n"
|
||||
sleep 1
|
||||
msg_box "We have now set $ADDRESS as your static IP.
|
||||
|
||||
If you want to change it later then just edit the interfaces file:
|
||||
sudo nano /etc/network/interfaces
|
||||
If you want to change it later then just edit the netplan.io YAML file:
|
||||
sudo nano /etc/netplan/01-netcfg.yaml
|
||||
|
||||
If you experience any bugs, please report it here:
|
||||
$ISSUES"
|
||||
else
|
||||
# Not connected!
|
||||
printf "${Red}Not Connected${Color_Off}\nYou should change your settings manually in the next step.\n"
|
||||
any_key "Press any key to open /etc/network/interfaces..."
|
||||
nano /etc/network/interfaces
|
||||
service networking restart
|
||||
clear
|
||||
echo "Testing if network is OK..."
|
||||
ifdown "$IFACE"
|
||||
wait
|
||||
ifup "$IFACE"
|
||||
wait
|
||||
bash "$SCRIPTS/test_connection.sh"
|
||||
wait
|
||||
msg_box "Not Connected!
|
||||
You should change your settings manually in the next step.
|
||||
|
||||
Check this site for instructions on how to do it:
|
||||
https://netplan.io/examples
|
||||
|
||||
We will put a example config for you when you hit OK, but please check the site to change it to your own values."
|
||||
any_key "Press any key to open /etc/netplan/01-netcfg.yaml..."
|
||||
nano /etc/netplan/01-netcfg.yaml
|
||||
netplan apply
|
||||
test_connection
|
||||
fi
|
||||
else
|
||||
echo "OK, then we will not set a static IP as your VPS provider already have setup the network for you..."
|
||||
|
|
Загрузка…
Ссылка в новой задаче