From 427e593a56061a18ac06fef0d553fab3bd7f3c57 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Mon, 8 Aug 2016 13:49:19 +0100 Subject: [PATCH] Include ocsp stapling --- src/freedombone-utils-web | 882 +++++++++++++++++++------------------- 1 file changed, 446 insertions(+), 436 deletions(-) diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web index deed3185..9f209d82 100755 --- a/src/freedombone-utils-web +++ b/src/freedombone-utils-web @@ -55,515 +55,525 @@ WEBSERVER_LOG_LEVEL='warn' # test a domain name to see if it's valid function validate_domain_name { - # count the number of dots in the domain name - dots=${TEST_DOMAIN_NAME//[^.]} - no_of_dots=${#dots} - if (( $no_of_dots > 3 )); then - TEST_DOMAIN_NAME=$"The domain $TEST_DOMAIN_NAME has too many subdomains. It should be of the type w.x.y.z, x.y.z or y.z" - fi - if (( $no_of_dots == 0 )); then - TEST_DOMAIN_NAME=$"The domain $TEST_DOMAIN_NAME has no top level domain. It should be of the type w.x.y.z, x.y.z or y.z" - fi + # count the number of dots in the domain name + dots=${TEST_DOMAIN_NAME//[^.]} + no_of_dots=${#dots} + if (( $no_of_dots > 3 )); then + TEST_DOMAIN_NAME=$"The domain $TEST_DOMAIN_NAME has too many subdomains. It should be of the type w.x.y.z, x.y.z or y.z" + fi + if (( $no_of_dots == 0 )); then + TEST_DOMAIN_NAME=$"The domain $TEST_DOMAIN_NAME has no top level domain. It should be of the type w.x.y.z, x.y.z or y.z" + fi } function nginx_disable_sniffing { - domain_name=$1 - filename=/etc/nginx/sites-available/$domain_name - echo ' add_header X-Frame-Options DENY;' >> $filename - echo ' add_header X-Content-Type-Options nosniff;' >> $filename - echo '' >> $filename + domain_name=$1 + filename=/etc/nginx/sites-available/$domain_name + echo ' add_header X-Frame-Options DENY;' >> $filename + echo ' add_header X-Content-Type-Options nosniff;' >> $filename + echo '' >> $filename } function nginx_limits { - domain_name=$1 - max_body='20m' - if [ $2 ]; then - max_body=$2 - fi - filename=/etc/nginx/sites-available/$domain_name - echo " client_max_body_size ${max_body};" >> $filename - echo ' client_body_buffer_size 128k;' >> $filename - echo '' >> $filename - echo ' limit_conn conn_limit_per_ip 10;' >> $filename - echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> $filename - echo '' >> $filename + domain_name=$1 + max_body='20m' + if [ $2 ]; then + max_body=$2 + fi + filename=/etc/nginx/sites-available/$domain_name + echo " client_max_body_size ${max_body};" >> $filename + echo ' client_body_buffer_size 128k;' >> $filename + echo '' >> $filename + echo ' limit_conn conn_limit_per_ip 10;' >> $filename + echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> $filename + echo '' >> $filename +} + +function nginx_stapling { + domain_name=$1 + filename=/etc/nginx/sites-available/$domain_name + echo " ssl_stapling on;" >> $filename + echo ' ssl_stapling_verify on;' >> $filename + echo ' ssl_trusted_certificate /etc/ssl/certs/${domain_name}.pem;' >> $filename + echo '' >> $filename } function nginx_http_redirect { - # redirect port 80 to https - domain_name=$1 - filename=/etc/nginx/sites-available/$domain_name - echo 'server {' > $filename - echo ' listen 80;' >> $filename - echo ' listen [::]:80;' >> $filename - echo " server_name ${domain_name};" >> $filename - echo " root /var/www/${domain_name}/htdocs;" >> $filename - echo ' access_log off;' >> $filename - echo " error_log /var/log/nginx/${domain_name}_error.log $WEBSERVER_LOG_LEVEL;" >> $filename - function_check nginx_limits - nginx_limits $domain_name - echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> $filename - echo '}' >> $filename - echo '' >> $filename + # redirect port 80 to https + domain_name=$1 + filename=/etc/nginx/sites-available/$domain_name + echo 'server {' > $filename + echo ' listen 80;' >> $filename + echo ' listen [::]:80;' >> $filename + echo " server_name ${domain_name};" >> $filename + echo " root /var/www/${domain_name}/htdocs;" >> $filename + echo ' access_log off;' >> $filename + echo " error_log /var/log/nginx/${domain_name}_error.log $WEBSERVER_LOG_LEVEL;" >> $filename + function_check nginx_limits + nginx_limits $domain_name + echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> $filename + echo '}' >> $filename + echo '' >> $filename } function nginx_ssl { - # creates the SSL/TLS section for a website - domain_name=$1 - filename=/etc/nginx/sites-available/$domain_name - echo ' ssl on;' >> $filename - echo " ssl_certificate /etc/ssl/certs/${domain_name}.crt;" >> $filename - echo " ssl_certificate_key /etc/ssl/private/${domain_name}.key;" >> $filename - echo " ssl_dhparam /etc/ssl/certs/${domain_name}.dhparam;" >> $filename - echo '' >> $filename - echo ' ssl_session_timeout 60m;' >> $filename - echo ' ssl_prefer_server_ciphers on;' >> $filename - echo " ssl_protocols $SSL_PROTOCOLS;" >> $filename - echo " ssl_ciphers '$SSL_CIPHERS';" >> $filename + # creates the SSL/TLS section for a website + domain_name=$1 + filename=/etc/nginx/sites-available/$domain_name + echo ' ssl on;' >> $filename + echo " ssl_certificate /etc/ssl/certs/${domain_name}.crt;" >> $filename + echo " ssl_certificate_key /etc/ssl/private/${domain_name}.key;" >> $filename + echo " ssl_dhparam /etc/ssl/certs/${domain_name}.dhparam;" >> $filename + echo '' >> $filename + echo ' ssl_session_timeout 60m;' >> $filename + echo ' ssl_prefer_server_ciphers on;' >> $filename + echo " ssl_protocols $SSL_PROTOCOLS;" >> $filename + echo " ssl_ciphers '$SSL_CIPHERS';" >> $filename + nginx_stapling $1 } # check an individual domain name function test_domain_name { - if [ $1 ]; then - TEST_DOMAIN_NAME=$1 - function_check validate_domain_name - validate_domain_name - if [[ $TEST_DOMAIN_NAME != $1 ]]; then - echo $TEST_DOMAIN_NAME - exit 8528 - fi - fi + if [ $1 ]; then + TEST_DOMAIN_NAME=$1 + function_check validate_domain_name + validate_domain_name + if [[ $TEST_DOMAIN_NAME != $1 ]]; then + echo $TEST_DOMAIN_NAME + exit 8528 + fi + fi } # Checks whether certificates were generated for the given hostname function check_certificates { - if [ ! $1 ]; then - return - fi - USE_LETSENCRYPT='no' - if [ $2 ]; then - USE_LETSENCRYPT=$2 - fi - if [[ $USE_LETSENCRYPT == 'no' ]]; then - if [ ! -f /etc/ssl/private/$1.key ]; then - echo $"Private certificate for $CHECK_HOSTNAME was not created" - exit 63959 - fi - if [ ! -f /etc/ssl/certs/$1.crt ]; then - echo $"Public certificate for $CHECK_HOSTNAME was not created" - exit 7679 - fi - else - if [ ! -f /etc/letsencrypt/live/${1}/privkey.pem ]; then - echo $"Private certificate for $CHECK_HOSTNAME was not created" - exit 6282 - fi - if [ ! -f /etc/letsencrypt/live/${1}/fullchain.pem ]; then - echo $"Public certificate for $CHECK_HOSTNAME was not created" - exit 5328 - fi - fi - if [ ! -f /etc/ssl/certs/$1.dhparam ]; then - echo $"Diffie–Hellman parameters for $CHECK_HOSTNAME were not created" - exit 5989 - fi + if [ ! $1 ]; then + return + fi + USE_LETSENCRYPT='no' + if [ $2 ]; then + USE_LETSENCRYPT=$2 + fi + if [[ $USE_LETSENCRYPT == 'no' ]]; then + if [ ! -f /etc/ssl/private/$1.key ]; then + echo $"Private certificate for $CHECK_HOSTNAME was not created" + exit 63959 + fi + if [ ! -f /etc/ssl/certs/$1.crt ]; then + echo $"Public certificate for $CHECK_HOSTNAME was not created" + exit 7679 + fi + else + if [ ! -f /etc/letsencrypt/live/${1}/privkey.pem ]; then + echo $"Private certificate for $CHECK_HOSTNAME was not created" + exit 6282 + fi + if [ ! -f /etc/letsencrypt/live/${1}/fullchain.pem ]; then + echo $"Public certificate for $CHECK_HOSTNAME was not created" + exit 5328 + fi + fi + if [ ! -f /etc/ssl/certs/$1.dhparam ]; then + echo $"Diffie–Hellman parameters for $CHECK_HOSTNAME were not created" + exit 5989 + fi } function create_site_certificate { - SITE_DOMAIN_NAME="$1" + SITE_DOMAIN_NAME="$1" - # if yes then only "valid" certs are allowed, not self-signed - NO_SELF_SIGNED='no' - if [ $2 ]; then - NO_SELF_SIGNED="$2" - fi + # if yes then only "valid" certs are allowed, not self-signed + NO_SELF_SIGNED='no' + if [ $2 ]; then + NO_SELF_SIGNED="$2" + fi - if [[ $ONION_ONLY == "no" ]]; then - if [ ! -f /etc/ssl/certs/$SITE_DOMAIN_NAME.dhparam ]; then - if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then - ${PROJECT_NAME}-addcert -h $SITE_DOMAIN_NAME --dhkey $DH_KEYLENGTH - function_check check_certificates - check_certificates $SITE_DOMAIN_NAME - else - ${PROJECT_NAME}-addcert -e $SITE_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS - if [ ! "$?" = "0" ]; then - if [[ $NO_SELF_SIGNED == 'no' ]]; then - echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME, so try making a self-signed cert" - ${PROJECT_NAME}-addcert -h $SITE_DOMAIN_NAME --dhkey $DH_KEYLENGTH - function_check check_certificates - check_certificates $SITE_DOMAIN_NAME - else - echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME" - exit 682529 - fi - else - function_check check_certificates - check_certificates $SITE_DOMAIN_NAME 'yes' - fi - fi - fi - fi + if [[ $ONION_ONLY == "no" ]]; then + if [ ! -f /etc/ssl/certs/$SITE_DOMAIN_NAME.dhparam ]; then + if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then + ${PROJECT_NAME}-addcert -h $SITE_DOMAIN_NAME --dhkey $DH_KEYLENGTH + function_check check_certificates + check_certificates $SITE_DOMAIN_NAME + else + ${PROJECT_NAME}-addcert -e $SITE_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS + if [ ! "$?" = "0" ]; then + if [[ $NO_SELF_SIGNED == 'no' ]]; then + echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME, so try making a self-signed cert" + ${PROJECT_NAME}-addcert -h $SITE_DOMAIN_NAME --dhkey $DH_KEYLENGTH + function_check check_certificates + check_certificates $SITE_DOMAIN_NAME + else + echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME" + exit 682529 + fi + else + function_check check_certificates + check_certificates $SITE_DOMAIN_NAME 'yes' + fi + fi + fi + fi } # script to automatically renew any Let's Encrypt certificates function letsencrypt_renewals { - if [[ $ONION_ONLY != "no" ]]; then - return - fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi - renewals_script=/etc/cron.monthly/letsencrypt - renewals_retry_script=/etc/cron.daily/letsencrypt - renewal_failure_msg=$'The certificate for $LETSENCRYPT_DOMAIN could not be renewed' - renewal_email_title=$'${PROJECT_NAME} Lets Encrypt certificate renewal' + renewals_script=/etc/cron.monthly/letsencrypt + renewals_retry_script=/etc/cron.daily/letsencrypt + renewal_failure_msg=$'The certificate for $LETSENCRYPT_DOMAIN could not be renewed' + renewal_email_title=$'${PROJECT_NAME} Lets Encrypt certificate renewal' - # the main script tries to renew once per month - echo '#!/bin/bash' > $renewals_script - echo '' >> $renewals_script - echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_script - echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_script - echo '' >> $renewals_script - echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_script - echo ' if [ -f ~/letsencrypt_failed ]; then' >> $renewals_script - echo ' rm ~/letsencrypt_failed' >> $renewals_script - echo ' fi' >> $renewals_script - echo -n ' ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_script - echo -n "awk -F ':' '{print " >> $renewals_script - echo -n '$2' >> $renewals_script - echo "}')" >> $renewals_script - echo ' ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_script - echo ' for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_script - echo -n ' LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_script - echo -n "awk -F '/' '{print " >> $renewals_script - echo -n '$5' >> $renewals_script - echo "}')" >> $renewals_script - echo ' if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_script - echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_script - echo ' if [ ! "$?" = "0" ]; then' >> $renewals_script - echo " echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt" >> $renewals_script - echo ' echo "" >> ~/temp_renewletsencrypt.txt' >> $renewals_script - echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt' >> $renewals_script - echo -n " cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_script - echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_script - echo ' rm ~/temp_renewletsencrypt.txt' >> $renewals_script - echo ' if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_script - echo ' touch ~/letsencrypt_failed' >> $renewals_script - echo ' fi' >> $renewals_script - echo ' fi' >> $renewals_script - echo ' fi' >> $renewals_script - echo ' done' >> $renewals_script - echo 'fi' >> $renewals_script - chmod +x $renewals_script + # the main script tries to renew once per month + echo '#!/bin/bash' > $renewals_script + echo '' >> $renewals_script + echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_script + echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_script + echo '' >> $renewals_script + echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_script + echo ' if [ -f ~/letsencrypt_failed ]; then' >> $renewals_script + echo ' rm ~/letsencrypt_failed' >> $renewals_script + echo ' fi' >> $renewals_script + echo -n ' ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_script + echo -n "awk -F ':' '{print " >> $renewals_script + echo -n '$2' >> $renewals_script + echo "}')" >> $renewals_script + echo ' ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_script + echo ' for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_script + echo -n ' LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_script + echo -n "awk -F '/' '{print " >> $renewals_script + echo -n '$5' >> $renewals_script + echo "}')" >> $renewals_script + echo ' if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_script + echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_script + echo ' if [ ! "$?" = "0" ]; then' >> $renewals_script + echo " echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt" >> $renewals_script + echo ' echo "" >> ~/temp_renewletsencrypt.txt' >> $renewals_script + echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt' >> $renewals_script + echo -n " cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_script + echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_script + echo ' rm ~/temp_renewletsencrypt.txt' >> $renewals_script + echo ' if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_script + echo ' touch ~/letsencrypt_failed' >> $renewals_script + echo ' fi' >> $renewals_script + echo ' fi' >> $renewals_script + echo ' fi' >> $renewals_script + echo ' done' >> $renewals_script + echo 'fi' >> $renewals_script + chmod +x $renewals_script - # a secondary script keeps trying to renew after a failure - echo '#!/bin/bash' > $renewals_retry_script - echo '' >> $renewals_retry_script - echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_retry_script - echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_retry_script - echo '' >> $renewals_retry_script - echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_retry_script - echo ' if [ -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script - echo ' rm ~/letsencrypt_failed' >> $renewals_retry_script - echo -n ' ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_retry_script - echo -n "awk -F ':' '{print " >> $renewals_retry_script - echo -n '$2' >> $renewals_retry_script - echo "}')" >> $renewals_retry_script - echo ' ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_retry_script - echo ' for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_retry_script - echo -n ' LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_retry_script - echo -n "awk -F '/' '{print " >> $renewals_retry_script - echo -n '$5' >> $renewals_retry_script - echo "}')" >> $renewals_retry_script - echo ' if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_retry_script - echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_retry_script - echo ' if [ ! "$?" = "0" ]; then' >> $renewals_retry_script - echo " echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt" >> $renewals_retry_script - echo ' echo "" >> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script - echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script - echo -n " cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_retry_script - echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_retry_script - echo ' rm ~/temp_renewletsencrypt.txt' >> $renewals_retry_script - echo ' if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script - echo ' touch ~/letsencrypt_failed' >> $renewals_retry_script - echo ' fi' >> $renewals_retry_script - echo ' fi' >> $renewals_retry_script - echo ' fi' >> $renewals_retry_script - echo ' done' >> $renewals_retry_script - echo ' fi' >> $renewals_retry_script - echo 'fi' >> $renewals_retry_script - chmod +x $renewals_retry_script + # a secondary script keeps trying to renew after a failure + echo '#!/bin/bash' > $renewals_retry_script + echo '' >> $renewals_retry_script + echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_retry_script + echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_retry_script + echo '' >> $renewals_retry_script + echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_retry_script + echo ' if [ -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script + echo ' rm ~/letsencrypt_failed' >> $renewals_retry_script + echo -n ' ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_retry_script + echo -n "awk -F ':' '{print " >> $renewals_retry_script + echo -n '$2' >> $renewals_retry_script + echo "}')" >> $renewals_retry_script + echo ' ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_retry_script + echo ' for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_retry_script + echo -n ' LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_retry_script + echo -n "awk -F '/' '{print " >> $renewals_retry_script + echo -n '$5' >> $renewals_retry_script + echo "}')" >> $renewals_retry_script + echo ' if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_retry_script + echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_retry_script + echo ' if [ ! "$?" = "0" ]; then' >> $renewals_retry_script + echo " echo \"${renewal_failure_msg}\" > ~/temp_renewletsencrypt.txt" >> $renewals_retry_script + echo ' echo "" >> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script + echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt 2>> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script + echo -n " cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_retry_script + echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_retry_script + echo ' rm ~/temp_renewletsencrypt.txt' >> $renewals_retry_script + echo ' if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script + echo ' touch ~/letsencrypt_failed' >> $renewals_retry_script + echo ' fi' >> $renewals_retry_script + echo ' fi' >> $renewals_retry_script + echo ' fi' >> $renewals_retry_script + echo ' done' >> $renewals_retry_script + echo ' fi' >> $renewals_retry_script + echo 'fi' >> $renewals_retry_script + chmod +x $renewals_retry_script } function configure_php { - sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini - sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini - sed -i "s/memory_limit = -1/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/cli/php.ini - sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/g" /etc/php5/fpm/php.ini - sed -i "s/post_max_size = 8M/post_max_size = 50M/g" /etc/php5/fpm/php.ini + sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini + sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini + sed -i "s/memory_limit = -1/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/cli/php.ini + sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/g" /etc/php5/fpm/php.ini + sed -i "s/post_max_size = 8M/post_max_size = 50M/g" /etc/php5/fpm/php.ini } function install_web_server_access_control { - if [ ! -f /etc/pam.d/nginx ]; then - echo '#%PAM-1.0' > /etc/pam.d/nginx - echo '@include common-auth' >> /etc/pam.d/nginx - echo '@include common-account' >> /etc/pam.d/nginx - echo '@include common-session' >> /etc/pam.d/nginx - fi + if [ ! -f /etc/pam.d/nginx ]; then + echo '#%PAM-1.0' > /etc/pam.d/nginx + echo '@include common-auth' >> /etc/pam.d/nginx + echo '@include common-account' >> /etc/pam.d/nginx + echo '@include common-session' >> /etc/pam.d/nginx + fi } function install_dynamicdns { - if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi + if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi - # update to the next commit - function_check set_repo_commit - set_repo_commit $INSTALL_DIR/inadyn "inadyn commit" "$INADYN_COMMIT" $INADYN_REPO + # update to the next commit + function_check set_repo_commit + set_repo_commit $INSTALL_DIR/inadyn "inadyn commit" "$INADYN_COMMIT" $INADYN_REPO - if grep -Fxq "install_dynamicdns" $COMPLETION_FILE; then - return - fi + if grep -Fxq "install_dynamicdns" $COMPLETION_FILE; then + return + fi - # Here we compile from source because the current package - # doesn't support https, which could result in passwords - # being leaked - # Debian version 1.99.4-1 - # https version 1.99.8 + # Here we compile from source because the current package + # doesn't support https, which could result in passwords + # being leaked + # Debian version 1.99.4-1 + # https version 1.99.8 - apt-get -y install build-essential curl libgnutls28-dev automake1.11 - if [ ! -d $INSTALL_DIR/inadyn ]; then - git_clone $INADYN_REPO $INSTALL_DIR/inadyn - fi - if [ ! -d $INSTALL_DIR/inadyn ]; then - echo 'inadyn repo not cloned' - echo -n | openssl s_client -showcerts -connect github.com:443 -CApath /etc/ssl/certs - exit 6785 - fi - cd $INSTALL_DIR/inadyn - git checkout $INADYN_COMMIT -b $INADYN_COMMIT - if ! grep -q "inadyn commit" $COMPLETION_FILE; then - echo "inadyn commit:$INADYN_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/inadyn commit.*/inadyn commit:$INADYN_COMMIT/g" $COMPLETION_FILE - fi + apt-get -y install build-essential curl libgnutls28-dev automake1.11 + if [ ! -d $INSTALL_DIR/inadyn ]; then + git_clone $INADYN_REPO $INSTALL_DIR/inadyn + fi + if [ ! -d $INSTALL_DIR/inadyn ]; then + echo 'inadyn repo not cloned' + echo -n | openssl s_client -showcerts -connect github.com:443 -CApath /etc/ssl/certs + exit 6785 + fi + cd $INSTALL_DIR/inadyn + git checkout $INADYN_COMMIT -b $INADYN_COMMIT + if ! grep -q "inadyn commit" $COMPLETION_FILE; then + echo "inadyn commit:$INADYN_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/inadyn commit.*/inadyn commit:$INADYN_COMMIT/g" $COMPLETION_FILE + fi - ./configure - if [ ! "$?" = "0" ]; then - exit 74890 - fi - USE_OPENSSL=1 make - if [ ! "$?" = "0" ]; then - exit 74858 - fi - make install - if [ ! "$?" = "0" ]; then - exit 3785 - fi + ./configure + if [ ! "$?" = "0" ]; then + exit 74890 + fi + USE_OPENSSL=1 make + if [ ! "$?" = "0" ]; then + exit 74858 + fi + make install + if [ ! "$?" = "0" ]; then + exit 3785 + fi - # create an unprivileged user - #useradd -r -s /bin/false debian-inadyn + # create an unprivileged user + #useradd -r -s /bin/false debian-inadyn - # create a configuration file - echo 'background' > /etc/inadyn.conf - echo 'verbose 1' >> /etc/inadyn.conf - echo 'period 300' >> /etc/inadyn.conf - echo 'startup-delay 60' >> /etc/inadyn.conf - echo 'cache-dir /run/inadyn' >> /etc/inadyn.conf - echo 'logfile /dev/null' >> /etc/inadyn.conf - chmod 600 /etc/inadyn.conf + # create a configuration file + echo 'background' > /etc/inadyn.conf + echo 'verbose 1' >> /etc/inadyn.conf + echo 'period 300' >> /etc/inadyn.conf + echo 'startup-delay 60' >> /etc/inadyn.conf + echo 'cache-dir /run/inadyn' >> /etc/inadyn.conf + echo 'logfile /dev/null' >> /etc/inadyn.conf + chmod 600 /etc/inadyn.conf - echo '[Unit]' > /etc/systemd/system/inadyn.service - echo 'Description=inadyn (DynDNS updater)' >> /etc/systemd/system/inadyn.service - echo 'After=network.target' >> /etc/systemd/system/inadyn.service - echo '' >> /etc/systemd/system/inadyn.service - echo '[Service]' >> /etc/systemd/system/inadyn.service - echo 'ExecStart=/usr/local/sbin/inadyn --config /etc/inadyn.conf' >> /etc/systemd/system/inadyn.service - echo 'Restart=always' >> /etc/systemd/system/inadyn.service - echo 'Type=forking' >> /etc/systemd/system/inadyn.service - echo '' >> /etc/systemd/system/inadyn.service - echo '[Install]' >> /etc/systemd/system/inadyn.service - echo 'WantedBy=multi-user.target' >> /etc/systemd/system/inadyn.service - systemctl enable inadyn - systemctl start inadyn - systemctl daemon-reload + echo '[Unit]' > /etc/systemd/system/inadyn.service + echo 'Description=inadyn (DynDNS updater)' >> /etc/systemd/system/inadyn.service + echo 'After=network.target' >> /etc/systemd/system/inadyn.service + echo '' >> /etc/systemd/system/inadyn.service + echo '[Service]' >> /etc/systemd/system/inadyn.service + echo 'ExecStart=/usr/local/sbin/inadyn --config /etc/inadyn.conf' >> /etc/systemd/system/inadyn.service + echo 'Restart=always' >> /etc/systemd/system/inadyn.service + echo 'Type=forking' >> /etc/systemd/system/inadyn.service + echo '' >> /etc/systemd/system/inadyn.service + echo '[Install]' >> /etc/systemd/system/inadyn.service + echo 'WantedBy=multi-user.target' >> /etc/systemd/system/inadyn.service + systemctl enable inadyn + systemctl start inadyn + systemctl daemon-reload - echo 'install_dynamicdns' >> $COMPLETION_FILE + echo 'install_dynamicdns' >> $COMPLETION_FILE } function install_command_line_browser { - if grep -Fxq "install_command_line_browser" $COMPLETION_FILE; then - return - fi - apt-get -y install elinks + if grep -Fxq "install_command_line_browser" $COMPLETION_FILE; then + return + fi + apt-get -y install elinks - # set the home page - if ! grep -q "WWW_HOME" /home/$MY_USERNAME/.bashrc; then - if ! grep -q 'control' /home/$MY_USERNAME/.bashrc; then - echo "export WWW_HOME=$DEFAULT_SEARCH" >> /home/$MY_USERNAME/.bashrc - else - sed -i "/control/i export WWW_HOME=$DEFAULT_SEARCH" /home/$MY_USERNAME/.bashrc - fi - fi + # set the home page + if ! grep -q "WWW_HOME" /home/$MY_USERNAME/.bashrc; then + if ! grep -q 'control' /home/$MY_USERNAME/.bashrc; then + echo "export WWW_HOME=$DEFAULT_SEARCH" >> /home/$MY_USERNAME/.bashrc + else + sed -i "/control/i export WWW_HOME=$DEFAULT_SEARCH" /home/$MY_USERNAME/.bashrc + fi + fi - echo 'install_command_line_browser' >> $COMPLETION_FILE + echo 'install_command_line_browser' >> $COMPLETION_FILE } function mesh_web_server { - if [ -d /etc/apache2 ]; then - chroot "$rootdir" apt-get -y remove --purge apache2 - chroot "$rootdir" rm -rf /etc/apache2 - fi + if [ -d /etc/apache2 ]; then + chroot "$rootdir" apt-get -y remove --purge apache2 + chroot "$rootdir" rm -rf /etc/apache2 + fi - chroot "$rootdir" apt-get -y install nginx + chroot "$rootdir" apt-get -y install nginx - if [ ! -d $rootdir/etc/nginx ]; then - echo $'Unable to install web server' - exit 346825 - fi + if [ ! -d $rootdir/etc/nginx ]; then + echo $'Unable to install web server' + exit 346825 + fi } function install_web_server { - if [ $INSTALLING_MESH ]; then - mesh_web_server - return - fi - if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then - return - fi + if [ $INSTALLING_MESH ]; then + mesh_web_server + return + fi + if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then + return + fi - # update to the next commit - function_check set_repo_commit - set_repo_commit $INSTALL_DIR/nginx_ensite "Nginx-ensite commit" "$NGINX_ENSITE_COMMIT" $NGINX_ENSITE_REPO + # update to the next commit + function_check set_repo_commit + set_repo_commit $INSTALL_DIR/nginx_ensite "Nginx-ensite commit" "$NGINX_ENSITE_COMMIT" $NGINX_ENSITE_REPO - if grep -Fxq "install_web_server" $COMPLETION_FILE; then - return - fi - # remove apache - apt-get -y remove --purge apache2 - if [ -d /etc/apache2 ]; then - rm -rf /etc/apache2 - fi - # install nginx - apt-get -y install nginx php5-fpm git + if grep -Fxq "install_web_server" $COMPLETION_FILE; then + return + fi + # remove apache + apt-get -y remove --purge apache2 + if [ -d /etc/apache2 ]; then + rm -rf /etc/apache2 + fi + # install nginx + apt-get -y install nginx php5-fpm git - # limit the number of php processes - sed -i 's/; process.max =.*/process.max = 32/g' /etc/php5/fpm/php-fpm.conf - #sed -i 's/;process_control_timeout =.*/process_control_timeout = 300/g' /etc/php5/fpm/php-fpm.conf + # limit the number of php processes + sed -i 's/; process.max =.*/process.max = 32/g' /etc/php5/fpm/php-fpm.conf + #sed -i 's/;process_control_timeout =.*/process_control_timeout = 300/g' /etc/php5/fpm/php-fpm.conf - if ! grep -q "pm.max_children" /etc/php5/fpm/php-fpm.conf; then - echo 'pm.max_children = 10' >> /etc/php5/fpm/php-fpm.conf - echo 'pm.start_servers = 2' >> /etc/php5/fpm/php-fpm.conf - echo 'pm.min_spare_servers = 2' >> /etc/php5/fpm/php-fpm.conf - echo 'pm.max_spare_servers = 5' >> /etc/php5/fpm/php-fpm.conf - echo 'pm.max_requests = 50' >> /etc/php5/fpm/php-fpm.conf - fi + if ! grep -q "pm.max_children" /etc/php5/fpm/php-fpm.conf; then + echo 'pm.max_children = 10' >> /etc/php5/fpm/php-fpm.conf + echo 'pm.start_servers = 2' >> /etc/php5/fpm/php-fpm.conf + echo 'pm.min_spare_servers = 2' >> /etc/php5/fpm/php-fpm.conf + echo 'pm.max_spare_servers = 5' >> /etc/php5/fpm/php-fpm.conf + echo 'pm.max_requests = 50' >> /etc/php5/fpm/php-fpm.conf + fi - if [ ! -d /etc/nginx ]; then - echo $"ERROR: nginx does not appear to have installed. $CHECK_MESSAGE" - exit 51 - fi + if [ ! -d /etc/nginx ]; then + echo $"ERROR: nginx does not appear to have installed. $CHECK_MESSAGE" + exit 51 + fi - # Nginx settings - echo 'user www-data;' > /etc/nginx/nginx.conf - #echo "worker_processes; $CPU_CORES" >> /etc/nginx/nginx.conf - echo 'pid /run/nginx.pid;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo 'events {' >> /etc/nginx/nginx.conf - echo ' worker_connections 50;' >> /etc/nginx/nginx.conf - echo ' # multi_accept on;' >> /etc/nginx/nginx.conf - echo '}' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo 'http {' >> /etc/nginx/nginx.conf - echo ' # limit the number of connections per single IP' >> /etc/nginx/nginx.conf - echo ' limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # limit the number of requests for a given session' >> /etc/nginx/nginx.conf - echo ' limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file' >> /etc/nginx/nginx.conf - echo ' client_body_buffer_size 128k;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # headerbuffer size for the request header from client, its set for testing purpose' >> /etc/nginx/nginx.conf - echo ' client_header_buffer_size 3m;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # maximum number and size of buffers for large headers to read from client request' >> /etc/nginx/nginx.conf - echo ' large_client_header_buffers 4 256k;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # read timeout for the request body from client, its set for testing purpose' >> /etc/nginx/nginx.conf - echo ' client_body_timeout 3m;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # how long to wait for the client to send a request header, its set for testing purpose' >> /etc/nginx/nginx.conf - echo ' client_header_timeout 3m;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' ##' >> /etc/nginx/nginx.conf - echo ' # Basic Settings' >> /etc/nginx/nginx.conf - echo ' ##' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' sendfile on;' >> /etc/nginx/nginx.conf - echo ' tcp_nopush on;' >> /etc/nginx/nginx.conf - echo ' tcp_nodelay on;' >> /etc/nginx/nginx.conf - echo ' keepalive_timeout 65;' >> /etc/nginx/nginx.conf - echo ' types_hash_max_size 2048;' >> /etc/nginx/nginx.conf - echo ' server_tokens off;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # server_names_hash_bucket_size 64;' >> /etc/nginx/nginx.conf - echo ' # server_name_in_redirect off;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' include /etc/nginx/mime.types;' >> /etc/nginx/nginx.conf - echo ' default_type application/octet-stream;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' ##' >> /etc/nginx/nginx.conf - echo ' # Logging Settings' >> /etc/nginx/nginx.conf - echo ' ##' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' access_log /var/log/nginx/access.log;' >> /etc/nginx/nginx.conf - echo ' error_log /var/log/nginx/error.log;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' ###' >> /etc/nginx/nginx.conf - echo ' # Gzip Settings' >> /etc/nginx/nginx.conf - echo ' ##' >> /etc/nginx/nginx.conf - echo ' gzip on;' >> /etc/nginx/nginx.conf - echo ' gzip_disable "msie6";' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' # gzip_vary on;' >> /etc/nginx/nginx.conf - echo ' # gzip_proxied any;' >> /etc/nginx/nginx.conf - echo ' # gzip_comp_level 6;' >> /etc/nginx/nginx.conf - echo ' # gzip_buffers 16 8k;' >> /etc/nginx/nginx.conf - echo ' # gzip_http_version 1.1;' >> /etc/nginx/nginx.conf - echo ' # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' ##' >> /etc/nginx/nginx.conf - echo ' # Virtual Host Configs' >> /etc/nginx/nginx.conf - echo ' ##' >> /etc/nginx/nginx.conf - echo '' >> /etc/nginx/nginx.conf - echo ' include /etc/nginx/conf.d/*.conf;' >> /etc/nginx/nginx.conf - echo ' include /etc/nginx/sites-enabled/*;' >> /etc/nginx/nginx.conf - echo '}' >> /etc/nginx/nginx.conf + # Nginx settings + echo 'user www-data;' > /etc/nginx/nginx.conf + #echo "worker_processes; $CPU_CORES" >> /etc/nginx/nginx.conf + echo 'pid /run/nginx.pid;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo 'events {' >> /etc/nginx/nginx.conf + echo ' worker_connections 50;' >> /etc/nginx/nginx.conf + echo ' # multi_accept on;' >> /etc/nginx/nginx.conf + echo '}' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo 'http {' >> /etc/nginx/nginx.conf + echo ' # limit the number of connections per single IP' >> /etc/nginx/nginx.conf + echo ' limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # limit the number of requests for a given session' >> /etc/nginx/nginx.conf + echo ' limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=140r/s;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file' >> /etc/nginx/nginx.conf + echo ' client_body_buffer_size 128k;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # headerbuffer size for the request header from client, its set for testing purpose' >> /etc/nginx/nginx.conf + echo ' client_header_buffer_size 3m;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # maximum number and size of buffers for large headers to read from client request' >> /etc/nginx/nginx.conf + echo ' large_client_header_buffers 4 256k;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # read timeout for the request body from client, its set for testing purpose' >> /etc/nginx/nginx.conf + echo ' client_body_timeout 3m;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # how long to wait for the client to send a request header, its set for testing purpose' >> /etc/nginx/nginx.conf + echo ' client_header_timeout 3m;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo ' # Basic Settings' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' sendfile on;' >> /etc/nginx/nginx.conf + echo ' tcp_nopush on;' >> /etc/nginx/nginx.conf + echo ' tcp_nodelay on;' >> /etc/nginx/nginx.conf + echo ' keepalive_timeout 65;' >> /etc/nginx/nginx.conf + echo ' types_hash_max_size 2048;' >> /etc/nginx/nginx.conf + echo ' server_tokens off;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # server_names_hash_bucket_size 64;' >> /etc/nginx/nginx.conf + echo ' # server_name_in_redirect off;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' include /etc/nginx/mime.types;' >> /etc/nginx/nginx.conf + echo ' default_type application/octet-stream;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo ' # Logging Settings' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' access_log /var/log/nginx/access.log;' >> /etc/nginx/nginx.conf + echo ' error_log /var/log/nginx/error.log;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' ###' >> /etc/nginx/nginx.conf + echo ' # Gzip Settings' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo ' gzip on;' >> /etc/nginx/nginx.conf + echo ' gzip_disable "msie6";' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' # gzip_vary on;' >> /etc/nginx/nginx.conf + echo ' # gzip_proxied any;' >> /etc/nginx/nginx.conf + echo ' # gzip_comp_level 6;' >> /etc/nginx/nginx.conf + echo ' # gzip_buffers 16 8k;' >> /etc/nginx/nginx.conf + echo ' # gzip_http_version 1.1;' >> /etc/nginx/nginx.conf + echo ' # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo ' # Virtual Host Configs' >> /etc/nginx/nginx.conf + echo ' ##' >> /etc/nginx/nginx.conf + echo '' >> /etc/nginx/nginx.conf + echo ' include /etc/nginx/conf.d/*.conf;' >> /etc/nginx/nginx.conf + echo ' include /etc/nginx/sites-enabled/*;' >> /etc/nginx/nginx.conf + echo '}' >> /etc/nginx/nginx.conf - # install a script to easily enable and disable nginx virtual hosts - if [ ! -d $INSTALL_DIR ]; then - mkdir $INSTALL_DIR - fi - cd $INSTALL_DIR - function_check git_clone - git_clone $NGINX_ENSITE_REPO $INSTALL_DIR/nginx_ensite - cd $INSTALL_DIR/nginx_ensite - git checkout $NGINX_ENSITE_COMMIT -b $NGINX_ENSITE_COMMIT - if ! grep -q "Nginx-ensite commit" $COMPLETION_FILE; then - echo "Nginx-ensite commit:$NGINX_ENSITE_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/Nginx-ensite commit.*/Nginx-ensite commit:$NGINX_ENSITE_COMMIT/g" $COMPLETION_FILE - fi + # install a script to easily enable and disable nginx virtual hosts + if [ ! -d $INSTALL_DIR ]; then + mkdir $INSTALL_DIR + fi + cd $INSTALL_DIR + function_check git_clone + git_clone $NGINX_ENSITE_REPO $INSTALL_DIR/nginx_ensite + cd $INSTALL_DIR/nginx_ensite + git checkout $NGINX_ENSITE_COMMIT -b $NGINX_ENSITE_COMMIT + if ! grep -q "Nginx-ensite commit" $COMPLETION_FILE; then + echo "Nginx-ensite commit:$NGINX_ENSITE_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/Nginx-ensite commit.*/Nginx-ensite commit:$NGINX_ENSITE_COMMIT/g" $COMPLETION_FILE + fi - make install - nginx_dissite default + make install + nginx_dissite default - function_check configure_firewall_for_web_access - configure_firewall_for_web_access + function_check configure_firewall_for_web_access + configure_firewall_for_web_access - echo 'install_web_server' >> $COMPLETION_FILE + echo 'install_web_server' >> $COMPLETION_FILE } # NOTE: deliberately no exit 0