From 52a9b23b299a23897cec59ba5bc8ee2dc91512bb Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 12 Mar 2016 15:42:23 +0000 Subject: [PATCH] owncloud admin user --- src/freedombone | 1984 ++++++++++++++++++++++++----------------------- 1 file changed, 993 insertions(+), 991 deletions(-) diff --git a/src/freedombone b/src/freedombone index b2e10dd0..9f6fd5ad 100755 --- a/src/freedombone +++ b/src/freedombone @@ -6849,14 +6849,16 @@ function install_owncloud_official_deb { $AUTOCONFIG = array( \"dbtype\" => \"mysql\", \"dbname\" => \"owncloud\", - \"dbuser\" => \"owncloudadmin\", - \"dbpass\" => \"$OWNCLOUD_ADMIN_PASSWORD\", + \"dbuser\" => \"root\", + \"dbpass\" => \"$MARIADB_PASSWORD\", \"dbhost\" => \"localhost\", \"dbtableprefix\" => \"\", + \"adminlogin\" => \"${MY_USERNAME}\", + \"adminpass\" => \"${OWNCLOUD_ADMIN_PASSWORD}\", \"trusted_domains\" => array ( - '${OWNCLOUD_DOMAIN_NAME}', - '${OWNCLOUD_ONION_HOSTNAME}', + '${OWNCLOUD_DOMAIN_NAME}', + '${OWNCLOUD_ONION_HOSTNAME}', ), );" > $OWNCLOUD_PATH/config/autoconfig.php @@ -7665,997 +7667,997 @@ function install_watchdog_script { return fi echo '#!/bin/bash' > /usr/bin/$WATCHDOG_SCRIPT_NAME - echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - # application specific stuff is added later - chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME +echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME +echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME +# application specific stuff is added later +chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME - if ! grep -q "/usr/bin/$WATCHDOG_SCRIPT_NAME" /etc/crontab; then - echo "* * * * * root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> /etc/crontab - fi +if ! grep -q "/usr/bin/$WATCHDOG_SCRIPT_NAME" /etc/crontab; then + echo "* * * * * root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> /etc/crontab +fi - echo 'install_watchdog_script' >> $COMPLETION_FILE +echo 'install_watchdog_script' >> $COMPLETION_FILE } -function install_irc_client { - if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "install_irc_client" $COMPLETION_FILE; then - return - fi - apt-get -y install irssi - - if [ ! -d /home/$MY_USERNAME/.irssi ]; then - mkdir /home/$MY_USERNAME/.irssi - fi - - echo 'servers = (' > /home/$MY_USERNAME/.irssi/config - echo ' {' >> /home/$MY_USERNAME/.irssi/config - echo ' address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config - echo ' chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config - echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config - echo ' autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config - echo ' },' >> /home/$MY_USERNAME/.irssi/config - echo ' {' >> /home/$MY_USERNAME/.irssi/config - echo ' address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config - echo ' chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config - echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config - echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config - echo ' },' >> /home/$MY_USERNAME/.irssi/config - echo ' {' >> /home/$MY_USERNAME/.irssi/config - echo " address = \"${DEFAULT_DOMAIN_NAME}\";" >> /home/$MY_USERNAME/.irssi/config - echo ' chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config - echo " port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config - echo ' use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config - echo ' ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config - echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config - echo ' }' >> /home/$MY_USERNAME/.irssi/config - echo ');' >> /home/$MY_USERNAME/.irssi/config - echo '' >> /home/$MY_USERNAME/.irssi/config - echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config - echo ' Freedombone = {' >> /home/$MY_USERNAME/.irssi/config - echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' };' >> /home/$MY_USERNAME/.irssi/config - echo ' Freenode = {' >> /home/$MY_USERNAME/.irssi/config - echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' };' >> /home/$MY_USERNAME/.irssi/config - echo ' OFTC = {' >> /home/$MY_USERNAME/.irssi/config - echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' };' >> /home/$MY_USERNAME/.irssi/config - echo '};' >> /home/$MY_USERNAME/.irssi/config - echo '' >> /home/$MY_USERNAME/.irssi/config - echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config - echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config - echo ');' >> /home/$MY_USERNAME/.irssi/config - echo '' >> /home/$MY_USERNAME/.irssi/config - echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config - echo " core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config - echo ' "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config - echo '};' >> /home/$MY_USERNAME/.irssi/config - echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config - - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi - - echo 'install_irc_client' >> $COMPLETION_FILE -} - -function install_irc_server { - if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "install_irc_server" $COMPLETION_FILE; then - return - fi - apt-get -y install ngircd - - if [ ! -d /etc/ngircd ]; then - echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE" - exit 53 - fi - - if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then - ${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH - check_certificates ngircd - fi - - DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME - if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local" - fi - - echo '**************************************************' > /etc/ngircd/motd - echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd - echo '* *' >> /etc/ngircd/motd - echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd - echo '**************************************************' >> /etc/ngircd/motd - sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf - sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf - sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf - sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf - sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf - sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf - sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf - sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf - sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf - if [[ $ONION_ONLY != 'yes' ]]; then - sed -i "s/;Ports =.*/;Ports = $IRC_PORT, $IRC_ONION_PORT/1" /etc/ngircd/ngircd.conf - else - sed -i "s/;Ports =.*/Ports = $IRC_PORT, $IRC_ONION_PORT/1" /etc/ngircd/ngircd.conf - fi - sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf - sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf - sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf - sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf - sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf - IRC_SALT="$(openssl rand -base64 32 | cut -c1-30)" - if [ -f $IMAGE_PASSWORD_FILE ]; then - IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - IRC_OPERATOR_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)" - fi - sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf - sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf - sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf - sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf - sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf - sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf - sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf - if [ $IRC_PASSWORD ]; then - sed -i "0,/RE/s/Password =.*/Password = $IRC_PASSWORD/" /etc/ngircd/ngircd.conf - fi - # If we are on a mesh then DNS is not available - if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf - fi - # upgrade a cypher - sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf - mkdir /var/run/ircd - chown -R irc:irc /var/run/ircd - mkdir /var/run/ngircd - touch /var/run/ngircd/ngircd.pid - chown -R irc:irc /var/run/ngircd - - IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT}) - if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then - echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE - fi - - systemctl restart ngircd - - # keep the daemon running - echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo ' systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - - if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'IRC Server' >> /home/$MY_USERNAME/README - echo '==========' >> /home/$MY_USERNAME/README - echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - if [[ $ONION_ONLY != 'yes' ]]; then - echo " irssi" >> /home/$MY_USERNAME/README - echo " /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README - echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README - else - echo " usetorwith irssi" >> /home/$MY_USERNAME/README - echo " /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README - echo " /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README - fi - echo " /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi - - echo 'install_irc_server' >> $COMPLETION_FILE -} - -function get_wiki_admin_password { - if [ -f /home/$MY_USERNAME/README ]; then - if grep -q "Wiki password" /home/$MY_USERNAME/README; then - WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//') - fi - fi -} - -function install_wiki { - if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MASH" ]]; then - return - fi - if grep -Fxq "install_wiki" $COMPLETION_FILE; then - return - fi - if [ ! $WIKI_DOMAIN_NAME ]; then - return - fi - apt-get -y install dokuwiki - apt-get -y remove --purge apache* - if [ -d /etc/apache2 ]; then - rm -rf /etc/apache2 - echo $'Removed Apache installation after Dokuwiki install' - fi - - if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then - mkdir /var/www/$WIKI_DOMAIN_NAME - fi - if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then - rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs - fi - - ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs - - mkdir /var/lib/dokuwiki/custom - cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php - ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php - - chown www-data /var/lib/dokuwiki/custom - chown www-data /var/lib/dokuwiki/custom/local.php - chown -R www-data /etc/dokuwiki - chown -R www-data /usr/share/dokuwiki/lib/ - chmod 600 /var/lib/dokuwiki/custom/local.php - chmod -R 755 /usr/share/dokuwiki/lib - - sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php - sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php - - sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php - - # set the admin user - sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php - - # disallow registration of new users - if ! grep -q "disableactions" /etc/dokuwiki/local.php; then - echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php - fi - if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then - echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php - fi - - if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then - echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php - fi - if ! grep -q "authtype" /etc/dokuwiki/local.php; then - echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php - fi - - get_wiki_admin_password - if [ ! $WIKI_ADMIN_PASSWORD ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - WIKI_ADMIN_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)" - fi - fi - HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}') - echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php - chmod 640 /var/lib/dokuwiki/acl/users.auth.php - - if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then - echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf - fi - if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then - echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf - fi - if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then - echo 'webm video/webm' >> /etc/dokuwiki/mime.conf - fi - - WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT}) - - if [[ $ONION_ONLY == "no" ]]; then - echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - nginx_disable_sniffing $WIKI_DOMAIN_NAME - nginx_limits $WIKI_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - nginx_limits $WIKI_DOMAIN_NAME - nginx_ssl $WIKI_DOMAIN_NAME - nginx_disable_sniffing $WIKI_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - else - echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - fi - echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - nginx_limits $WIKI_DOMAIN_NAME - nginx_disable_sniffing $WIKI_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - - if [[ $ONION_ONLY == "no" ]]; then - if [ ! -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam ]; then - if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then - ${PROJECT_NAME}-addcert -h $WIKI_DOMAIN_NAME --dhkey $DH_KEYLENGTH - else - ${PROJECT_NAME}-addcert -e $WIKI_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS - fi - check_certificates $WIKI_DOMAIN_NAME - fi - fi - - configure_php - - nginx_ensite $WIKI_DOMAIN_NAME - - systemctl restart php5-fpm - systemctl restart nginx - - echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE - - # update the dynamic DNS - CURRENT_DDNS_DOMAIN=$WIKI_DOMAIN_NAME - add_ddns_domain - - # add some post-install instructions - if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'Wiki' >> /home/$MY_USERNAME/README - echo '====' >> /home/$MY_USERNAME/README - echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README - echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README - echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo " rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi - - echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE - echo 'install_wiki' >> $COMPLETION_FILE -} - -function get_blog_admin_password { - if [ -f /home/$MY_USERNAME/README ]; then - if grep -q "Your blog password is" /home/$MY_USERNAME/README; then - FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//') - fi - fi -} - -function install_blog { - if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if [ ! $FULLBLOG_DOMAIN_NAME ]; then - echo $'The blog domain name was not specified' - exit 5062 - fi - - # update to the next commit - set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO - - if grep -Fxq "install_blog" $COMPLETION_FILE; then - return - fi - - if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then - mkdir /var/www/$FULLBLOG_DOMAIN_NAME - fi - - cd /var/www/$FULLBLOG_DOMAIN_NAME - git_clone $FULLBLOG_REPO htdocs - cd htdocs - git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT - if ! grep -q "Blog commit" $COMPLETION_FILE; then - echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE - fi - cd /var/www/$FULLBLOG_DOMAIN_NAME - - chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs - - if [[ $ONION_ONLY == "no" ]]; then - echo 'server {' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' listen 80;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - nginx_limits $FULLBLOG_DOMAIN_NAME - nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME - echo ' # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - nginx_limits $FULLBLOG_DOMAIN_NAME - nginx_ssl $FULLBLOG_DOMAIN_NAME - nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - else - echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - fi - echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - nginx_limits $FULLBLOG_DOMAIN_NAME - nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - - if [[ $ONION_ONLY == "no" ]]; then - if [ ! -f /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam ]; then - if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then - ${PROJECT_NAME}-addcert -h $FULLBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH - else - ${PROJECT_NAME}-addcert -e $FULLBLOG_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS - fi - check_certificates $FULLBLOG_DOMAIN_NAME - fi - fi - - configure_php - - # blog settings - cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - - # create a user password - get_blog_admin_password - if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - FULLBLOG_ADMIN_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)" - fi - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'HTMLy Blog' >> /home/$MY_USERNAME/README - echo '==========' >> /home/$MY_USERNAME/README - echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README - echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README - if [[ $ONION_ONLY == 'no' ]]; then - echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README - fi - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi - - # create a user - echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo "password = '$FULLBLOG_ADMIN_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo 'encryption = clear' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - - nginx_ensite $FULLBLOG_DOMAIN_NAME - - FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT}) - - systemctl restart php5-fpm - systemctl restart nginx - - if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then - echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README - echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi - echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE - - # update the dynamic DNS - CURRENT_DDNS_DOMAIN=$FULLBLOG_DOMAIN_NAME - add_ddns_domain - - echo 'install_blog' >> $COMPLETION_FILE -} - -function install_rss_reader { - if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - - # update to the next commit - set_repo_commit $RSS_READER_PATH "RSS reader commit" "$RSS_READER_COMMIT" $RSS_READER_REPO - - if grep -Fxq "install_rss_reader" $COMPLETION_FILE; then - return - fi - - apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser - - if [ ! -d /etc/share ]; then - mkdir /etc/share - fi - cd /etc/share - git_clone $RSS_READER_REPO tt-rss - if [ ! -d $RSS_READER_PATH ]; then - echo $'Could not clone RSS reader repo' - exit 52925 - fi - cd $RSS_READER_PATH - git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT - if ! grep -q "RSS reader commit" $COMPLETION_FILE; then - echo "RSS reader commit:$RSS_READER_COMMIT" >> $COMPLETION_FILE - fi - - install_mariadb - get_mariadb_password - repair_databases_script - - get_mariadb_rss_reader_admin_password - if [ ! $RSS_READER_ADMIN_PASSWORD ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - RSS_READER_ADMIN_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)" - fi - fi - - create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME - - RSS_READER_ONION_HOSTNAME=$(add_onion_service ttrss 80 ${RSS_READER_ONION_PORT}) - - echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo " listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo " server_name $RSS_READER_DOMAIN_NAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' # Logs' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' error_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' # Root' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo " root $RSS_READER_PATH;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' # Index' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' index index.html index.htm index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' # PHP' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' # Location' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' location /mobile {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' index index.htm;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' # Fancy URLs' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + function install_irc_client { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "install_irc_client" $COMPLETION_FILE; then + return + fi + apt-get -y install irssi + + if [ ! -d /home/$MY_USERNAME/.irssi ]; then + mkdir /home/$MY_USERNAME/.irssi + fi + + echo 'servers = (' > /home/$MY_USERNAME/.irssi/config + echo ' {' >> /home/$MY_USERNAME/.irssi/config + echo ' address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config + echo ' chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config + echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config + echo ' autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config + echo ' },' >> /home/$MY_USERNAME/.irssi/config + echo ' {' >> /home/$MY_USERNAME/.irssi/config + echo ' address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config + echo ' chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config + echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config + echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config + echo ' },' >> /home/$MY_USERNAME/.irssi/config + echo ' {' >> /home/$MY_USERNAME/.irssi/config + echo " address = \"${DEFAULT_DOMAIN_NAME}\";" >> /home/$MY_USERNAME/.irssi/config + echo ' chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config + echo " port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config + echo ' use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config + echo ' ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config + echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config + echo ' }' >> /home/$MY_USERNAME/.irssi/config + echo ');' >> /home/$MY_USERNAME/.irssi/config + echo '' >> /home/$MY_USERNAME/.irssi/config + echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config + echo ' Freedombone = {' >> /home/$MY_USERNAME/.irssi/config + echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' };' >> /home/$MY_USERNAME/.irssi/config + echo ' Freenode = {' >> /home/$MY_USERNAME/.irssi/config + echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' };' >> /home/$MY_USERNAME/.irssi/config + echo ' OFTC = {' >> /home/$MY_USERNAME/.irssi/config + echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' };' >> /home/$MY_USERNAME/.irssi/config + echo '};' >> /home/$MY_USERNAME/.irssi/config + echo '' >> /home/$MY_USERNAME/.irssi/config + echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config + echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config + echo ');' >> /home/$MY_USERNAME/.irssi/config + echo '' >> /home/$MY_USERNAME/.irssi/config + echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config + echo " core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config + echo ' "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config + echo '};' >> /home/$MY_USERNAME/.irssi/config + echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config + + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi + + echo 'install_irc_client' >> $COMPLETION_FILE + } + + function install_irc_server { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "install_irc_server" $COMPLETION_FILE; then + return + fi + apt-get -y install ngircd + + if [ ! -d /etc/ngircd ]; then + echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE" + exit 53 + fi + + if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then + ${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH + check_certificates ngircd + fi + + DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME + if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local" + fi + + echo '**************************************************' > /etc/ngircd/motd + echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd + echo '* *' >> /etc/ngircd/motd + echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd + echo '**************************************************' >> /etc/ngircd/motd + sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf + sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf + sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf + sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf + sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf + sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf + sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf + sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf + sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf + if [[ $ONION_ONLY != 'yes' ]]; then + sed -i "s/;Ports =.*/;Ports = $IRC_PORT, $IRC_ONION_PORT/1" /etc/ngircd/ngircd.conf + else + sed -i "s/;Ports =.*/Ports = $IRC_PORT, $IRC_ONION_PORT/1" /etc/ngircd/ngircd.conf + fi + sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf + sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf + sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf + sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf + sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf + IRC_SALT="$(openssl rand -base64 32 | cut -c1-30)" + if [ -f $IMAGE_PASSWORD_FILE ]; then + IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + IRC_OPERATOR_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)" + fi + sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf + sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf + sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf + sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf + sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf + sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf + sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf + if [ $IRC_PASSWORD ]; then + sed -i "0,/RE/s/Password =.*/Password = $IRC_PASSWORD/" /etc/ngircd/ngircd.conf + fi + # If we are on a mesh then DNS is not available + if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf + fi + # upgrade a cypher + sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf + mkdir /var/run/ircd + chown -R irc:irc /var/run/ircd + mkdir /var/run/ngircd + touch /var/run/ngircd/ngircd.pid + chown -R irc:irc /var/run/ngircd + + IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT}) + if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then + echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE + fi + + systemctl restart ngircd + + # keep the daemon running + echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + + if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'IRC Server' >> /home/$MY_USERNAME/README + echo '==========' >> /home/$MY_USERNAME/README + echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + if [[ $ONION_ONLY != 'yes' ]]; then + echo " irssi" >> /home/$MY_USERNAME/README + echo " /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README + echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README + else + echo " usetorwith irssi" >> /home/$MY_USERNAME/README + echo " /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README + echo " /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README + fi + echo " /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi + + echo 'install_irc_server' >> $COMPLETION_FILE + } + + function get_wiki_admin_password { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "Wiki password" /home/$MY_USERNAME/README; then + WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi + } + + function install_wiki { + if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MASH" ]]; then + return + fi + if grep -Fxq "install_wiki" $COMPLETION_FILE; then + return + fi + if [ ! $WIKI_DOMAIN_NAME ]; then + return + fi + apt-get -y install dokuwiki + apt-get -y remove --purge apache* + if [ -d /etc/apache2 ]; then + rm -rf /etc/apache2 + echo $'Removed Apache installation after Dokuwiki install' + fi + + if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then + mkdir /var/www/$WIKI_DOMAIN_NAME + fi + if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then + rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs + fi + + ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs + + mkdir /var/lib/dokuwiki/custom + cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php + ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php + + chown www-data /var/lib/dokuwiki/custom + chown www-data /var/lib/dokuwiki/custom/local.php + chown -R www-data /etc/dokuwiki + chown -R www-data /usr/share/dokuwiki/lib/ + chmod 600 /var/lib/dokuwiki/custom/local.php + chmod -R 755 /usr/share/dokuwiki/lib + + sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php + sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php + + sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php + + # set the admin user + sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php + + # disallow registration of new users + if ! grep -q "disableactions" /etc/dokuwiki/local.php; then + echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php + fi + if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then + echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php + fi + + if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then + echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php + fi + if ! grep -q "authtype" /etc/dokuwiki/local.php; then + echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php + fi + + get_wiki_admin_password + if [ ! $WIKI_ADMIN_PASSWORD ]; then + if [ -f $IMAGE_PASSWORD_FILE ]; then + WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + WIKI_ADMIN_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)" + fi + fi + HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}') + echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php + chmod 640 /var/lib/dokuwiki/acl/users.auth.php + + if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then + echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf + fi + if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then + echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf + fi + if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then + echo 'webm video/webm' >> /etc/dokuwiki/mime.conf + fi + + WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT}) + + if [[ $ONION_ONLY == "no" ]]; then + echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + nginx_disable_sniffing $WIKI_DOMAIN_NAME + nginx_limits $WIKI_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + nginx_limits $WIKI_DOMAIN_NAME + nginx_ssl $WIKI_DOMAIN_NAME + nginx_disable_sniffing $WIKI_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + else + echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + fi + echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + nginx_limits $WIKI_DOMAIN_NAME + nginx_disable_sniffing $WIKI_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + + if [[ $ONION_ONLY == "no" ]]; then + if [ ! -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam ]; then + if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then + ${PROJECT_NAME}-addcert -h $WIKI_DOMAIN_NAME --dhkey $DH_KEYLENGTH + else + ${PROJECT_NAME}-addcert -e $WIKI_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS + fi + check_certificates $WIKI_DOMAIN_NAME + fi + fi + + configure_php + + nginx_ensite $WIKI_DOMAIN_NAME + + systemctl restart php5-fpm + systemctl restart nginx + + echo "Wiki onion domain:${WIKI_ONION_HOSTNAME}" >> $COMPLETION_FILE + + # update the dynamic DNS + CURRENT_DDNS_DOMAIN=$WIKI_DOMAIN_NAME + add_ddns_domain + + # add some post-install instructions + if ! grep -q $"Wiki password" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'Wiki' >> /home/$MY_USERNAME/README + echo '====' >> /home/$MY_USERNAME/README + echo $"Wiki onion domain: ${WIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README + echo $"Wiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README + echo $"Wiki password: $WIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'Once you have set up the wiki then remove the install file:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo " rm /var/www/$WIKI_DOMAIN_NAME/htdocs/install.php" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi + + echo "Wiki domain:$WIKI_DOMAIN_NAME" >> $COMPLETION_FILE + echo 'install_wiki' >> $COMPLETION_FILE + } + + function get_blog_admin_password { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "Your blog password is" /home/$MY_USERNAME/README; then + FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi + } + + function install_blog { + if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if [ ! $FULLBLOG_DOMAIN_NAME ]; then + echo $'The blog domain name was not specified' + exit 5062 + fi + + # update to the next commit + set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO + + if grep -Fxq "install_blog" $COMPLETION_FILE; then + return + fi + + if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then + mkdir /var/www/$FULLBLOG_DOMAIN_NAME + fi + + cd /var/www/$FULLBLOG_DOMAIN_NAME + git_clone $FULLBLOG_REPO htdocs + cd htdocs + git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT + if ! grep -q "Blog commit" $COMPLETION_FILE; then + echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE + fi + cd /var/www/$FULLBLOG_DOMAIN_NAME + + chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs + + if [[ $ONION_ONLY == "no" ]]; then + echo 'server {' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' listen 80;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + nginx_limits $FULLBLOG_DOMAIN_NAME + nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME + echo ' # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + nginx_limits $FULLBLOG_DOMAIN_NAME + nginx_ssl $FULLBLOG_DOMAIN_NAME + nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + else + echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + fi + echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + nginx_limits $FULLBLOG_DOMAIN_NAME + nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME + + if [[ $ONION_ONLY == "no" ]]; then + if [ ! -f /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam ]; then + if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then + ${PROJECT_NAME}-addcert -h $FULLBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH + else + ${PROJECT_NAME}-addcert -e $FULLBLOG_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS + fi + check_certificates $FULLBLOG_DOMAIN_NAME + fi + fi + + configure_php + + # blog settings + cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini + + # create a user password + get_blog_admin_password + if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then + if [ -f $IMAGE_PASSWORD_FILE ]; then + FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + FULLBLOG_ADMIN_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)" + fi + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'HTMLy Blog' >> /home/$MY_USERNAME/README + echo '==========' >> /home/$MY_USERNAME/README + echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README + echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README + if [[ $ONION_ONLY == 'no' ]]; then + echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README + fi + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi + + # create a user + echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo "password = '$FULLBLOG_ADMIN_PASSWORD'" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo 'encryption = clear' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + + nginx_ensite $FULLBLOG_DOMAIN_NAME + + FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT}) + + systemctl restart php5-fpm + systemctl restart nginx + + if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then + echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README + echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi + echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE + + # update the dynamic DNS + CURRENT_DDNS_DOMAIN=$FULLBLOG_DOMAIN_NAME + add_ddns_domain + + echo 'install_blog' >> $COMPLETION_FILE + } + + function install_rss_reader { + if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + + # update to the next commit + set_repo_commit $RSS_READER_PATH "RSS reader commit" "$RSS_READER_COMMIT" $RSS_READER_REPO + + if grep -Fxq "install_rss_reader" $COMPLETION_FILE; then + return + fi + + apt-get -y install php-gettext php5-curl php5-gd php5-mysql git curl php-xml-parser + + if [ ! -d /etc/share ]; then + mkdir /etc/share + fi + cd /etc/share + git_clone $RSS_READER_REPO tt-rss + if [ ! -d $RSS_READER_PATH ]; then + echo $'Could not clone RSS reader repo' + exit 52925 + fi + cd $RSS_READER_PATH + git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT + if ! grep -q "RSS reader commit" $COMPLETION_FILE; then + echo "RSS reader commit:$RSS_READER_COMMIT" >> $COMPLETION_FILE + fi + + install_mariadb + get_mariadb_password + repair_databases_script + + get_mariadb_rss_reader_admin_password + if [ ! $RSS_READER_ADMIN_PASSWORD ]; then + if [ -f $IMAGE_PASSWORD_FILE ]; then + RSS_READER_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + RSS_READER_ADMIN_PASSWORD="$(openssl rand -base64 32 | cut -c1-30)" + fi + fi + + create_database ttrss "$RSS_READER_ADMIN_PASSWORD" $MY_USERNAME + + RSS_READER_ONION_HOSTNAME=$(add_onion_service ttrss 80 ${RSS_READER_ONION_PORT}) + + echo 'server {' > /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo " listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo " server_name $RSS_READER_DOMAIN_NAME;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' # Logs' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' error_log off;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' # Root' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo " root $RSS_READER_PATH;" >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' # Index' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' index index.html index.htm index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' # PHP' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' location ~ \.php {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' # Location' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' location /mobile {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' index index.htm;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' try_files $uri $uri/ @ttrss;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' # Fancy URLs' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' location @ttrss {' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME