diff --git a/src/freedombone-app-blog b/src/freedombone-app-blog deleted file mode 100755 index 6ea7d75b..00000000 --- a/src/freedombone-app-blog +++ /dev/null @@ -1,623 +0,0 @@ -#!/bin/bash -# -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud -# -# Blog functions -# -# License -# ======= -# -# Copyright (C) 2014-2016 Bob Mottram -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . - -VARIANTS="full full-vim writer" - -FULLBLOG_DOMAIN_NAME= -FULLBLOG_CODE= -FULLBLOG_ONION_PORT=8086 -FULLBLOG_REPO="https://github.com/danpros/htmly" -FULLBLOG_COMMIT='bf5fe9486160be4da86d8987d3e5c977e1dc6d32' -MY_BLOG_TITLE="My Blog" -MY_BLOG_SUBTITLE="Another ${PROJECT_NAME} Blog" - -blog_variables=(FULLBLOG_REPO - FULLBLOG_COMMIT - FULLBLOG_DOMAIN_NAME - FULLBLOG_CODE - MY_BLOG_TITLE - MY_BLOG_SUBTITLE - ONION_ONLY - DDNS_PROVIDER - MY_USERNAME) - -function remove_user_blog { - remove_username="$1" - - if [ -f /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini ]; then - rm /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini - fi -} - -function add_user_blog { - if [[ $(app_is_installed blog) == "0" ]]; then - echo '0' - return - fi - - new_username="$1" - new_user_password="$2" - - if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users ]; then - echo '2' - return - fi - NEW_USER_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$new_user_password") - if [ ${#NEW_USER_PASSWORD_HASH} -lt 8 ]; then - echo '3' - return - fi - echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$new_username.ini - echo "password = $NEW_USER_PASSWORD_HASH" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$new_username.ini - echo 'encryption = password_hash' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$new_username.ini - echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$new_username.ini - echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$new_username.ini - echo '0' -} - -function configure_interactive_blog { - data=$(tempfile 2>/dev/null) - trap "rm -f $data" 0 1 2 5 15 - dialog --title $"Change blog avatar" \ - --backtitle $"Freedombone Control Panel" \ - --inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>$data - sel=$? - case $sel in - 0) - IMAGE_URL=$(<$data) - if [ ${#IMAGE_URL} -gt 5 ]; then - clear - ${PROJECT_NAME}-blog -a $IMAGE_URL - if [ "$?" = "0" ]; then - dialog --title $"Change blog avatar" \ - --msgbox $"Your blog avatar has been changed" 6 40 - fi - fi - ;; - esac -} - -function install_interactive_blog { - if [ ! $ONION_ONLY ]; then - ONION_ONLY='no' - fi - - if [[ $ONION_ONLY != "no" ]]; then - MY_BLOG_TITLE='My Blog' - FULLBLOG_DOMAIN_NAME='blog.local' - write_config_param "MY_BLOG_TITLE" "$MY_BLOG_TITLE" - write_config_param "FULLBLOG_DOMAIN_NAME" "$FULLBLOG_DOMAIN_NAME" - else - function_check interactive_site_details_with_title - interactive_site_details_with_title "blog" "MY_BLOG_TITLE" "FULLBLOG_DOMAIN_NAME" "FULLBLOG_CODE" - fi - APP_INSTALLED=1 -} - -function change_password_blog { - if ! grep -q "blog domain:" $COMPLETION_FILE; then - echo "blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE - fi - FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "blog domain" | head -n 1 | awk -F ':' '{print $2}') - - BLOG_USERNAME="$1" - BLOG_PASSWORD="$2" - if [ ${#BLOG_PASSWORD} -lt 8 ]; then - echo $'Blog password is too short' - return - fi - BLOG_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$BLOG_PASSWORD") - if [ ${#BLOG_PASSWORD_HASH} -lt 8 ]; then - echo $'Blog admin password could not be hashed' - exit 625728 - fi - sed -i "s|password =.*|password = $BLOG_PASSWORD_HASH|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$BLOG_USERNAME.ini -} - -function reconfigure_blog { - echo -n '' -} - -function upgrade_blog { - read_config_param "FULLBLOG_DOMAIN_NAME" - - function_check set_repo_commit - set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO - - # update blog avatar - ${PROJECT_NAME}-blog -} - -function backup_local_blog { - FULLBLOG_DOMAIN_NAME='blog' - if grep -q "blog domain" $COMPLETION_FILE; then - FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "blog domain" | awk -F ':' '{print $2}') - fi - - source_directory=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - if [ -d $source_directory ]; then - dest_directory=blog - echo $"Backing up $source_directory to $dest_directory" - - function_check suspend_site - suspend_site ${FULLBLOG_DOMAIN_NAME} - - function_check backup_directory_to_usb - backup_directory_to_usb $source_directory $dest_directory - - function_check restart_site - restart_site - - echo $"Backup to $dest_directory complete" - fi -} - -function restore_local_blog { - FULLBLOG_DOMAIN_NAME='blog' - if grep -q "blog domain" $COMPLETION_FILE; then - FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "blog domain" | awk -F ':' '{print $2}') - fi - if [ $FULLBLOG_DOMAIN_NAME ]; then - echo $"Restoring blog installation" - temp_restore_dir=/root/tempblog - restore_directory_from_usb $temp_restore_dir blog - rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/ - if [ ! "$?" = "0" ]; then - set_user_permissions - backup_unmount_drive - exit 593 - fi - rm -rf $temp_restore_dir - if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then - echo $"No content directory found after restoring blog" - set_user_permissions - backup_unmount_drive - exit 287 - fi - chown -R www-data:www-data /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - # Ensure that the bundled SSL cert is being used - if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then - sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME} - fi - for d in /home/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then - mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post - fi - fi - done - if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then - ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key - ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem - fi - fi -} - -function backup_remote_blog { - if grep -q "blog domain" $COMPLETION_FILE; then - FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "blog domain" | awk -F ':' '{print $2}') - temp_backup_dir=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - if [ -d $temp_backup_dir ]; then - echo $"Backing up blog" - backup_directory_to_friend $temp_backup_dir blog - echo $"Backup of blog complete" - else - echo $"Blog domain specified but not found in $temp_backup_dir" - exit 2578 - fi - fi -} - -function restore_remote_blog { - if [ -d $SERVER_DIRECTORY/backup/blog ]; then - FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "blog domain" | awk -F ':' '{print $2}') - echo $"Restoring blog installation $FULLBLOG_DOMAIN_NAME" - temp_restore_dir=/root/tempblog - mkdir $temp_restore_dir - function_check restore_directory_from_friend - restore_directory_from_friend $temp_restore_dir blog - rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs - cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/ - if [ ! "$?" = "0" ]; then - exit 593 - fi - rm -rf $temp_restore_dir - if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then - echo $"No content directory found after restoring blog" - exit 287 - fi - # Ensure that the bundled SSL cert is being used - if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then - sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME} - fi - for d in /home/*/ ; do - USERNAME=$(echo "$d" | awk -F '/' '{print $3}') - if [[ $(is_valid_user "$USERNAME") == "1" ]]; then - if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then - mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post - fi - fi - done - if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then - ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key - ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem - fi - echo $"Restore of blog complete" - fi -} - -function remove_blog { - if [ ${#FULLBLOG_DOMAIN_NAME} -eq 0 ]; then - return - fi - - read_config_param "FULLBLOG_DOMAIN_NAME" - nginx_dissite $FULLBLOG_DOMAIN_NAME - if [ -f /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME ]; then - rm -f /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - fi - if [ -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then - rm -rf /var/www/$FULLBLOG_DOMAIN_NAME - fi - if [ $FULLBLOG_CODE ]; then - if [ -f /usr/bin/dynamicdns ]; then - sed -i "/$FULLBLOG_DOMAIN_NAME/d" /usr/bin/dynamicdns - sed -i "/$FULLBLOG_CODE/d" /usr/bin/dynamicdns - fi - fi - function_check remove_onion_service - remove_onion_service blog ${FULLBLOG_ONION_PORT} - sed -i '/install_blog/d' $COMPLETION_FILE - sed -i '/Blog .*/d' $COMPLETION_FILE -} - -function get_blog_admin_password { - if [ -f /home/$MY_USERNAME/README ]; then - if grep -q "Your blog password is" /home/$MY_USERNAME/README; then - FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//') - fi - fi -} - -function install_blog_social_networks { - # set social networks - if grep -q "social.hubzilla" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then - sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - fi - if grep -q "social.gnusocial" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then - sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROBLOG_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - fi - - # clear proprietary social network strings - sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i 's|social.google.*|social.google = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini -} - -function install_blog_user { - # create a user password - function_check get_blog_admin_password - get_blog_admin_password - if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - FULLBLOG_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" - fi - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'HTMLy Blog' >> /home/$MY_USERNAME/README - echo '==========' >> /home/$MY_USERNAME/README - echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README - echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README - if [[ $ONION_ONLY == 'no' ]]; then - echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README - fi - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi - - # create a user - FULLBLOG_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$FULLBLOG_ADMIN_PASSWORD") - if [ ${#FULLBLOG_ADMIN_PASSWORD_HASH} -lt 8 ]; then - echo $'Blog admin password could not be hashed' - exit 625728 - fi - echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo "password = $FULLBLOG_ADMIN_PASSWORD_HASH" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo 'encryption = password_hash' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini - echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini -} - -function install_blog_settings { - cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini - sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini -} - -function install_blog_website { - function_check nginx_http_redirect - nginx_http_redirect $FULLBLOG_DOMAIN_NAME - echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - function_check nginx_ssl - nginx_ssl $FULLBLOG_DOMAIN_NAME - function_check nginx_disable_sniffing - nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - function_check nginx_limits - nginx_limits $FULLBLOG_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME -} - -function install_blog_website_onion { - echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - function_check nginx_disable_sniffing - nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - function_check nginx_limits - nginx_limits $FULLBLOG_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - function_check nginx_limits - nginx_limits $FULLBLOG_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME -} - -function install_blog_from_repo { - if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then - mkdir /var/www/$FULLBLOG_DOMAIN_NAME - fi - - cd /var/www/$FULLBLOG_DOMAIN_NAME - git_clone $FULLBLOG_REPO htdocs - cd htdocs - git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT - if ! grep -q "blog commit" $COMPLETION_FILE; then - echo "blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/blog commit.*/blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE - fi -} - -function install_blog { - if [ ! $ONION_ONLY ]; then - ONION_ONLY='no' - fi - - if [ ! $FULLBLOG_DOMAIN_NAME ]; then - echo $'The blog domain name was not specified' - exit 5062 - fi - - # for the avatar changing command - apt-get -y install imagemagick - - function_check install_blog_from_repo - install_blog_from_repo - - if [[ $ONION_ONLY == "no" ]]; then - function_check install_blog_website - install_blog_website - else - echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME - fi - function_check install_blog_website_onion - install_blog_website_onion - - function_check create_site_certificate - create_site_certificate $FULLBLOG_DOMAIN_NAME 'yes' - - function_check configure_php - configure_php - - function_check install_blog_settings - install_blog_settings - - function_check install_blog_social_networks - install_blog_social_networks - - function_check install_blog_user - install_blog_user - - chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs - - FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT}) - - function_check nginx_ensite - nginx_ensite $FULLBLOG_DOMAIN_NAME - - systemctl restart php5-fpm - systemctl restart nginx - - if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then - echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README - echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi - - function_check add_ddns_domain - add_ddns_domain $FULLBLOG_DOMAIN_NAME - - if ! grep -q "blog domain:" $COMPLETION_FILE; then - echo "blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE - fi - APP_INSTALLED=1 -} - -# NOTE: deliberately no exit 0 diff --git a/src/freedombone-app-htmly b/src/freedombone-app-htmly new file mode 100755 index 00000000..cd17dd24 --- /dev/null +++ b/src/freedombone-app-htmly @@ -0,0 +1,661 @@ +#!/bin/bash +# +# .---. . . +# | | | +# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. +# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' +# ' ' --' --' -' - -' ' ' -' -' -' ' - --' +# +# Freedom in the Cloud +# +# Htmly functions +# +# License +# ======= +# +# Copyright (C) 2014-2016 Bob Mottram +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +VARIANTS="full full-vim writer" + +HYMLY_DOMAIN_NAME= +HYMLY_CODE= +HYMLY_ONION_PORT=8086 +HYMLY_REPO="https://github.com/danpros/htmly" +HYMLY_COMMIT='bf5fe9486160be4da86d8987d3e5c977e1dc6d32' +HTMLY_TITLE="My Htmly" +HTMLY_SUBTITLE="Another ${PROJECT_NAME} Htmly" + +htmly_variables=(HYMLY_REPO + HYMLY_COMMIT + HYMLY_DOMAIN_NAME + HYMLY_CODE + HTMLY_TITLE + HTMLY_SUBTITLE + ONION_ONLY + DDNS_PROVIDER + MY_USERNAME) + +function set_avatar_from_url { + AVATAR="$1" + + read_config_param "HTMLY_DOMAIN_NAME" + BASE_DIR=/var/www/$HTMLY_DOMAIN_NAME/htdocs + + if [ ! -d $BASE_DIR/customimages ]; then + mkdir $BASE_DIR/customimages + fi + + # download the image + cd $BASE_DIR/customimages + # convert to png + wget $AVATAR -O avatar + if [[ $AVATAR == *".gif" ]]; then + mv avatar avatar.gif + mogrify -format png avatar.gif + fi + if [[ $AVATAR == *".jpg" ]]; then + mv avatar avatar.jpg + mogrify -format png avatar.jpg + fi + if [[ $AVATAR == *".jpeg" ]]; then + mv avatar avatar.jpeg + mogrify -format png avatar.jpeg + fi + if [ -f avatar ]; then + mv avatar avatar.png + fi + + # standard size + mogrify -resize 150x150 avatar.png + if [ ! -f $BASE_DIR/customimages/avatar.png ]; then + echo $'Avatar image could not be downloaded' + return + fi + chown -R www-data:www-data $BASE_DIR/customimages + AVATAR_SET=1 +} + +function remove_user_htmly { + remove_username="$1" + + if [ -f /var/www/${HYMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini ]; then + rm /var/www/${HYMLY_DOMAIN_NAME}/htdocs/config/users/${remove_username}.ini + fi +} + +function add_user_htmly { + if [[ $(app_is_installed htmly) == "0" ]]; then + echo '0' + return + fi + + new_username="$1" + new_user_password="$2" + + if [ ! -d /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users ]; then + echo '2' + return + fi + NEW_USER_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$new_user_password") + if [ ${#NEW_USER_PASSWORD_HASH} -lt 8 ]; then + echo '3' + return + fi + echo ';Password' > /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini + echo "password = $NEW_USER_PASSWORD_HASH" >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini + echo 'encryption = password_hash' >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini + echo ';Role' >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini + echo 'role = admin' >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$new_username.ini + echo '0' +} + +function configure_interactive_htmly { + data=$(tempfile 2>/dev/null) + trap "rm -f $data" 0 1 2 5 15 + dialog --title $"Change htmly avatar" \ + --backtitle $"Freedombone Control Panel" \ + --inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>$data + sel=$? + case $sel in + 0) + IMAGE_URL=$(<$data) + if [ ${#IMAGE_URL} -gt 5 ]; then + clear + AVATAR_SET= + set_avatar_from_url $IMAGE_URL + if [ $AVATAR_SET ]; then + dialog --title $"Change htmly avatar" \ + --msgbox $"Your htmly avatar has been changed" 6 40 + fi + fi + ;; + esac +} + +function install_interactive_htmly { + if [ ! $ONION_ONLY ]; then + ONION_ONLY='no' + fi + + if [[ $ONION_ONLY != "no" ]]; then + HTMLY_TITLE='My Htmly' + HYMLY_DOMAIN_NAME='htmly.local' + write_config_param "HTMLY_TITLE" "$HTMLY_TITLE" + write_config_param "HYMLY_DOMAIN_NAME" "$HYMLY_DOMAIN_NAME" + else + function_check interactive_site_details_with_title + interactive_site_details_with_title "htmly" "HTMLY_TITLE" "HYMLY_DOMAIN_NAME" "HYMLY_CODE" + fi + APP_INSTALLED=1 +} + +function change_password_htmly { + if ! grep -q "htmly domain:" $COMPLETION_FILE; then + echo "htmly domain:$HYMLY_DOMAIN_NAME" >> $COMPLETION_FILE + fi + HYMLY_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "htmly domain" | head -n 1 | awk -F ':' '{print $2}') + + HTMLY_USERNAME="$1" + HTMLY_PASSWORD="$2" + if [ ${#HTMLY_PASSWORD} -lt 8 ]; then + echo $'Htmly password is too short' + return + fi + HTMLY_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$HTMLY_PASSWORD") + if [ ${#HTMLY_PASSWORD_HASH} -lt 8 ]; then + echo $'Htmly admin password could not be hashed' + exit 625728 + fi + sed -i "s|password =.*|password = $HTMLY_PASSWORD_HASH|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$HTMLY_USERNAME.ini +} + +function reconfigure_htmly { + echo -n '' +} + +function upgrade_htmly { + read_config_param "HYMLY_DOMAIN_NAME" + + function_check set_repo_commit + set_repo_commit /var/www/$HYMLY_DOMAIN_NAME/htdocs "htmly commit" "$HYMLY_COMMIT" $HYMLY_REPO +} + +function backup_local_htmly { + HYMLY_DOMAIN_NAME='htmly' + if grep -q "htmly domain" $COMPLETION_FILE; then + HYMLY_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "htmly domain" | awk -F ':' '{print $2}') + fi + + source_directory=/var/www/${HYMLY_DOMAIN_NAME}/htdocs + if [ -d $source_directory ]; then + dest_directory=htmly + echo $"Backing up $source_directory to $dest_directory" + + function_check suspend_site + suspend_site ${HYMLY_DOMAIN_NAME} + + function_check backup_directory_to_usb + backup_directory_to_usb $source_directory $dest_directory + + function_check restart_site + restart_site + + echo $"Backup to $dest_directory complete" + fi +} + +function restore_local_htmly { + HYMLY_DOMAIN_NAME='htmly' + if grep -q "htmly domain" $COMPLETION_FILE; then + HYMLY_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "htmly domain" | awk -F ':' '{print $2}') + fi + if [ $HYMLY_DOMAIN_NAME ]; then + echo $"Restoring htmly installation" + temp_restore_dir=/root/temphtmly + restore_directory_from_usb $temp_restore_dir htmly + rm -rf /var/www/${HYMLY_DOMAIN_NAME}/htdocs + cp -r $temp_restore_dir/var/www/${HYMLY_DOMAIN_NAME}/htdocs /var/www/${HYMLY_DOMAIN_NAME}/ + if [ ! "$?" = "0" ]; then + set_user_permissions + backup_unmount_drive + exit 593 + fi + rm -rf $temp_restore_dir + if [ ! -d /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content ]; then + echo $"No content directory found after restoring htmly" + set_user_permissions + backup_unmount_drive + exit 287 + fi + chown -R www-data:www-data /var/www/${HYMLY_DOMAIN_NAME}/htdocs + # Ensure that the bundled SSL cert is being used + if [ -f /etc/ssl/certs/${HYMLY_DOMAIN_NAME}.bundle.crt ]; then + sed -i "s|${HYMLY_DOMAIN_NAME}.crt|${HYMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HYMLY_DOMAIN_NAME} + fi + for d in /home/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $3}') + if [[ $(is_valid_user "$USERNAME") == "1" ]]; then + if [ -d /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then + mv /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post + fi + fi + done + if [ -d /etc/letsencrypt/live/${HYMLY_DOMAIN_NAME} ]; then + ln -s /etc/letsencrypt/live/${HYMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HYMLY_DOMAIN_NAME}.key + ln -s /etc/letsencrypt/live/${HYMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HYMLY_DOMAIN_NAME}.pem + fi + fi +} + +function backup_remote_htmly { + if grep -q "htmly domain" $COMPLETION_FILE; then + HYMLY_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "htmly domain" | awk -F ':' '{print $2}') + temp_backup_dir=/var/www/${HYMLY_DOMAIN_NAME}/htdocs + if [ -d $temp_backup_dir ]; then + echo $"Backing up htmly" + backup_directory_to_friend $temp_backup_dir htmly + echo $"Backup of htmly complete" + else + echo $"Htmly domain specified but not found in $temp_backup_dir" + exit 2578 + fi + fi +} + +function restore_remote_htmly { + if [ -d $SERVER_DIRECTORY/backup/htmly ]; then + HYMLY_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "htmly domain" | awk -F ':' '{print $2}') + echo $"Restoring htmly installation $HYMLY_DOMAIN_NAME" + temp_restore_dir=/root/temphtmly + mkdir $temp_restore_dir + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir htmly + rm -rf /var/www/${HYMLY_DOMAIN_NAME}/htdocs + cp -r $temp_restore_dir/var/www/${HYMLY_DOMAIN_NAME}/htdocs /var/www/${HYMLY_DOMAIN_NAME}/ + if [ ! "$?" = "0" ]; then + exit 593 + fi + rm -rf $temp_restore_dir + if [ ! -d /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content ]; then + echo $"No content directory found after restoring htmly" + exit 287 + fi + # Ensure that the bundled SSL cert is being used + if [ -f /etc/ssl/certs/${HYMLY_DOMAIN_NAME}.bundle.crt ]; then + sed -i "s|${HYMLY_DOMAIN_NAME}.crt|${HYMLY_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${HYMLY_DOMAIN_NAME} + fi + for d in /home/*/ ; do + USERNAME=$(echo "$d" | awk -F '/' '{print $3}') + if [[ $(is_valid_user "$USERNAME") == "1" ]]; then + if [ -d /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post ]; then + mv /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/*.md /var/www/${HYMLY_DOMAIN_NAME}/htdocs/content/$USERNAME/htmly/uncategorized/post + fi + fi + done + if [ -d /etc/letsencrypt/live/${HYMLY_DOMAIN_NAME} ]; then + ln -s /etc/letsencrypt/live/${HYMLY_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${HYMLY_DOMAIN_NAME}.key + ln -s /etc/letsencrypt/live/${HYMLY_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${HYMLY_DOMAIN_NAME}.pem + fi + echo $"Restore of htmly complete" + fi +} + +function remove_htmly { + if [ ${#HYMLY_DOMAIN_NAME} -eq 0 ]; then + return + fi + + read_config_param "HYMLY_DOMAIN_NAME" + nginx_dissite $HYMLY_DOMAIN_NAME + if [ -f /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME ]; then + rm -f /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + fi + if [ -d /var/www/$HYMLY_DOMAIN_NAME ]; then + rm -rf /var/www/$HYMLY_DOMAIN_NAME + fi + if [ $HYMLY_CODE ]; then + if [ -f /usr/bin/dynamicdns ]; then + sed -i "/$HYMLY_DOMAIN_NAME/d" /usr/bin/dynamicdns + sed -i "/$HYMLY_CODE/d" /usr/bin/dynamicdns + fi + fi + function_check remove_onion_service + remove_onion_service htmly ${HYMLY_ONION_PORT} + sed -i '/install_htmly/d' $COMPLETION_FILE + sed -i '/Htmly .*/d' $COMPLETION_FILE +} + +function get_htmly_admin_password { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "Your htmly password is" /home/$MY_USERNAME/README; then + HYMLY_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your htmly password is" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi +} + +function install_htmly_social_networks { + # set social networks + if grep -q "social.hubzilla" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini; then + sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini + fi + if grep -q "social.gnusocial" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini; then + sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROHTMLY_DOMAIN_NAME\"|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini + fi + + # clear proprietary social network strings + sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini + sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini + sed -i 's|social.google.*|social.google = ""|g' /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini +} + +function install_htmly_user { + # create a user password + function_check get_htmly_admin_password + get_htmly_admin_password + if [ ! $HYMLY_ADMIN_PASSWORD ]; then + if [ -f $IMAGE_PASSWORD_FILE ]; then + HYMLY_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + HYMLY_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + fi + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'HTMLy Htmly' >> /home/$MY_USERNAME/README + echo '==========' >> /home/$MY_USERNAME/README + echo $"Your htmly username: $MY_USERNAME" >> /home/$MY_USERNAME/README + echo $"Your htmly password is: $HYMLY_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README + if [[ $ONION_ONLY == 'no' ]]; then + echo $"Log into your htmly at https://$HYMLY_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README + fi + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi + + # create a user + HYMLY_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --htmlyhash "$HYMLY_ADMIN_PASSWORD") + if [ ${#HYMLY_ADMIN_PASSWORD_HASH} -lt 8 ]; then + echo $'Htmly admin password could not be hashed' + exit 625728 + fi + echo ';Password' > /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo "password = $HYMLY_ADMIN_PASSWORD_HASH" >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo 'encryption = password_hash' >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo ';Role' >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini + echo 'role = admin' >> /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini +} + +function install_htmly_settings { + cp /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|site.url.*|site.url = '/'|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|htmly.title.*|htmly.title = '$HTMLY_TITLE'|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|htmly.tagline.*|htmly.tagline = '$HTMLY_SUBTITLE'|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini + sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini + sed -i "s|Your name|$MY_NAME|g" /var/www/$HYMLY_DOMAIN_NAME/htdocs/config/config.ini +} + +function install_htmly_website { + function_check nginx_http_redirect + nginx_http_redirect $HYMLY_DOMAIN_NAME + echo 'server {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " root /var/www/$HYMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " server_name $HYMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " error_log /var/log/nginx/${HYMLY_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + function_check nginx_ssl + nginx_ssl $HYMLY_DOMAIN_NAME + function_check nginx_disable_sniffing + nginx_disable_sniffing $HYMLY_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + function_check nginx_limits + nginx_limits $HYMLY_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME +} + +function install_htmly_website_onion { + echo 'server {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " listen 127.0.0.1:${HYMLY_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " root /var/www/$HYMLY_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " server_name $HYMLY_DOMAIN_NAME;" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " error_log /var/log/nginx/${HYMLY_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + function_check nginx_disable_sniffing + nginx_disable_sniffing $HYMLY_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + function_check nginx_limits + nginx_limits $HYMLY_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + function_check nginx_limits + nginx_limits $HYMLY_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME +} + +function install_htmly_from_repo { + if [ ! -d /var/www/$HYMLY_DOMAIN_NAME ]; then + mkdir /var/www/$HYMLY_DOMAIN_NAME + fi + + cd /var/www/$HYMLY_DOMAIN_NAME + git_clone $HYMLY_REPO htdocs + cd htdocs + git checkout $HYMLY_COMMIT -b $HYMLY_COMMIT + if ! grep -q "htmly commit" $COMPLETION_FILE; then + echo "htmly commit:$HYMLY_COMMIT" >> $COMPLETION_FILE + else + sed -i "s/htmly commit.*/htmly commit:$HYMLY_COMMIT/g" $COMPLETION_FILE + fi +} + +function install_htmly { + if [ ! $ONION_ONLY ]; then + ONION_ONLY='no' + fi + + if [ ! $HYMLY_DOMAIN_NAME ]; then + echo $'The htmly domain name was not specified' + exit 5062 + fi + + # for the avatar changing command + apt-get -y install imagemagick + + function_check install_htmly_from_repo + install_htmly_from_repo + + if [[ $ONION_ONLY == "no" ]]; then + function_check install_htmly_website + install_htmly_website + else + echo -n '' > /etc/nginx/sites-available/$HYMLY_DOMAIN_NAME + fi + function_check install_htmly_website_onion + install_htmly_website_onion + + function_check create_site_certificate + create_site_certificate $HYMLY_DOMAIN_NAME 'yes' + + function_check configure_php + configure_php + + function_check install_htmly_settings + install_htmly_settings + + function_check install_htmly_social_networks + install_htmly_social_networks + + function_check install_htmly_user + install_htmly_user + + chown -R www-data:www-data /var/www/$HYMLY_DOMAIN_NAME/htdocs + + HYMLY_ONION_HOSTNAME=$(add_onion_service htmly 80 ${HYMLY_ONION_PORT}) + + function_check nginx_ensite + nginx_ensite $HYMLY_DOMAIN_NAME + + systemctl restart php5-fpm + systemctl restart nginx + + if ! grep -q "Htmly onion domain" /home/$MY_USERNAME/README; then + echo $"Htmly onion domain: ${HYMLY_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README + echo $"Log into your htmly at https://${HYMLY_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi + + function_check add_ddns_domain + add_ddns_domain $HYMLY_DOMAIN_NAME + + if ! grep -q "htmly domain:" $COMPLETION_FILE; then + echo "htmly domain:$HYMLY_DOMAIN_NAME" >> $COMPLETION_FILE + fi + APP_INSTALLED=1 +} + +# NOTE: deliberately no exit 0 diff --git a/src/freedombone-blog b/src/freedombone-blog deleted file mode 100755 index 9cfaea5a..00000000 --- a/src/freedombone-blog +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/bash -# -# .---. . . -# | | | -# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. -# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' -# ' ' --' --' -' - -' ' ' -' -' -' ' - --' -# -# Freedom in the Cloud -# -# Blogging functions - -# License -# ======= -# -# Copyright (C) 2016 Bob Mottram -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . - -PROJECT_NAME='freedombone' - -export TEXTDOMAIN=${PROJECT_NAME}-blog -export TEXTDOMAINDIR="/usr/share/locale" - -CONFIGURATION_FILE=$HOME/${PROJECT_NAME}.cfg - -UTILS_FILES=/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* -for f in $UTILS_FILES -do - source $f -done - -AVATAR= - -# get the blog hostname -read_config_param "FULLBLOG_DOMAIN_NAME" -HOSTNAME=$FULLBLOG_DOMAIN_NAME - -BASE_DIR=/var/www/$HOSTNAME/htdocs - -function show_help { - echo '' - echo $"${PROJECT_NAME}-blog -h [hostname] -a [avatar image file]" - echo '' - echo $'Blogging functions' - echo '' - echo $' --help Show help' - echo $' -h --hostname [name] Hostname' - echo $' -a --avatar [url] Filename or url for avatar' - echo '' - exit 0 -} - -while [[ $# > 1 ]] -do - key="$1" - - case $key in - --help) - show_help - ;; - -h|--hostname) - shift - HOSTNAME="$1" - ;; - -a|--avatar) - shift - AVATAR="$1" - ;; - *) - # unknown option - ;; - esac - shift -done - -if [ ! $HOSTNAME ]; then - echo $'No hostname specified' - exit 5748 -fi - -if [ ! -d $BASE_DIR ]; then - echo "$BASE_DIR was not found" - exit 1 -fi - -function set_avatar_from_file { - SOURCE_IMAGE_FILE="$1" - - if [ ! -f $SOURCE_IMAGE_FILE ]; then - echo $'Source file not found' - exit 2 - fi - - # copy the source image - cd $BASE_DIR - AVATAR_FILES=$(find . -name avatar.png) - read -a arr <<<$AVATAR_FILES - - for i in "${arr[@]}" - do - FILENAME="$BASE_DIR$(echo \"$i\" | awk -F '.' '{print $2}')".png - if [[ "$FILENAME" != "$SOURCE_IMAGE_FILE" ]]; then - cp -f $SOURCE_IMAGE_FILE "$FILENAME" - fi - done -} - -function set_avatar_from_url { - if [ ! -d $BASE_DIR/customimages ]; then - mkdir $BASE_DIR/customimages - fi - - # download the image - cd $BASE_DIR/customimages - # convert to png - wget $AVATAR -O avatar - if [[ $AVATAR == *".gif" ]]; then - mv avatar avatar.gif - mogrify -format png avatar.gif - fi - if [[ $AVATAR == *".jpg" ]]; then - mv avatar avatar.jpg - mogrify -format png avatar.jpg - fi - if [[ $AVATAR == *".jpeg" ]]; then - mv avatar avatar.jpeg - mogrify -format png avatar.jpeg - fi - if [ -f avatar ]; then - mv avatar avatar.png - fi - - # standard size - mogrify -resize 150x150 avatar.png - if [ ! -f $BASE_DIR/customimages/avatar.png ]; then - echo $'Avatar image could not be downloaded' - exit 3 - fi - chown -R www-data:www-data $BASE_DIR/customimages -} - -if [[ "$AVATAR" == "http"* ]]; then - set_avatar_from_url -fi - -AVATAR=$BASE_DIR/customimages/avatar.png -if [ -f $AVATAR ]; then - set_avatar_from_file $AVATAR -fi - -exit 0 diff --git a/src/freedombone-config b/src/freedombone-config index 7b6c1f6e..b48487e3 100755 --- a/src/freedombone-config +++ b/src/freedombone-config @@ -67,9 +67,9 @@ NAMESERVER2= DOKUWIKI_TITLE= DOKUWIKI_DOMAIN_NAME= DOKUWIKI_CODE= -MY_BLOG_TITLE= -FULLBLOG_DOMAIN_NAME= -FULLBLOG_CODE= +HTMLY_TITLE= +HTMLY_DOMAIN_NAME= +HTMLY_CODE= MEDIAGOBLIN_ENABLED='no' MEDIAGOBLIN_DOMAIN_NAME= MEDIAGOBLIN_CODE= diff --git a/src/freedombone-sec b/src/freedombone-sec index 4e1f1246..e5e648dd 100755 --- a/src/freedombone-sec +++ b/src/freedombone-sec @@ -990,21 +990,21 @@ function monkeysphere_sign_server_keys { exit 0 } -function blog_hash { - # produces a hash corresponding to a blog password +function htmly_hash { + # produces a hash corresponding to a htmly password pass="$1" - BLOGHASH_FILENAME=/usr/bin/bloghash + HTMLYHASH_FILENAME=/usr/bin/htmlyhash - echo ' $BLOGHASH_FILENAME - echo 'parse_str(implode("&", array_slice($argv, 1)), $_GET);' >> $BLOGHASH_FILENAME - echo '$password = $_GET["password"];' >> $BLOGHASH_FILENAME - echo '$hash = password_hash($password, PASSWORD_BCRYPT);' >> $BLOGHASH_FILENAME - echo 'if (password_verify($password, $hash)) {' >> $BLOGHASH_FILENAME - echo ' echo $hash;' >> $BLOGHASH_FILENAME - echo '}' >> $BLOGHASH_FILENAME - echo '?>' >> $BLOGHASH_FILENAME + echo ' $HTMLYHASH_FILENAME + echo 'parse_str(implode("&", array_slice($argv, 1)), $_GET);' >> $HTMLYHASH_FILENAME + echo '$password = $_GET["password"];' >> $HTMLYHASH_FILENAME + echo '$hash = password_hash($password, PASSWORD_BCRYPT);' >> $HTMLYHASH_FILENAME + echo 'if (password_verify($password, $hash)) {' >> $HTMLYHASH_FILENAME + echo ' echo $hash;' >> $HTMLYHASH_FILENAME + echo '}' >> $HTMLYHASH_FILENAME + echo '?>' >> $HTMLYHASH_FILENAME - php $BLOGHASH_FILENAME password="$pass" + php $HTMLYHASH_FILENAME password="$pass" } function show_help { @@ -1014,13 +1014,13 @@ function show_help { echo $'Alters the security settings' echo '' echo '' - echo $' -h --help Show help' - echo $' -e --export Export security settings to a file' - echo $' -i --import Import security settings from a file' - echo $' -r --refresh Refresh GPG keys for all users' - echo $' -s --sign Sign monkeysphere server keys' - echo $' --register [domain] Register a https domain with monkeysphere' - echo $' -b --bloghash [password] Returns the hash of a password for the blog' + echo $' -h --help Show help' + echo $' -e --export Export security settings to a file' + echo $' -i --import Import security settings from a file' + echo $' -r --refresh Refresh GPG keys for all users' + echo $' -s --sign Sign monkeysphere server keys' + echo $' --register [domain] Register a https domain with monkeysphere' + echo $' -b --htmlyhash [password] Returns the hash of a password for a htmly blog' echo '' exit 0 } @@ -1060,10 +1060,10 @@ do shift monkeysphere_sign_server_keys ;; - # get a hash of the given blog password - -b|--bloghash) + # get a hash of the given htmly password + -b|--htmlyhash) shift - blog_hash "$1" + htmly_hash "$1" exit 0 ;; *) diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion index 30a09621..59a57542 100755 --- a/src/freedombone-utils-onion +++ b/src/freedombone-utils-onion @@ -126,7 +126,7 @@ function set_default_onion_domains { fi MICROBLOG_DOMAIN_NAME='microblog.local' - FULLBLOG_DOMAIN_NAME='blog.local' + HTMLY_DOMAIN_NAME='htmly.local' DOKUWIKI_DOMAIN_NAME='dokuwiki.local' DEFAULT_DOMAIN_NAME="${PROJECT_NAME}.local" GIT_DOMAIN_NAME='git.local' @@ -144,9 +144,9 @@ function create_avahi_onion_domains { function_check create_avahi_service create_avahi_service microblog http tcp $MICROBLOG_ONION_PORT fi - if [ $FULLBLOG_DOMAIN_NAME ]; then + if [ $HTMLY_DOMAIN_NAME ]; then function_check create_avahi_service - create_avahi_service blog http tcp $BLOG_ONION_PORT + create_avahi_service blog http tcp $HTMLY_ONION_PORT fi if [ $GIT_DOMAIN_NAME ]; then function_check create_avahi_service diff --git a/src/freedombone-utils-upgrade b/src/freedombone-utils-upgrade index 2c4738d0..e7bdce38 100755 --- a/src/freedombone-utils-upgrade +++ b/src/freedombone-utils-upgrade @@ -72,7 +72,7 @@ function upgrade_installation_from_previous_versions { sed -i 's|voip|mumble|g' $COMPLETION_FILE sed -i 's|VoIP|mumble|g' $COMPLETION_FILE sed -i 's|SIP |sip |g' $COMPLETION_FILE - sed -i 's|Blog|blog|g' $COMPLETION_FILE + sed -i 's|Blog|htmly|g' $COMPLETION_FILE sed -i 's|Hubzilla|hubzilla|g' $COMPLETION_FILE sed -i 's|Gogs|gogs|g' $COMPLETION_FILE sed -i 's|Wiki|dokuwiki|g' $COMPLETION_FILE