diff --git a/src/freedombone b/src/freedombone index 3c9a49ac..e81f38a6 100755 --- a/src/freedombone +++ b/src/freedombone @@ -8620,108 +8620,109 @@ function install_gnu_social { CURRENT_DDNS_DOMAIN=$MICROBLOG_DOMAIN_NAME add_ddns_domain + microblog_nginx_site=/etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME if [[ $ONION_ONLY == "no" ]]; then - echo 'server {' > /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' listen 80;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' listen [::]:80;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo 'server {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # Security' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' ssl on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo " ssl_certificate /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.pem;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo " ssl_certificate_key /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo " ssl_dhparam /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' ssl_session_timeout 60m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' ssl_prefer_server_ciphers on;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo " ssl_ciphers '$SSL_CIPHERS';" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # Logs' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' error_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # Root' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # Index' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # PHP' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' location ~ \.php {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # Location' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' try_files $uri $uri/ @gnusocial;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # Fancy URLs' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' location @gnusocial {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # Restrict access that is unnecessary anyway' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' location ~ /\.(ht|git) {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo 'server {' > $microblog_nginx_site + echo ' listen 80;' >> $microblog_nginx_site + echo ' listen [::]:80;' >> $microblog_nginx_site + echo " server_name $MICROBLOG_DOMAIN_NAME;" >> $microblog_nginx_site + echo ' rewrite ^ https://$server_name$request_uri? permanent;' >> $microblog_nginx_site + echo '}' >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo 'server {' >> $microblog_nginx_site + echo ' listen 443 ssl;' >> $microblog_nginx_site + echo " server_name $MICROBLOG_DOMAIN_NAME;" >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # Security' >> $microblog_nginx_site + echo ' ssl on;' >> $microblog_nginx_site + echo " ssl_certificate /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.pem;" >> $microblog_nginx_site + echo " ssl_certificate_key /etc/ssl/private/$MICROBLOG_DOMAIN_NAME.key;" >> $microblog_nginx_site + echo " ssl_dhparam /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam;" >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' ssl_session_timeout 60m;' >> $microblog_nginx_site + echo ' ssl_prefer_server_ciphers on;' >> $microblog_nginx_site + echo ' ssl_session_cache builtin:1000 shared:SSL:10m;' >> $microblog_nginx_site + echo " ssl_protocols $SSL_PROTOCOLS; # not possible to do exclusive" >> $microblog_nginx_site + echo " ssl_ciphers '$SSL_CIPHERS';" >> $microblog_nginx_site + echo ' add_header X-Frame-Options DENY;' >> $microblog_nginx_site + echo ' add_header X-Content-Type-Options nosniff;' >> $microblog_nginx_site + echo ' add_header Strict-Transport-Security max-age=15768000;' >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # Logs' >> $microblog_nginx_site + echo ' access_log off;' >> $microblog_nginx_site + echo ' error_log off;' >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # Root' >> $microblog_nginx_site + echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # Index' >> $microblog_nginx_site + echo ' index index.php;' >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # PHP' >> $microblog_nginx_site + echo ' location ~ \.php {' >> $microblog_nginx_site + echo ' include snippets/fastcgi-php.conf;' >> $microblog_nginx_site + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $microblog_nginx_site + echo ' }' >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # Location' >> $microblog_nginx_site + echo ' location / {' >> $microblog_nginx_site + echo ' try_files $uri $uri/ @gnusocial;' >> $microblog_nginx_site + echo ' }' >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # Fancy URLs' >> $microblog_nginx_site + echo ' location @gnusocial {' >> $microblog_nginx_site + echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $microblog_nginx_site + echo ' }' >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # Restrict access that is unnecessary anyway' >> $microblog_nginx_site + echo ' location ~ /\.(ht|git) {' >> $microblog_nginx_site + echo ' deny all;' >> $microblog_nginx_site + echo ' }' >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' client_max_body_size 15m;' >> $microblog_nginx_site + echo '}' >> $microblog_nginx_site else - echo -n '' > /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo -n '' > $microblog_nginx_site fi - echo 'server {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo " listen 127.0.0.1:$MICROBLOG_ONION_PORT default_server;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # Logs' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' error_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # Root' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # Index' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # PHP' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' location ~ \.php {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' include snippets/fastcgi-php.conf;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # Location' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' try_files $uri $uri/ @gnusocial;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # Fancy URLs' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' location @gnusocial {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' # Restrict access that is unnecessary anyway' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' location ~ /\.(ht|git) {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME + echo 'server {' >> $microblog_nginx_site + echo " listen 127.0.0.1:$MICROBLOG_ONION_PORT default_server;" >> $microblog_nginx_site + echo " server_name $MICROBLOG_DOMAIN_NAME;" >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # Logs' >> $microblog_nginx_site + echo ' access_log off;' >> $microblog_nginx_site + echo ' error_log off;' >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # Root' >> $microblog_nginx_site + echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # Index' >> $microblog_nginx_site + echo ' index index.php;' >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # PHP' >> $microblog_nginx_site + echo ' location ~ \.php {' >> $microblog_nginx_site + echo ' include snippets/fastcgi-php.conf;' >> $microblog_nginx_site + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> $microblog_nginx_site + echo ' }' >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # Location' >> $microblog_nginx_site + echo ' location / {' >> $microblog_nginx_site + echo ' try_files $uri $uri/ @gnusocial;' >> $microblog_nginx_site + echo ' }' >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # Fancy URLs' >> $microblog_nginx_site + echo ' location @gnusocial {' >> $microblog_nginx_site + echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> $microblog_nginx_site + echo ' }' >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' # Restrict access that is unnecessary anyway' >> $microblog_nginx_site + echo ' location ~ /\.(ht|git) {' >> $microblog_nginx_site + echo ' deny all;' >> $microblog_nginx_site + echo ' }' >> $microblog_nginx_site + echo '' >> $microblog_nginx_site + echo ' add_header X-Frame-Options DENY;' >> $microblog_nginx_site + echo ' add_header X-Content-Type-Options nosniff;' >> $microblog_nginx_site + echo ' client_max_body_size 15m;' >> $microblog_nginx_site + echo '}' >> $microblog_nginx_site configure_php