#!/bin/bash # _____ _ _ # | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ # | __| _| -_| -_| . | . | | . | . | | -_| # |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # # Freedom in the Cloud # # Lychee photo album # # License # ======= # # Copyright (C) 2014-2018 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . VARIANTS="full full-vim writer" IN_DEFAULT_INSTALL=0 SHOW_ON_ABOUT=1 LYCHEE_DOMAIN_NAME= LYCHEE_CODE= LYCHEE_ONION_PORT=8105 LYCHEE_REPO="https://github.com/electerious/Lychee" LYCHEE_COMMIT='27f207dcbac8488629ffc3b5a9cac78ae123bee9' LYCHEE_SHORT_DESCRIPTION=$'Lychee photos' LYCHEE_DESCRIPTION=$'Lychee photos' LYCHEE_MOBILE_APP_URL= lychee_variables=(LYCHEE_REPO LYCHEE_DOMAIN_NAME LYCHEE_CODE ONION_ONLY DDNS_PROVIDER MY_USERNAME) function logging_on_lychee { echo -n '' } function logging_off_lychee { echo -n '' } function lychee_create_database { if [ -f "${IMAGE_PASSWORD_FILE}" ]; then LYCHEE_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")" else if [ ! "${LYCHEE_ADMIN_PASSWORD}" ]; then LYCHEE_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")" fi fi if [ ! "$LYCHEE_ADMIN_PASSWORD" ]; then return fi function_check create_database create_database lychee "$LYCHEE_ADMIN_PASSWORD" } function remove_user_lychee { remove_username="$1" "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp lychee } function add_user_lychee { if [[ $(app_is_installed lychee) == "0" ]]; then echo '0' return fi new_username="$1" new_user_password="$2" "${PROJECT_NAME}-pass" -u "$new_username" -a lychee -p "$new_user_password" echo '0' } function install_interactive_lychee { if [ ! "$ONION_ONLY" ]; then ONION_ONLY='no' fi if [[ $ONION_ONLY != "no" ]]; then LYCHEE_DOMAIN_NAME='lychee.local' write_config_param "LYCHEE_DOMAIN_NAME" "$LYCHEE_DOMAIN_NAME" else function_check interactive_site_details interactive_site_details "lychee" "LYCHEE_DOMAIN_NAME" "LYCHEE_CODE" fi APP_INSTALLED=1 } function configure_interactive_lychee { function_check get_mariadb_password get_mariadb_password dialog --title $"Lychee Configuration" \ --msgbox $"\\nYou can initially install the system with:\\n\\n Username: root\\n Password: $MARIADB_PASSWORD" 10 70 } function change_password_lychee { # LYCHEE_USERNAME="$1" LYCHEE_PASSWORD="$2" if [ ${#LYCHEE_PASSWORD} -lt 8 ]; then echo $'Lychee password is too short' return fi # TODO: This doesn't actually change the password #${PROJECT_NAME}-pass -u $LYCHEE_USERNAME -a lychee -p "$LYCHEE_PASSWORD" } function reconfigure_lychee { echo -n '' } function upgrade_lychee { CURR_LYCHEE_COMMIT=$(get_completion_param "lychee commit") if [[ "$CURR_LYCHEE_COMMIT" == "$LYCHEE_COMMIT" ]]; then return fi read_config_param "LYCHEE_DOMAIN_NAME" function_check set_repo_commit set_repo_commit /var/www/$LYCHEE_DOMAIN_NAME/htdocs "lychee commit" "$LYCHEE_COMMIT" $LYCHEE_REPO } function backup_local_lychee { LYCHEE_DOMAIN_NAME='lychee.local' if grep -q "lychee domain" "$COMPLETION_FILE"; then LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain") fi lychee_path="/var/www/${LYCHEE_DOMAIN_NAME}/htdocs" if [ -d "$lychee_path" ]; then function_check backup_database_to_usb backup_database_to_usb lychee backup_directory_to_usb "$lychee_path" lychee restart_site fi } function restore_local_lychee { LYCHEE_DOMAIN_NAME='lychee.local' if grep -q "lychee domain" "$COMPLETION_FILE"; then LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain") fi if [ "$LYCHEE_DOMAIN_NAME" ]; then suspend_site "${LYCHEE_DOMAIN_NAME}" function_check lychee_create_database lychee_create_database function_check restore_database restore_database lychee "${LYCHEE_DOMAIN_NAME}" if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb) sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" MARIADB_PASSWORD= fi restart_site chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/" fi } function backup_remote_lychee { LYCHEE_DOMAIN_NAME='lychee.local' if grep -q "lychee domain" "$COMPLETION_FILE"; then LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain") fi temp_backup_dir=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs if [ -d "$temp_backup_dir" ]; then suspend_site "${LYCHEE_DOMAIN_NAME}" backup_database_to_friend lychee backup_directory_to_friend "$temp_backup_dir" lychee restart_site else echo $"Lychee domain specified but not found in /var/www/${LYCHEE_DOMAIN_NAME}" exit 2578 fi } function restore_remote_lychee { LYCHEE_DOMAIN_NAME='lychee.local' if grep -q "lychee domain" "$COMPLETION_FILE"; then LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain") fi suspend_site "${LYCHEE_DOMAIN_NAME}" function_check restore_database_from_friend function_check lychee_create_database lychee_create_database restore_database_from_friend lychee "${LYCHEE_DOMAIN_NAME}" if [ -f "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" ]; then MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb) sed -i "s|dbPassword.*|dbPassword = '$MARIADB_PASSWORD';|g" "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/config.php" MARIADB_PASSWORD= fi restart_site chown -R lychee: "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/" } function remove_lychee { if [ ${#LYCHEE_DOMAIN_NAME} -eq 0 ]; then return fi read_config_param "LYCHEE_DOMAIN_NAME" nginx_dissite "$LYCHEE_DOMAIN_NAME" remove_certs "${LYCHEE_DOMAIN_NAME}" drop_database lychee remove_backup_database_local lychee if [ -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" ]; then rm -f "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" fi if [ -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then rm -rf "/var/www/$LYCHEE_DOMAIN_NAME" fi remove_config_param LYCHEE_DOMAIN_NAME remove_config_param LYCHEE_CODE function_check remove_onion_service remove_onion_service lychee "${LYCHEE_ONION_PORT}" remove_completion_param "install_lychee" sed -i '/Lychee/d' "$COMPLETION_FILE" sed -i '/lychee/d' "$COMPLETION_FILE" function_check remove_ddns_domain remove_ddns_domain "$LYCHEE_DOMAIN_NAME" } function install_lychee_website { function_check nginx_http_redirect nginx_http_redirect "$LYCHEE_DOMAIN_NAME" { echo 'server {'; echo ' listen 443 ssl;'; echo ' #listen [::]:443 ssl;'; echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;"; echo " server_name $LYCHEE_DOMAIN_NAME;"; echo ' access_log /dev/null;'; echo " error_log /dev/null;"; echo ' index index.html;'; echo ' charset utf-8;'; echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" function_check nginx_ssl nginx_ssl "$LYCHEE_DOMAIN_NAME" function_check nginx_security_options nginx_security_options "$LYCHEE_DOMAIN_NAME" { echo ' add_header Strict-Transport-Security "max-age=0;";'; echo ''; echo ' # rewrite to front controller as default rule'; echo ' location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" function_check nginx_limits nginx_limits "$LYCHEE_DOMAIN_NAME" { echo ' }'; echo ''; echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000'; echo ' # or a unix socket'; echo ' location ~* \.php$ {'; echo ' # Zero-day exploit defense.'; echo ' # http://forum.nginx.org/read.php?2,88845,page=3'; echo " # Won't work properly (404 error) if the file is not stored on this"; echo " # server, which is entirely possible with php-fpm/php-fcgi."; echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on"; echo " # another machine. And then cross your fingers that you won't get hacked."; echo " try_files \$uri \$uri/ /index.html;"; echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini'; echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;'; echo ' # With php-cgi alone:'; echo ' # fastcgi_pass 127.0.0.1:9000;'; echo ' # With php-fpm:'; echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; echo ' include fastcgi_params;'; echo ' fastcgi_read_timeout 30;'; echo ' fastcgi_index index.html;'; echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;"; echo ' }'; echo ''; echo ' # deny access to all dot files'; echo ' location ~ /\. {'; echo ' deny all;'; echo ' }'; echo ''; echo ' #deny access to store'; echo ' location ~ /store {'; echo ' deny all;'; echo ' }'; echo ' location ~ /(data|conf|bin|inc)/ {'; echo ' deny all;'; echo ' }'; echo ' location ~ /\.ht {'; echo ' deny all;'; echo ' }'; echo '}'; echo ''; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" } function install_lychee_website_onion { { echo 'server {'; echo " listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;"; echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;"; echo " server_name $LYCHEE_ONION_HOSTNAME;"; echo ' access_log /dev/null;'; echo " error_log /dev/null;"; echo ' index index.html;'; echo ' charset utf-8;'; echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" function_check nginx_security_options nginx_security_options "$LYCHEE_DOMAIN_NAME" { echo ' add_header Strict-Transport-Security "max-age=0;";'; echo ''; echo ' # rewrite to front controller as default rule'; echo ' location / {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" function_check nginx_limits nginx_limits "$LYCHEE_DOMAIN_NAME" { echo ' }'; echo ''; echo ' # block these file types'; echo ' location ~* \.(tpl|md|tgz|log|out)$ {'; echo ' deny all;'; echo ' }'; echo ''; echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000'; echo ' # or a unix socket'; echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" function_check nginx_limits nginx_limits "$LYCHEE_DOMAIN_NAME" { echo ' # Zero-day exploit defense.'; echo ' # http://forum.nginx.org/read.php?2,88845,page=3'; echo " # Won't work properly (404 error) if the file is not stored on this"; echo " # server, which is entirely possible with php-fpm/php-fcgi."; echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on"; echo " # another machine. And then cross your fingers that you won't get hacked."; echo " try_files \$uri \$uri/ /index.html;"; echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini'; echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;'; echo ' # With php-cgi alone:'; echo ' # fastcgi_pass 127.0.0.1:9000;'; echo ' # With php-fpm:'; echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; echo ' include fastcgi_params;'; echo ' fastcgi_read_timeout 30;'; echo ' fastcgi_index index.html;'; echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;"; echo ' }'; echo ''; echo ' # deny access to all dot files'; echo ' location ~ /\. {'; echo ' deny all;'; echo ' }'; echo ''; echo ' #deny access to store'; echo ' location ~ /store {'; echo ' deny all;'; echo ' }'; echo ' location ~ /(data|conf|bin|inc)/ {'; echo ' deny all;'; echo ' }'; echo ' location ~ /\.ht {'; echo ' deny all;'; echo ' }'; echo '}'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" } function install_lychee_from_repo { if [ ! -d "/var/www/$LYCHEE_DOMAIN_NAME" ]; then mkdir "/var/www/$LYCHEE_DOMAIN_NAME" fi cd "/var/www/$LYCHEE_DOMAIN_NAME" || exit 682468246 if [ -d /repos/lychee ]; then mkdir htdocs cp -r -p /repos/lychee/. htdocs cd htdocs || exit 963756345 git pull else git_clone "$LYCHEE_REPO" htdocs fi cd htdocs || exit 1437534858 git checkout "$LYCHEE_COMMIT" -b "$LYCHEE_COMMIT" set_completion_param "lychee commit" "$LYCHEE_COMMIT" } function install_lychee { if [ ! $ONION_ONLY ]; then ONION_ONLY='no' fi if [ ! "$LYCHEE_DOMAIN_NAME" ]; then echo $'The lychee domain name was not specified' exit 543672 fi # for the avatar changing command apt-get -yq install imagemagick exif zip php-mcrypt mcrypt libfcgi0ldbl function_check install_lychee_from_repo install_lychee_from_repo if [[ $ONION_ONLY == "no" ]]; then function_check install_lychee_website install_lychee_website else echo -n '' > "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME" fi LYCHEE_ONION_HOSTNAME=$(add_onion_service lychee 80 ${LYCHEE_ONION_PORT}) function_check install_lychee_website_onion install_lychee_website_onion function_check create_site_certificate create_site_certificate "$LYCHEE_DOMAIN_NAME" 'yes' function_check configure_php configure_php chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/" chmod -R 1777 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/" chown -R www-data:www-data "/var/www/$LYCHEE_DOMAIN_NAME/htdocs" chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html" chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html" chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html" chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html" chmod 755 "/var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore" function_check nginx_ensite nginx_ensite "$LYCHEE_DOMAIN_NAME" function_check install_mariadb install_mariadb function_check get_mariadb_password get_mariadb_password function_check lychee_create_database lychee_create_database systemctl restart mariadb systemctl restart php7.0-fpm systemctl restart nginx "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a lychee -p "$LYCHEE_ADMIN_PASSWORD" function_check add_ddns_domain add_ddns_domain "$LYCHEE_DOMAIN_NAME" set_completion_param "lychee domain" "$LYCHEE_DOMAIN_NAME" APP_INSTALLED=1 } # NOTE: deliberately no exit 0