#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # Blog functions # # License # ======= # # Copyright (C) 2014-2016 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . VARIANTS="full writer" FULLBLOG_DOMAIN_NAME= FULLBLOG_CODE= FULLBLOG_ONION_PORT=8086 FULLBLOG_REPO="https://github.com/danpros/htmly" FULLBLOG_COMMIT='bf5fe9486160be4da86d8987d3e5c977e1dc6d32' MY_BLOG_TITLE="My Blog" MY_BLOG_SUBTITLE="Another ${PROJECT_NAME} Blog" function configure_interactive_blog { data=$(tempfile 2>/dev/null) trap "rm -f $data" 0 1 2 5 15 dialog --title $"Change blog avatar" \ --backtitle $"Freedombone Control Panel" \ --inputbox $"Enter a URL for an image. It should be approximately a square image." 8 75 2>$data sel=$? case $sel in 0) IMAGE_URL=$(<$data) if [ ${#IMAGE_URL} -gt 5 ]; then clear ${PROJECT_NAME}-blog -a $IMAGE_URL if [ "$?" = "0" ]; then dialog --title $"Change blog avatar" \ --msgbox $"Your blog avatar has been changed" 6 40 fi fi ;; esac } function install_interactive_blog { if [ ! $ONION_ONLY ]; then ONION_ONLY='no' fi if grep -q "ONION_ONLY" $CONFIGURATION_FILE; then ONION_ONLY=$(grep "ONION_ONLY" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MY_BLOG_TITLE" $CONFIGURATION_FILE; then MY_BLOG_TITLE=$(grep "MY_BLOG_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then FULLBLOG_DOMAIN_NAME=$(grep "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "FULLBLOG_CODE" $CONFIGURATION_FILE; then FULLBLOG_CODE=$(grep "FULLBLOG_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "DDNS_PROVIDER" $CONFIGURATION_FILE; then DDNS_PROVIDER=$(grep "DDNS_PROVIDER" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if [[ $ONION_ONLY != "no" ]]; then MY_BLOG_TITLE='My Blog' FULLBLOG_DOMAIN_NAME='blog.local' else FULLBLOG_DETAILS_COMPLETE= while [ ! $FULLBLOG_DETAILS_COMPLETE ] do data=$(tempfile 2>/dev/null) trap "rm -f $data" 0 1 2 5 15 if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then dialog --backtitle $"Freedombone Configuration" \ --title $"Blog Configuration" \ --form $"\nPlease enter your blog details:" 11 55 4 \ $"Title:" 1 1 "$(grep 'MY_BLOG_TITLE' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \ $"Domain:" 2 1 "$(grep 'FULLBLOG_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \ $"Code:" 3 1 "$(grep 'FULLBLOG_CODE' temp.cfg | awk -F '=' '{print $2}')" 3 16 33 255 \ 2> $data else dialog --backtitle $"Freedombone Configuration" \ --title $"Blog Configuration" \ --form $"\nPlease enter your blog details:" 11 55 3 \ $"Title:" 1 1 "$(grep 'MY_BLOG_TITLE' temp.cfg | awk -F '=' '{print $2}')" 1 16 33 40 \ $"Domain:" 2 1 "$(grep 'FULLBLOG_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 2 16 33 40 \ 2> $data fi sel=$? case $sel in 1) exit 1;; 255) exit 1;; esac MY_BLOG_TITLE=$(cat $data | sed -n 1p) FULLBLOG_DOMAIN_NAME=$(cat $data | sed -n 2p) if [ $FULLBLOG_DOMAIN_NAME ]; then if [[ $FULLBLOG_DOMAIN_NAME == "$WIKI_DOMAIN_NAME" ]]; then FULLBLOG_DOMAIN_NAME="" fi TEST_DOMAIN_NAME=$FULLBLOG_DOMAIN_NAME validate_domain_name if [[ $TEST_DOMAIN_NAME != $FULLBLOG_DOMAIN_NAME ]]; then FULLBLOG_DOMAIN_NAME= dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50 else if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then FULLBLOG_CODE=$(cat $data | sed -n 3p) validate_freedns_code "$FULLBLOG_CODE" if [ ! $VALID_CODE ]; then FULLBLOG_DOMAIN_NAME= fi fi fi fi if [ $FULLBLOG_DOMAIN_NAME ]; then FULLBLOG_DETAILS_COMPLETE="yes" fi done if grep -q "MY_BLOG_TITLE=" $CONFIGURATION_FILE; then sed -i "s|MY_BLOG_TITLE=.*|MY_BLOG_TITLE=$MY_BLOG_TITLE|g" $CONFIGURATION_FILE else echo "MY_BLOG_TITLE=$MY_BLOG_TITLE" >> $CONFIGURATION_FILE fi if grep -q "FULLBLOG_DOMAIN_NAME=" $CONFIGURATION_FILE; then sed -i "s|FULLBLOG_DOMAIN_NAME=.*|FULLBLOG_DOMAIN_NAME=$FULLBLOG_DOMAIN_NAME|g" $CONFIGURATION_FILE else echo "FULLBLOG_DOMAIN_NAME=$FULLBLOG_DOMAIN_NAME" >> $CONFIGURATION_FILE fi if grep -q "FULLBLOG_CODE=" $CONFIGURATION_FILE; then sed -i "s|FULLBLOG_CODE=.*|FULLBLOG_CODE=$FULLBLOG_CODE|g" $CONFIGURATION_FILE else echo "FULLBLOG_CODE=$FULLBLOG_CODE" >> $CONFIGURATION_FILE fi fi } function change_password_blog { if ! grep -q "Blog domain:" $COMPLETION_FILE; then return echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE fi FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | head -n 1 | awk -F ':' '{print $2}') BLOG_USERNAME="$1" BLOG_PASSWORD="$2" if [ ${#BLOG_PASSWORD} -lt 8 ]; then echo $'Blog password is too short' return fi BLOG_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$BLOG_PASSWORD") if [ ${#BLOG_PASSWORD_HASH} -lt 8 ]; then echo $'Blog admin password could not be hashed' exit 625728 fi sed -i "s|password =.*|password = $BLOG_PASSWORD_HASH|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$BLOG_USERNAME.ini } function reconfigure_blog { echo -n '' } function upgrade_blog { if ! grep -Fxq "install_blog" $COMPLETION_FILE; then return fi function_check set_repo_commit set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO # update blog avatar ${PROJECT_NAME}-blog } function backup_local_blog { FULLBLOG_DOMAIN_NAME='blog' if grep -q "Blog domain" $COMPLETION_FILE; then FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') fi source_directory=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs if [ -d $source_directory ]; then dest_directory=blog echo $"Backing up $source_directory to $dest_directory" function_check suspend_site suspend_site ${FULLBLOG_DOMAIN_NAME} function_check backup_directory_to_usb backup_directory_to_usb $source_directory $dest_directory function_check restart_site restart_site echo $"Backup to $dest_directory complete" fi } function restore_local_blog { FULLBLOG_DOMAIN_NAME='blog' if grep -q "Blog domain" $COMPLETION_FILE; then FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') fi if [ $FULLBLOG_DOMAIN_NAME ]; then echo $"Restoring blog installation" temp_restore_dir=/root/tempblog restore_directory_from_usb $temp_restore_dir blog rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/ if [ ! "$?" = "0" ]; then set_user_permissions backup_unmount_drive exit 593 fi rm -rf $temp_restore_dir if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then echo $"No content directory found after restoring blog" set_user_permissions backup_unmount_drive exit 287 fi chown -R www-data:www-data /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs # Ensure that the bundled SSL cert is being used if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME} fi for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post fi fi done if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem fi fi } function backup_remote_blog { if grep -q "Blog domain" $COMPLETION_FILE; then FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') temp_backup_dir=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs if [ -d $temp_backup_dir ]; then echo $"Backing up blog" backup_directory_to_friend $temp_backup_dir blog echo $"Backup of blog complete" else echo $"Blog domain specified but not found in $temp_backup_dir" exit 2578 fi fi } function restore_remote_blog { if [ -d $SERVER_DIRECTORY/backup/blog ]; then FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}') echo $"Restoring blog installation $FULLBLOG_DOMAIN_NAME" temp_restore_dir=/root/tempblog mkdir $temp_restore_dir function_check restore_directory_from_friend restore_directory_from_friend $temp_restore_dir blog rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/ if [ ! "$?" = "0" ]; then exit 593 fi rm -rf $temp_restore_dir if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then echo $"No content directory found after restoring blog" exit 287 fi # Ensure that the bundled SSL cert is being used if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME} fi for d in /home/*/ ; do USERNAME=$(echo "$d" | awk -F '/' '{print $3}') if [[ $(is_valid_user "$USERNAME") == "1" ]]; then if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post fi fi done if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem fi echo $"Restore of blog complete" fi } function remove_blog { if [[ $(app_is_installed blog) == "0" ]]; then return fi if grep -q "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then FULLBLOG_DOMAIN_NAME=$(grep "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi nginx_dissite $FULLBLOG_DOMAIN_NAME if [ -f /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME ]; then rm -f /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME fi if [ -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then rm -rf /var/www/$FULLBLOG_DOMAIN_NAME fi if [ $FULLBLOG_CODE ]; then if [ -f /usr/bin/dynamicdns ]; then sed -i "/$FULLBLOG_DOMAIN_NAME/d" /usr/bin/dynamicdns sed -i "/$FULLBLOG_CODE/d" /usr/bin/dynamicdns fi fi function_check remove_onion_service remove_onion_service blog ${FULLBLOG_ONION_PORT} sed -i '/install_blog/d' $COMPLETION_FILE sed -i '/Blog .*/d' $COMPLETION_FILE } function get_blog_admin_password { if [ -f /home/$MY_USERNAME/README ]; then if grep -q "Your blog password is" /home/$MY_USERNAME/README; then FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//') fi fi } function install_blog_social_networks { # set social networks if grep -q "social.hubzilla" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini fi if grep -q "social.gnusocial" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROBLOG_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini fi # clear proprietary social network strings sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini sed -i 's|social.google.*|social.google = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini } function install_blog_user { # create a user password function_check get_blog_admin_password get_blog_admin_password if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then if [ -f $IMAGE_PASSWORD_FILE ]; then FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" else FULLBLOG_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" fi echo '' >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README echo $'HTMLy Blog' >> /home/$MY_USERNAME/README echo '==========' >> /home/$MY_USERNAME/README echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README if [[ $ONION_ONLY == 'no' ]]; then echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README fi chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi # create a user FULLBLOG_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$FULLBLOG_ADMIN_PASSWORD") if [ ${#FULLBLOG_ADMIN_PASSWORD_HASH} -lt 8 ]; then echo $'Blog admin password could not be hashed' exit 625728 fi echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini echo "password = $FULLBLOG_ADMIN_PASSWORD_HASH" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini echo 'encryption = password_hash' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini } function install_blog_settings { cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini } function install_blog_website { function_check nginx_http_redirect nginx_http_redirect $FULLBLOG_DOMAIN_NAME echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME function_check nginx_ssl nginx_ssl $FULLBLOG_DOMAIN_NAME function_check nginx_disable_sniffing nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME function_check nginx_limits nginx_limits $FULLBLOG_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME } function install_blog_website_onion { echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME function_check nginx_disable_sniffing nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME function_check nginx_limits nginx_limits $FULLBLOG_DOMAIN_NAME echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME function_check nginx_limits nginx_limits $FULLBLOG_DOMAIN_NAME echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME } function install_blog_from_repo { if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then mkdir /var/www/$FULLBLOG_DOMAIN_NAME fi cd /var/www/$FULLBLOG_DOMAIN_NAME git_clone $FULLBLOG_REPO htdocs cd htdocs git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT if ! grep -q "Blog commit" $COMPLETION_FILE; then echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE else sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE fi } function install_blog { if [[ $(app_is_installed blog) == "1" ]]; then return fi if [ ! $ONION_ONLY ]; then ONION_ONLY='no' fi if grep -q "ONION_ONLY" $CONFIGURATION_FILE; then ONION_ONLY=$(grep "ONION_ONLY" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE; then FULLBLOG_DOMAIN_NAME=$(grep "FULLBLOG_DOMAIN_NAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "FULLBLOG_CODE" $CONFIGURATION_FILE; then FULLBLOG_CODE=$(grep "FULLBLOG_CODE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MY_BLOG_TITLE" $CONFIGURATION_FILE; then MY_BLOG_TITLE=$(grep "MY_BLOG_TITLE" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "DDNS_PROVIDER" $CONFIGURATION_FILE; then DDNS_PROVIDER=$(grep "DDNS_PROVIDER" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if grep -q "MY_USERNAME" $CONFIGURATION_FILE; then MY_USERNAME=$(grep "MY_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi if [ ! $FULLBLOG_DOMAIN_NAME ]; then echo $'The blog domain name was not specified' exit 5062 fi # for the avatar changing command apt-get -y install imagemagick function_check install_blog_from_repo install_blog_from_repo if [[ $ONION_ONLY == "no" ]]; then function_check install_blog_website install_blog_website else echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME fi function_check install_blog_website_onion install_blog_website_onion function_check create_site_certificate create_site_certificate $FULLBLOG_DOMAIN_NAME 'yes' function_check configure_php configure_php function_check install_blog_settings install_blog_settings function_check install_blog_social_networks install_blog_social_networks function_check install_blog_user install_blog_user chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT}) function_check nginx_ensite nginx_ensite $FULLBLOG_DOMAIN_NAME systemctl restart php5-fpm systemctl restart nginx if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README echo '' >> /home/$MY_USERNAME/README chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README chmod 600 /home/$MY_USERNAME/README fi function_check add_ddns_domain add_ddns_domain $FULLBLOG_DOMAIN_NAME if ! grep -q "Blog domain:" $COMPLETION_FILE; then echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE fi install_completed blog } # NOTE: deliberately no exit 0