diff --git a/src/freedombone-app-matrix b/src/freedombone-app-matrix index ab91e66e..1d73f259 100755 --- a/src/freedombone-app-matrix +++ b/src/freedombone-app-matrix @@ -59,111 +59,113 @@ function matrix_nginx { # append the matrix server to the web site config matrix_nginx_site=/etc/nginx/sites-available/$DEFAULT_DOMAIN_NAME - if [[ $ONION_ONLY == "no" ]]; then - echo '# Matrix Server' >> $matrix_nginx_site + if ! grep "# End of Matrix Server" $matrix_nginx_site; then + if [[ $ONION_ONLY == "no" ]]; then + echo '# Matrix Server' >> $matrix_nginx_site + echo 'server {' >> $matrix_nginx_site + echo " listen ${MATRIX_HTTP_PORT} ssl;" >> $matrix_nginx_site + echo " listen [::]:${MATRIX_HTTP_PORT} ssl;" >> $matrix_nginx_site + echo " server_name ${DEFAULT_DOMAIN_NAME};" >> $matrix_nginx_site + echo '' >> $matrix_nginx_site + echo ' # Security' >> $matrix_nginx_site + function_check nginx_ssl + nginx_ssl ${DEFAULT_DOMAIN_NAME} + + function_check nginx_disable_sniffing + nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME} + + echo ' add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site + echo '' >> $matrix_nginx_site + echo ' # Logs' >> $matrix_nginx_site + echo ' access_log /dev/null;' >> $matrix_nginx_site + echo ' error_log /dev/null;' >> $matrix_nginx_site + echo '' >> $matrix_nginx_site + echo ' # Index' >> $matrix_nginx_site + echo ' index index.html;' >> $matrix_nginx_site + echo '' >> $matrix_nginx_site + echo ' # Location' >> $matrix_nginx_site + echo ' location / {' >> $matrix_nginx_site + function_check nginx_limits + nginx_limits ${DEFAULT_DOMAIN_NAME} '15m' + echo " proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site + echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site + echo ' }' >> $matrix_nginx_site + echo '}' >> $matrix_nginx_site + echo '' >> $matrix_nginx_site + echo 'server {' >> $matrix_nginx_site + echo " listen ${MATRIX_ID_HTTP_PORT} ssl;" >> $matrix_nginx_site + echo " listen [::]:${MATRIX_ID_HTTP_PORT} ssl;" >> $matrix_nginx_site + echo " server_name ${DEFAULT_DOMAIN_NAME};" >> $matrix_nginx_site + echo '' >> $matrix_nginx_site + echo ' # Security' >> $matrix_nginx_site + function_check nginx_ssl + nginx_ssl ${DEFAULT_DOMAIN_NAME} + + function_check nginx_disable_sniffing + nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME} + + echo ' add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site + echo '' >> $matrix_nginx_site + echo ' # Logs' >> $matrix_nginx_site + echo ' access_log /dev/null;' >> $matrix_nginx_site + echo ' error_log /dev/null;' >> $matrix_nginx_site + echo '' >> $matrix_nginx_site + echo ' # Index' >> $matrix_nginx_site + echo ' index index.html;' >> $matrix_nginx_site + echo '' >> $matrix_nginx_site + echo ' # Location' >> $matrix_nginx_site + echo ' location / {' >> $matrix_nginx_site + function_check nginx_limits + nginx_limits ${DEFAULT_DOMAIN_NAME} '15m' + echo " proxy_pass http://localhost:${MATRIX_ID_PORT};" >> $matrix_nginx_site + echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site + echo ' }' >> $matrix_nginx_site + echo '}' >> $matrix_nginx_site + echo '' >> $matrix_nginx_site + else + echo '# Matrix Server' >> $matrix_nginx_site + fi echo 'server {' >> $matrix_nginx_site - echo " listen ${MATRIX_HTTP_PORT} ssl;" >> $matrix_nginx_site - echo " listen [::]:${MATRIX_HTTP_PORT} ssl;" >> $matrix_nginx_site - echo " server_name ${DEFAULT_DOMAIN_NAME};" >> $matrix_nginx_site + echo " listen 127.0.0.1:$MATRIX_ONION_PORT default_server;" >> $matrix_nginx_site + echo " server_name $DEFAULT_DOMAIN_NAME;" >> $matrix_nginx_site echo '' >> $matrix_nginx_site - echo ' # Security' >> $matrix_nginx_site - function_check nginx_ssl - nginx_ssl ${DEFAULT_DOMAIN_NAME} - function_check nginx_disable_sniffing - nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME} - - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site + nginx_disable_sniffing $DEFAULT_DOMAIN_NAME echo '' >> $matrix_nginx_site echo ' # Logs' >> $matrix_nginx_site echo ' access_log /dev/null;' >> $matrix_nginx_site echo ' error_log /dev/null;' >> $matrix_nginx_site echo '' >> $matrix_nginx_site - echo ' # Index' >> $matrix_nginx_site - echo ' index index.html;' >> $matrix_nginx_site - echo '' >> $matrix_nginx_site echo ' # Location' >> $matrix_nginx_site echo ' location / {' >> $matrix_nginx_site function_check nginx_limits - nginx_limits ${DEFAULT_DOMAIN_NAME} '15m' + nginx_limits $DEFAULT_DOMAIN_NAME '15m' echo " proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site echo ' }' >> $matrix_nginx_site echo '}' >> $matrix_nginx_site echo '' >> $matrix_nginx_site echo 'server {' >> $matrix_nginx_site - echo " listen ${MATRIX_ID_HTTP_PORT} ssl;" >> $matrix_nginx_site - echo " listen [::]:${MATRIX_ID_HTTP_PORT} ssl;" >> $matrix_nginx_site - echo " server_name ${DEFAULT_DOMAIN_NAME};" >> $matrix_nginx_site + echo " listen 127.0.0.1:$MATRIX_ID_ONION_PORT default_server;" >> $matrix_nginx_site + echo " server_name $DEFAULT_DOMAIN_NAME;" >> $matrix_nginx_site echo '' >> $matrix_nginx_site - echo ' # Security' >> $matrix_nginx_site - function_check nginx_ssl - nginx_ssl ${DEFAULT_DOMAIN_NAME} - function_check nginx_disable_sniffing - nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME} - - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site + nginx_disable_sniffing $DEFAULT_DOMAIN_NAME echo '' >> $matrix_nginx_site echo ' # Logs' >> $matrix_nginx_site echo ' access_log /dev/null;' >> $matrix_nginx_site echo ' error_log /dev/null;' >> $matrix_nginx_site echo '' >> $matrix_nginx_site - echo ' # Index' >> $matrix_nginx_site - echo ' index index.html;' >> $matrix_nginx_site - echo '' >> $matrix_nginx_site echo ' # Location' >> $matrix_nginx_site echo ' location / {' >> $matrix_nginx_site function_check nginx_limits - nginx_limits ${DEFAULT_DOMAIN_NAME} '15m' + nginx_limits $DEFAULT_DOMAIN_NAME '15m' echo " proxy_pass http://localhost:${MATRIX_ID_PORT};" >> $matrix_nginx_site echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site echo ' }' >> $matrix_nginx_site echo '}' >> $matrix_nginx_site - echo '' >> $matrix_nginx_site - else - echo '# Matrix Server' >> $matrix_nginx_site + echo '# End of Matrix Server' >> $matrix_nginx_site fi - echo 'server {' >> $matrix_nginx_site - echo " listen 127.0.0.1:$MATRIX_ONION_PORT default_server;" >> $matrix_nginx_site - echo " server_name $DEFAULT_DOMAIN_NAME;" >> $matrix_nginx_site - echo '' >> $matrix_nginx_site - function_check nginx_disable_sniffing - nginx_disable_sniffing $DEFAULT_DOMAIN_NAME - echo '' >> $matrix_nginx_site - echo ' # Logs' >> $matrix_nginx_site - echo ' access_log /dev/null;' >> $matrix_nginx_site - echo ' error_log /dev/null;' >> $matrix_nginx_site - echo '' >> $matrix_nginx_site - echo ' # Location' >> $matrix_nginx_site - echo ' location / {' >> $matrix_nginx_site - function_check nginx_limits - nginx_limits $DEFAULT_DOMAIN_NAME '15m' - echo " proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site - echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site - echo ' }' >> $matrix_nginx_site - echo '}' >> $matrix_nginx_site - echo '' >> $matrix_nginx_site - echo 'server {' >> $matrix_nginx_site - echo " listen 127.0.0.1:$MATRIX_ID_ONION_PORT default_server;" >> $matrix_nginx_site - echo " server_name $DEFAULT_DOMAIN_NAME;" >> $matrix_nginx_site - echo '' >> $matrix_nginx_site - function_check nginx_disable_sniffing - nginx_disable_sniffing $DEFAULT_DOMAIN_NAME - echo '' >> $matrix_nginx_site - echo ' # Logs' >> $matrix_nginx_site - echo ' access_log /dev/null;' >> $matrix_nginx_site - echo ' error_log /dev/null;' >> $matrix_nginx_site - echo '' >> $matrix_nginx_site - echo ' # Location' >> $matrix_nginx_site - echo ' location / {' >> $matrix_nginx_site - function_check nginx_limits - nginx_limits $DEFAULT_DOMAIN_NAME '15m' - echo " proxy_pass http://localhost:${MATRIX_ID_PORT};" >> $matrix_nginx_site - echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site - echo ' }' >> $matrix_nginx_site - echo '}' >> $matrix_nginx_site - echo '# End of Matrix Server' >> $matrix_nginx_site systemctl restart nginx systemctl restart turn diff --git a/src/freedombone-utils-turn b/src/freedombone-utils-turn index 528341f4..3324ca82 100755 --- a/src/freedombone-utils-turn +++ b/src/freedombone-utils-turn @@ -65,61 +65,63 @@ function install_turn { # append the matrix server to the web site config turn_nginx_site=/etc/nginx/sites-available/$DEFAULT_DOMAIN_NAME - if [[ $ONION_ONLY == "no" ]]; then - echo '# TURN Server' >> $turn_nginx_site + if ! grep "# End of TURN Server" $turn_nginx_site; then + if [[ $ONION_ONLY == "no" ]]; then + echo '# TURN Server' >> $turn_nginx_site + echo 'server {' >> $turn_nginx_site + echo " listen ${TURN_HTTP_PORT} ssl;" >> $turn_nginx_site + echo " listen [::]:${TURN_HTTP_PORT} ssl;" >> $turn_nginx_site + echo " server_name ${DEFAULT_DOMAIN_NAME};" >> $turn_nginx_site + echo '' >> $turn_nginx_site + echo ' # Security' >> $turn_nginx_site + function_check nginx_ssl + nginx_ssl ${DEFAULT_DOMAIN_NAME} + + function_check nginx_disable_sniffing + nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME} + + echo ' add_header Strict-Transport-Security max-age=15768000;' >> $turn_nginx_site + echo '' >> $turn_nginx_site + echo ' # Logs' >> $turn_nginx_site + echo ' access_log /dev/null;' >> $turn_nginx_site + echo ' error_log /dev/null;' >> $turn_nginx_site + echo '' >> $turn_nginx_site + echo ' # Index' >> $turn_nginx_site + echo ' index index.html;' >> $turn_nginx_site + echo '' >> $turn_nginx_site + echo ' # Location' >> $turn_nginx_site + echo ' location / {' >> $turn_nginx_site + function_check nginx_limits + nginx_limits ${DEFAULT_DOMAIN_NAME} '15m' + echo " proxy_pass http://localhost:${TURN_PORT};" >> $turn_nginx_site + echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $turn_nginx_site + echo ' }' >> $turn_nginx_site + echo '}' >> $turn_nginx_site + echo '' >> $turn_nginx_site + else + echo '# TURN Server' >> $turn_nginx_site + fi echo 'server {' >> $turn_nginx_site - echo " listen ${TURN_HTTP_PORT} ssl;" >> $turn_nginx_site - echo " listen [::]:${TURN_HTTP_PORT} ssl;" >> $turn_nginx_site - echo " server_name ${DEFAULT_DOMAIN_NAME};" >> $turn_nginx_site + echo " listen 127.0.0.1:$TURN_ONION_PORT default_server;" >> $turn_nginx_site + echo " server_name $DEFAULT_DOMAIN_NAME;" >> $turn_nginx_site echo '' >> $turn_nginx_site - echo ' # Security' >> $turn_nginx_site - function_check nginx_ssl - nginx_ssl ${DEFAULT_DOMAIN_NAME} - function_check nginx_disable_sniffing - nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME} - - echo ' add_header Strict-Transport-Security max-age=15768000;' >> $turn_nginx_site + nginx_disable_sniffing $DEFAULT_DOMAIN_NAME echo '' >> $turn_nginx_site echo ' # Logs' >> $turn_nginx_site echo ' access_log /dev/null;' >> $turn_nginx_site echo ' error_log /dev/null;' >> $turn_nginx_site echo '' >> $turn_nginx_site - echo ' # Index' >> $turn_nginx_site - echo ' index index.html;' >> $turn_nginx_site - echo '' >> $turn_nginx_site echo ' # Location' >> $turn_nginx_site echo ' location / {' >> $turn_nginx_site function_check nginx_limits - nginx_limits ${DEFAULT_DOMAIN_NAME} '15m' + nginx_limits $DEFAULT_DOMAIN_NAME '15m' echo " proxy_pass http://localhost:${TURN_PORT};" >> $turn_nginx_site echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $turn_nginx_site echo ' }' >> $turn_nginx_site echo '}' >> $turn_nginx_site - echo '' >> $turn_nginx_site - else - echo '# TURN Server' >> $turn_nginx_site + echo '# End of TURN Server' >> $turn_nginx_site fi - echo 'server {' >> $turn_nginx_site - echo " listen 127.0.0.1:$TURN_ONION_PORT default_server;" >> $turn_nginx_site - echo " server_name $DEFAULT_DOMAIN_NAME;" >> $turn_nginx_site - echo '' >> $turn_nginx_site - function_check nginx_disable_sniffing - nginx_disable_sniffing $DEFAULT_DOMAIN_NAME - echo '' >> $turn_nginx_site - echo ' # Logs' >> $turn_nginx_site - echo ' access_log /dev/null;' >> $turn_nginx_site - echo ' error_log /dev/null;' >> $turn_nginx_site - echo '' >> $turn_nginx_site - echo ' # Location' >> $turn_nginx_site - echo ' location / {' >> $turn_nginx_site - function_check nginx_limits - nginx_limits $DEFAULT_DOMAIN_NAME '15m' - echo " proxy_pass http://localhost:${TURN_PORT};" >> $turn_nginx_site - echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $turn_nginx_site - echo ' }' >> $turn_nginx_site - echo '}' >> $turn_nginx_site - echo '# End of TURN Server' >> $turn_nginx_site export DEBIAN_FRONTEND=noninteractive apt-get -yq install coreutils coturn \