diff --git a/src/freedombone b/src/freedombone index e100aaa8..d879756b 100755 --- a/src/freedombone +++ b/src/freedombone @@ -232,8 +232,6 @@ OWNCLOUD_DOMAIN_NAME= OWNCLOUD_CODE= OWNCLOUD_ONION_PORT=8088 OWNCLOUD_ADMIN_PASSWORD= -OWNCLOUD_MUSIC_APP_REPO="https://github.com/owncloud/music" -OWNCLOUD_MUSIC_APP_COMMIT='0c0e1fadbe31a43f9c98d6a2a7b3960ff881ca0e' OWNCLOUD_PATH=/var/www/owncloud OWNCLOUD_UPGRADE_PATH=/root/owncloud_upgrade @@ -1134,9 +1132,6 @@ function read_configuration { if grep -q "GPGIT_COMMIT" $CONFIGURATION_FILE; then GPGIT_COMMIT=$(grep "GPGIT_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi - if grep -q "OWNCLOUD_MUSIC_APP_COMMIT" $CONFIGURATION_FILE; then - OWNCLOUD_MUSIC_APP_COMMIT=$(grep "OWNCLOUD_MUSIC_APP_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}') - fi if grep -q "HUBZILLA_REPO" $CONFIGURATION_FILE; then HUBZILLA_REPO=$(grep "HUBZILLA_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}') fi @@ -6392,50 +6387,6 @@ function repair_databases_script { echo 'repair_databases_script' >> $COMPLETION_FILE } -function install_owncloud_repo_music_app { - if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - - if ! grep -Fxq "install_owncloud_official_deb" $COMPLETION_FILE; then - echo $'Tried to install the Owncloud music app, but Owncloud installation was not found' - exit 9823 - fi - - # update to the next commit - set_repo_commit $OWNCLOUD_PATH/apps/music "Owncloud music app commit" "$OWNCLOUD_MUSIC_APP_COMMIT" $OWNCLOUD_MUSIC_APP_REPO - - if grep -Fxq "install_owncloud_repo_music_app" $COMPLETION_FILE; then - return - fi - - cd $OWNCLOUD_PATH/apps - git_clone $OWNCLOUD_MUSIC_APP_REPO Music - cd $OWNCLOUD_PATH/apps/Music - git checkout $OWNCLOUD_MUSIC_APP_COMMIT -b $OWNCLOUD_MUSIC_APP_COMMIT - if ! grep -q "Owncloud music app commit" $COMPLETION_FILE; then - echo "Owncloud music app commit:$OWNCLOUD_MUSIC_APP_COMMIT" >> $COMPLETION_FILE - else - sed -i "s/Owncloud music app commit.*/Owncloud music app commit:$OWNCLOUD_MUSIC_APP_COMMIT/g" $COMPLETION_FILE - fi - - if grep -q $"Music player in Owncloud" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'Music player in Owncloud' >> /home/$MY_USERNAME/README - echo '========================' >> /home/$MY_USERNAME/README - echo $'To enable the music app within ouwncloud log in to the Owncloud' >> /home/$MY_USERNAME/README - echo $'administrator account then go to Apps on the left hand dropdown' >> /home/$MY_USERNAME/README - echo $'menu and enable the music app. You can then log out and log back' >> /home/$MY_USERNAME/README - echo $'in as your Owncloud user and select music from the left hand' >> /home/$MY_USERNAME/README - echo $'dropdown menu.' >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi - - echo 'install_owncloud_repo_music_app' >> $COMPLETION_FILE -} - function add_ddns_domain { if [[ $ONION_ONLY != "no" ]]; then return @@ -6570,7 +6521,6 @@ function install_owncloud_official_deb { OWNCLOUD_COMPLETION_MSG2=$"Open $OWNCLOUD_DOMAIN_NAME in a web browser to complete the setup" if grep -Fxq "install_owncloud_official_deb" $COMPLETION_FILE; then if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then - install_owncloud_repo_music_app backup_to_friends_servers intrusion_detection split_gpg_key_into_fragments @@ -6865,7 +6815,6 @@ function install_owncloud_official_deb { echo 'install_owncloud_official_deb' >> $COMPLETION_FILE if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then - install_owncloud_repo_music_app backup_to_friends_servers intrusion_detection split_gpg_key_into_fragments @@ -7667,477 +7616,477 @@ function install_watchdog_script { return fi echo '#!/bin/bash' > /usr/bin/$WATCHDOG_SCRIPT_NAME -echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME -echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME -# application specific stuff is added later -chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + # application specific stuff is added later + chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME -if ! grep -q "/usr/bin/$WATCHDOG_SCRIPT_NAME" /etc/crontab; then - echo "* * * * * root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> /etc/crontab -fi + if ! grep -q "/usr/bin/$WATCHDOG_SCRIPT_NAME" /etc/crontab; then + echo "* * * * * root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> /etc/crontab + fi -echo 'install_watchdog_script' >> $COMPLETION_FILE + echo 'install_watchdog_script' >> $COMPLETION_FILE } - function install_irc_client { - if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "install_irc_client" $COMPLETION_FILE; then - return - fi - apt-get -y install irssi +function install_irc_client { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "install_irc_client" $COMPLETION_FILE; then + return + fi + apt-get -y install irssi - if [ ! -d /home/$MY_USERNAME/.irssi ]; then - mkdir /home/$MY_USERNAME/.irssi - fi + if [ ! -d /home/$MY_USERNAME/.irssi ]; then + mkdir /home/$MY_USERNAME/.irssi + fi - echo 'servers = (' > /home/$MY_USERNAME/.irssi/config - echo ' {' >> /home/$MY_USERNAME/.irssi/config - echo ' address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config - echo ' chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config - echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config - echo ' autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config - echo ' },' >> /home/$MY_USERNAME/.irssi/config - echo ' {' >> /home/$MY_USERNAME/.irssi/config - echo ' address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config - echo ' chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config - echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config - echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config - echo ' },' >> /home/$MY_USERNAME/.irssi/config - echo ' {' >> /home/$MY_USERNAME/.irssi/config - echo " address = \"${DEFAULT_DOMAIN_NAME}\";" >> /home/$MY_USERNAME/.irssi/config - echo ' chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config - echo " port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config - echo ' use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config - echo ' ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config - echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config - echo ' }' >> /home/$MY_USERNAME/.irssi/config - echo ');' >> /home/$MY_USERNAME/.irssi/config - echo '' >> /home/$MY_USERNAME/.irssi/config - echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config - echo ' Freedombone = {' >> /home/$MY_USERNAME/.irssi/config - echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' };' >> /home/$MY_USERNAME/.irssi/config - echo ' Freenode = {' >> /home/$MY_USERNAME/.irssi/config - echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' };' >> /home/$MY_USERNAME/.irssi/config - echo ' OFTC = {' >> /home/$MY_USERNAME/.irssi/config - echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config - echo ' };' >> /home/$MY_USERNAME/.irssi/config - echo '};' >> /home/$MY_USERNAME/.irssi/config - echo '' >> /home/$MY_USERNAME/.irssi/config - echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config - echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config - echo ');' >> /home/$MY_USERNAME/.irssi/config - echo '' >> /home/$MY_USERNAME/.irssi/config - echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config - echo " core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config - echo ' "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config - echo '};' >> /home/$MY_USERNAME/.irssi/config - echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config + echo 'servers = (' > /home/$MY_USERNAME/.irssi/config + echo ' {' >> /home/$MY_USERNAME/.irssi/config + echo ' address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config + echo ' chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config + echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config + echo ' autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config + echo ' },' >> /home/$MY_USERNAME/.irssi/config + echo ' {' >> /home/$MY_USERNAME/.irssi/config + echo ' address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config + echo ' chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config + echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config + echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config + echo ' },' >> /home/$MY_USERNAME/.irssi/config + echo ' {' >> /home/$MY_USERNAME/.irssi/config + echo " address = \"${DEFAULT_DOMAIN_NAME}\";" >> /home/$MY_USERNAME/.irssi/config + echo ' chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config + echo " port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config + echo ' use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config + echo ' ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config + echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config + echo ' }' >> /home/$MY_USERNAME/.irssi/config + echo ');' >> /home/$MY_USERNAME/.irssi/config + echo '' >> /home/$MY_USERNAME/.irssi/config + echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config + echo ' Freedombone = {' >> /home/$MY_USERNAME/.irssi/config + echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' };' >> /home/$MY_USERNAME/.irssi/config + echo ' Freenode = {' >> /home/$MY_USERNAME/.irssi/config + echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' };' >> /home/$MY_USERNAME/.irssi/config + echo ' OFTC = {' >> /home/$MY_USERNAME/.irssi/config + echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config + echo ' };' >> /home/$MY_USERNAME/.irssi/config + echo '};' >> /home/$MY_USERNAME/.irssi/config + echo '' >> /home/$MY_USERNAME/.irssi/config + echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config + echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config + echo ');' >> /home/$MY_USERNAME/.irssi/config + echo '' >> /home/$MY_USERNAME/.irssi/config + echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config + echo " core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config + echo ' "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config + echo '};' >> /home/$MY_USERNAME/.irssi/config + echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config - chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi + chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi - echo 'install_irc_client' >> $COMPLETION_FILE - } + echo 'install_irc_client' >> $COMPLETION_FILE +} - function install_irc_server { - if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - return - fi - if grep -Fxq "install_irc_server" $COMPLETION_FILE; then - return - fi - apt-get -y install ngircd +function install_irc_server { + if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + return + fi + if grep -Fxq "install_irc_server" $COMPLETION_FILE; then + return + fi + apt-get -y install ngircd - if [ ! -d /etc/ngircd ]; then - echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE" - exit 53 - fi + if [ ! -d /etc/ngircd ]; then + echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE" + exit 53 + fi - if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then - ${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH - check_certificates ngircd - fi + if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then + ${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH + check_certificates ngircd + fi - DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME - if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local" - fi + DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME + if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local" + fi - echo '**************************************************' > /etc/ngircd/motd - echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd - echo '* *' >> /etc/ngircd/motd - echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd - echo '**************************************************' >> /etc/ngircd/motd - sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf - sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf - sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf - sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf - sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf - sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf - sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf - sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf - sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf - if [[ $ONION_ONLY != 'yes' ]]; then - sed -i "s/;Ports =.*/;Ports = $IRC_PORT, $IRC_ONION_PORT/1" /etc/ngircd/ngircd.conf - else - sed -i "s/;Ports =.*/Ports = $IRC_PORT, $IRC_ONION_PORT/1" /etc/ngircd/ngircd.conf - fi - sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf - sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf - sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf - sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf - sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf - IRC_SALT="$(openssl rand -base64 32 | cut -c1-30)" - if [ -f $IMAGE_PASSWORD_FILE ]; then - IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - IRC_OPERATOR_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)" - fi - sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf - sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf - sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf - sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf - sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf - sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf - sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf - if [ $IRC_PASSWORD ]; then - sed -i "0,/RE/s/Password =.*/Password = $IRC_PASSWORD/" /etc/ngircd/ngircd.conf - fi - # If we are on a mesh then DNS is not available - if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then - sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf - fi - # upgrade a cypher - sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf - mkdir /var/run/ircd - chown -R irc:irc /var/run/ircd - mkdir /var/run/ngircd - touch /var/run/ngircd/ngircd.pid - chown -R irc:irc /var/run/ngircd + echo '**************************************************' > /etc/ngircd/motd + echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd + echo '* *' >> /etc/ngircd/motd + echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd + echo '**************************************************' >> /etc/ngircd/motd + sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf + sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf + sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf + sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf + sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf + sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf + sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf + sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf + sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf + if [[ $ONION_ONLY != 'yes' ]]; then + sed -i "s/;Ports =.*/;Ports = $IRC_PORT, $IRC_ONION_PORT/1" /etc/ngircd/ngircd.conf + else + sed -i "s/;Ports =.*/Ports = $IRC_PORT, $IRC_ONION_PORT/1" /etc/ngircd/ngircd.conf + fi + sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf + sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf + sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf + sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf + sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf + IRC_SALT="$(openssl rand -base64 32 | cut -c1-30)" + if [ -f $IMAGE_PASSWORD_FILE ]; then + IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + IRC_OPERATOR_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)" + fi + sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf + sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf + sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf + sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf + sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf + sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf + sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf + if [ $IRC_PASSWORD ]; then + sed -i "0,/RE/s/Password =.*/Password = $IRC_PASSWORD/" /etc/ngircd/ngircd.conf + fi + # If we are on a mesh then DNS is not available + if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then + sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf + fi + # upgrade a cypher + sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf + mkdir /var/run/ircd + chown -R irc:irc /var/run/ircd + mkdir /var/run/ngircd + touch /var/run/ngircd/ngircd.pid + chown -R irc:irc /var/run/ngircd - IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT}) - if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then - echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE - fi + IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT}) + if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then + echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE + fi - systemctl restart ngircd + systemctl restart ngircd - # keep the daemon running - echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo ' systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + # keep the daemon running + echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME + echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME - if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then - echo '' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - echo $'IRC Server' >> /home/$MY_USERNAME/README - echo '==========' >> /home/$MY_USERNAME/README - echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README - echo '' >> /home/$MY_USERNAME/README - if [[ $ONION_ONLY != 'yes' ]]; then - echo " irssi" >> /home/$MY_USERNAME/README - echo " /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README - echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README - else - echo " usetorwith irssi" >> /home/$MY_USERNAME/README - echo " /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README - echo " /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README - fi - echo " /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README - chmod 600 /home/$MY_USERNAME/README - fi + if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then + echo '' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + echo $'IRC Server' >> /home/$MY_USERNAME/README + echo '==========' >> /home/$MY_USERNAME/README + echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README + echo '' >> /home/$MY_USERNAME/README + if [[ $ONION_ONLY != 'yes' ]]; then + echo " irssi" >> /home/$MY_USERNAME/README + echo " /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README + echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README + else + echo " usetorwith irssi" >> /home/$MY_USERNAME/README + echo " /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README + echo " /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README + fi + echo " /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README + chmod 600 /home/$MY_USERNAME/README + fi - echo 'install_irc_server' >> $COMPLETION_FILE - } + echo 'install_irc_server' >> $COMPLETION_FILE +} - function get_wiki_admin_password { - if [ -f /home/$MY_USERNAME/README ]; then - if grep -q "Wiki password" /home/$MY_USERNAME/README; then - WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//') - fi - fi - } +function get_wiki_admin_password { + if [ -f /home/$MY_USERNAME/README ]; then + if grep -q "Wiki password" /home/$MY_USERNAME/README; then + WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//') + fi + fi +} - function install_wiki { - if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MASH" ]]; then - return - fi - if grep -Fxq "install_wiki" $COMPLETION_FILE; then - return - fi - if [ ! $WIKI_DOMAIN_NAME ]; then - return - fi - apt-get -y install dokuwiki - apt-get -y remove --purge apache* - if [ -d /etc/apache2 ]; then - rm -rf /etc/apache2 - echo $'Removed Apache installation after Dokuwiki install' - fi +function install_wiki { + if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MASH" ]]; then + return + fi + if grep -Fxq "install_wiki" $COMPLETION_FILE; then + return + fi + if [ ! $WIKI_DOMAIN_NAME ]; then + return + fi + apt-get -y install dokuwiki + apt-get -y remove --purge apache* + if [ -d /etc/apache2 ]; then + rm -rf /etc/apache2 + echo $'Removed Apache installation after Dokuwiki install' + fi - if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then - mkdir /var/www/$WIKI_DOMAIN_NAME - fi - if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then - rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs - fi + if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then + mkdir /var/www/$WIKI_DOMAIN_NAME + fi + if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then + rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs + fi - ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs + ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs - mkdir /var/lib/dokuwiki/custom - cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php - ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php + mkdir /var/lib/dokuwiki/custom + cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php + ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php - chown www-data /var/lib/dokuwiki/custom - chown www-data /var/lib/dokuwiki/custom/local.php - chown -R www-data /etc/dokuwiki - chown -R www-data /usr/share/dokuwiki/lib/ - chmod 600 /var/lib/dokuwiki/custom/local.php - chmod -R 755 /usr/share/dokuwiki/lib + chown www-data /var/lib/dokuwiki/custom + chown www-data /var/lib/dokuwiki/custom/local.php + chown -R www-data /etc/dokuwiki + chown -R www-data /usr/share/dokuwiki/lib/ + chmod 600 /var/lib/dokuwiki/custom/local.php + chmod -R 755 /usr/share/dokuwiki/lib - sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php - sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php + sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php + sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php - sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php + sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php - # set the admin user - sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php + # set the admin user + sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php - # disallow registration of new users - if ! grep -q "disableactions" /etc/dokuwiki/local.php; then - echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php - fi - if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then - echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php - fi + # disallow registration of new users + if ! grep -q "disableactions" /etc/dokuwiki/local.php; then + echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php + fi + if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then + echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php + fi - if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then - echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php - fi - if ! grep -q "authtype" /etc/dokuwiki/local.php; then - echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php - fi + if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then + echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php + fi + if ! grep -q "authtype" /etc/dokuwiki/local.php; then + echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php + fi - get_wiki_admin_password - if [ ! $WIKI_ADMIN_PASSWORD ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" - else - WIKI_ADMIN_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)" - fi - fi - HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}') - echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php - chmod 640 /var/lib/dokuwiki/acl/users.auth.php + get_wiki_admin_password + if [ ! $WIKI_ADMIN_PASSWORD ]; then + if [ -f $IMAGE_PASSWORD_FILE ]; then + WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + WIKI_ADMIN_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)" + fi + fi + HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}') + echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php + chmod 640 /var/lib/dokuwiki/acl/users.auth.php - if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then - echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf - fi - if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then - echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf - fi - if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then - echo 'webm video/webm' >> /etc/dokuwiki/mime.conf - fi + if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then + echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf + fi + if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then + echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf + fi + if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then + echo 'webm video/webm' >> /etc/dokuwiki/mime.conf + fi - WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT}) + WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT}) - if [[ $ONION_ONLY == "no" ]]; then - echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - nginx_disable_sniffing $WIKI_DOMAIN_NAME - nginx_limits $WIKI_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - nginx_limits $WIKI_DOMAIN_NAME - nginx_ssl $WIKI_DOMAIN_NAME - nginx_disable_sniffing $WIKI_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - else - echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - fi - echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - nginx_limits $WIKI_DOMAIN_NAME - nginx_disable_sniffing $WIKI_DOMAIN_NAME - echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME - echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + if [[ $ONION_ONLY == "no" ]]; then + echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + nginx_disable_sniffing $WIKI_DOMAIN_NAME + nginx_limits $WIKI_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + nginx_limits $WIKI_DOMAIN_NAME + nginx_ssl $WIKI_DOMAIN_NAME + nginx_disable_sniffing $WIKI_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + else + echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + fi + echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + nginx_limits $WIKI_DOMAIN_NAME + nginx_disable_sniffing $WIKI_DOMAIN_NAME + echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME + echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME @@ -10841,7 +10790,6 @@ install_web_server install_web_server_access_control configure_firewall_for_web_server install_owncloud_official_deb -install_owncloud_repo_music_app upgrade_golang install_gogs install_xmpp