free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'stretch' of https://github.com/bashrc/freedombone

This commit is contained in:
Bob Mottram 2018-03-06 17:27:11 +00:00
parent 2e07c45147 782b57c565
commit 5cb6466f87
37 changed files with 161 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/freedombone-app-akaunting
View File

@ -372,8 +372,8 @@ function install_akaunting {
function_check nginx_ssl
nginx_ssl "$AKAUNTING_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$AKAUNTING_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -415,8 +415,8 @@ function install_akaunting {
function_check nginx_compress
nginx_compress "$AKAUNTING_DOMAIN_NAME"
echo '' >> "$akaunting_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$AKAUNTING_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$AKAUNTING_DOMAIN_NAME"
{ echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';

8
src/freedombone-app-dokuwiki
View File

@ -380,8 +380,8 @@ function install_dokuwiki {
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl "$DOKUWIKI_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$DOKUWIKI_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' # rewrite to front controller as default rule';
@ -458,8 +458,8 @@ function install_dokuwiki {
echo ' index index.php;';
echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$DOKUWIKI_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$DOKUWIKI_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' # rewrite to front controller as default rule';

8
src/freedombone-app-edith
View File

@ -341,8 +341,8 @@ function install_edith {
function_check nginx_ssl
nginx_ssl "$EDITH_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$EDITH_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -379,8 +379,8 @@ function install_edith {
function_check nginx_compress
nginx_compress "$EDITH_DOMAIN_NAME"
echo '' >> "$edith_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$EDITH_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$EDITH_DOMAIN_NAME"
{ echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';

8
src/freedombone-app-etherpad
View File

@ -557,8 +557,8 @@ function install_etherpad {
function_check nginx_ssl
nginx_ssl "$ETHERPAD_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$ETHERPAD_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -584,8 +584,8 @@ function install_etherpad {
echo " listen 127.0.0.1:$ETHERPAD_ONION_PORT default_server;";
echo " server_name $ETHERPAD_ONION_HOSTNAME;";
echo ''; } >> "$etherpad_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$ETHERPAD_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$ETHERPAD_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';

13
src/freedombone-app-fedwiki
View File

@ -339,12 +339,6 @@ function fedwiki_setup_web {
function_check nginx_ssl
nginx_ssl "$FEDWIKI_DOMAIN_NAME" mobile
sed -i '/Content-Security-Policy/d' "$fedwiki_nginx_file"
sed -i '/X-XSS-Protection/d' "$fedwiki_nginx_file"
sed -i '/X-Robots-Tag/d' "$fedwiki_nginx_file"
sed -i '/X-Download-Options/d' "$fedwiki_nginx_file"
sed -i '/X-Permitted-Cross-Domain-Policies/d' "$fedwiki_nginx_file"
{ echo ' add_header X-Robots-Tag none;';
echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Frame-Options DENY;';
@ -371,10 +365,9 @@ function fedwiki_setup_web {
echo " listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;";
echo " server_name $FEDWIKI_ONION_HOSTNAME;";
echo '';
echo ' add_header X-Robots-Tag none;';
echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Frame-Options DENY;';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Download-Options noopen;';
echo '';
echo ' location /fonts-font-awesome/ {';
echo ' alias /usr/share/fonts-font-awesome/;';
@ -389,6 +382,10 @@ function fedwiki_setup_web {
echo ' }';
echo '}'; } >> "$fedwiki_nginx_file"
sed -i '/Content-Security-Policy/d' "$fedwiki_nginx_file"
sed -i '/X-XSS-Protection/d' "$fedwiki_nginx_file"
sed -i '/X-Permitted-Cross-Domain-Policies/d' "$fedwiki_nginx_file"
function_check create_site_certificate
create_site_certificate "$FEDWIKI_DOMAIN_NAME" 'yes'

8
src/freedombone-app-friendica
View File

@ -419,8 +419,8 @@ function install_friendica {
echo ' access_log /dev/null;'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl "$FRIENDICA_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$FRIENDICA_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # rewrite to front controller as default rule';
@ -493,7 +493,7 @@ function install_friendica {
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } > "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
nginx_limits "$FRIENDICA_DOMAIN_NAME"
nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
nginx_security_options "$FRIENDICA_DOMAIN_NAME"
{ echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }';
echo '';
@ -515,7 +515,7 @@ function install_friendica {
echo ' # or a unix socket';
echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME"
nginx_limits "$FRIENDICA_DOMAIN_NAME"
nginx_disable_sniffing "$FRIENDICA_DOMAIN_NAME"
nginx_security_options "$FRIENDICA_DOMAIN_NAME"
{ echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";

8
src/freedombone-app-ghost
View File

@ -518,8 +518,8 @@ function install_ghost {
echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
function_check nginx_ssl
nginx_ssl "${GHOST_DOMAIN_NAME}"
function_check nginx_disable_sniffing
nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
function_check nginx_security_options
nginx_security_options "${GHOST_DOMAIN_NAME}"
{ echo ' add_header Strict-Transport-Security max-age=0;';
echo '';
echo ' location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
@ -550,8 +550,8 @@ function install_ghost {
echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ''; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"
function_check nginx_disable_sniffing
nginx_disable_sniffing "${GHOST_DOMAIN_NAME}"
function_check nginx_security_options
nginx_security_options "${GHOST_DOMAIN_NAME}"
{ echo ' add_header Strict-Transport-Security max-age=0;';
echo '';
echo ' location / {'; } >> "/etc/nginx/sites-available/${GHOST_DOMAIN_NAME}"

12
src/freedombone-app-gnusocial
View File

@ -37,7 +37,7 @@ GNUSOCIAL_DOMAIN_NAME=
GNUSOCIAL_CODE=
GNUSOCIAL_ONION_PORT=8087
GNUSOCIAL_REPO="https://git.gnu.io/gnu/gnu-social.git"
GNUSOCIAL_COMMIT='ffe14fe5f326f013a34fdd303c0e5e8aae772559'
GNUSOCIAL_COMMIT='67a9c0415c395d92adeb784413bb9a88fba7347f'
GNUSOCIAL_ADMIN_PASSWORD=
GNUSOCIAL_BACKGROUND_IMAGE_URL=
@ -707,8 +707,8 @@ function install_gnusocial_main {
function_check nginx_ssl
nginx_ssl "$GNUSOCIAL_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$GNUSOCIAL_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$GNUSOCIAL_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -756,8 +756,8 @@ function install_gnusocial_main {
function_check nginx_compress
nginx_compress "$GNUSOCIAL_DOMAIN_NAME"
echo '' >> "$gnusocial_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$GNUSOCIAL_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$GNUSOCIAL_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
@ -918,6 +918,8 @@ function install_gnusocial {
fi
# unleash the daemons!
cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 236482684
php scripts/checkschema.php
/etc/cron.hourly/gnusocial-daemons
systemctl restart nginx

8
src/freedombone-app-gogs
View File

@ -591,8 +591,8 @@ function install_gogs {
echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
function_check nginx_ssl
nginx_ssl "${GIT_DOMAIN_NAME}"
function_check nginx_disable_sniffing
nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
function_check nginx_security_options
nginx_security_options "${GIT_DOMAIN_NAME}"
{ echo ' add_header Strict-Transport-Security max-age=0;';
echo '';
echo ' location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
@ -623,8 +623,8 @@ function install_gogs {
echo ' access_log /dev/null;';
echo " error_log /dev/null;";
echo ''; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"
function_check nginx_disable_sniffing
nginx_disable_sniffing "${GIT_DOMAIN_NAME}"
function_check nginx_security_options
nginx_security_options "${GIT_DOMAIN_NAME}"
{ echo ' add_header Strict-Transport-Security max-age=0;';
echo '';
echo ' location / {'; } >> "/etc/nginx/sites-available/${GIT_DOMAIN_NAME}"

8
src/freedombone-app-htmly
View File

@ -460,8 +460,8 @@ function install_htmly_website {
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl "$HTMLY_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$HTMLY_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' # rewrite to front controller as default rule';
@ -542,8 +542,8 @@ function install_htmly_website_onion {
echo ' index index.php;';
echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$HTMLY_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$HTMLY_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$HTMLY_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' # rewrite to front controller as default rule';

8
src/freedombone-app-hubzilla
View File

@ -421,8 +421,8 @@ function install_hubzilla {
echo ' access_log /dev/null;'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl "$HUBZILLA_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$HUBZILLA_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # rewrite to front controller as default rule';
@ -494,7 +494,7 @@ function install_hubzilla {
echo ' # rewrite to front controller as default rule';
echo ' location / {'; } > "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
nginx_limits "$HUBZILLA_DOMAIN_NAME"
nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
nginx_security_options "$HUBZILLA_DOMAIN_NAME"
{ echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
echo ' }';
echo '';
@ -516,7 +516,7 @@ function install_hubzilla {
echo ' # or a unix socket';
echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME"
nginx_limits "$HUBZILLA_DOMAIN_NAME"
nginx_disable_sniffing "$HUBZILLA_DOMAIN_NAME"
nginx_security_options "$HUBZILLA_DOMAIN_NAME"
{ echo ' # Zero-day exploit defense.';
echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
echo " # Won't work properly (404 error) if the file is not stored on this";

4
src/freedombone-app-jitsi
View File

@ -286,8 +286,8 @@ function install_jitsi {
function_check nginx_ssl
nginx_ssl ${JITSI_DOMAIN_NAME}
function_check nginx_disable_sniffing
nginx_disable_sniffing ${JITSI_DOMAIN_NAME}
function_check nginx_security_options
nginx_security_options ${JITSI_DOMAIN_NAME}
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';

8
src/freedombone-app-kanboard
View File

@ -468,8 +468,8 @@ function install_kanboard {
function_check nginx_ssl
nginx_ssl "$KANBOARD_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$KANBOARD_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -517,8 +517,8 @@ function install_kanboard {
function_check nginx_compress
nginx_compress "$KANBOARD_DOMAIN_NAME"
echo '' >> "$kanboard_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$KANBOARD_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$KANBOARD_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';

8
src/freedombone-app-keyserver
View File

@ -742,8 +742,8 @@ function install_keyserver {
function_check nginx_ssl
nginx_ssl $KEYSERVER_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
function_check nginx_security_options
nginx_security_options $KEYSERVER_DOMAIN_NAME
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -792,8 +792,8 @@ function install_keyserver {
echo ' return 404;';
echo ' }';
echo ''; } >> $keyserver_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
function_check nginx_security_options
nginx_security_options $KEYSERVER_DOMAIN_NAME
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';

4
src/freedombone-app-koel
View File

@ -553,8 +553,8 @@ function install_koel_main {
function_check nginx_ssl mobile
nginx_ssl "$KOEL_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$KOEL_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$KOEL_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';

8
src/freedombone-app-lychee
View File

@ -270,8 +270,8 @@ function install_lychee_website {
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl "$LYCHEE_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$LYCHEE_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' # rewrite to front controller as default rule';
@ -331,8 +331,8 @@ function install_lychee_website_onion {
echo ' index index.html;';
echo ' charset utf-8;';
echo ' proxy_read_timeout 86400s;'; } >> "/etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$LYCHEE_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$LYCHEE_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' # rewrite to front controller as default rule';

8
src/freedombone-app-mailpile
View File

@ -248,8 +248,8 @@ function install_mailpile {
function_check nginx_ssl
nginx_ssl $MAILPILE_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
function_check nginx_security_options
nginx_security_options $MAILPILE_DOMAIN_NAME
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -280,8 +280,8 @@ function install_mailpile {
echo " listen 127.0.0.1:$MAILPILE_ONION_PORT default_server;";
echo " server_name $MAILPILE_ONION_HOSTNAME;";
echo ''; } >> $mailpile_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $MAILPILE_DOMAIN_NAME
function_check nginx_security_options
nginx_security_options $MAILPILE_DOMAIN_NAME
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';

16
src/freedombone-app-matrix
View File

@ -135,8 +135,8 @@ function matrix_nginx {
function_check nginx_ssl
nginx_ssl ${MATRIX_DOMAIN_NAME}
function_check nginx_disable_sniffing
nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
function_check nginx_security_options
nginx_security_options ${MATRIX_DOMAIN_NAME}
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -164,8 +164,8 @@ function matrix_nginx {
function_check nginx_ssl
nginx_ssl ${MATRIX_DOMAIN_NAME}
function_check nginx_disable_sniffing
nginx_disable_sniffing ${MATRIX_DOMAIN_NAME}
function_check nginx_security_options
nginx_security_options ${MATRIX_DOMAIN_NAME}
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -193,8 +193,8 @@ function matrix_nginx {
echo " listen 127.0.0.1:$MATRIX_FEDERATION_ONION_PORT default_server;";
echo " server_name $MATRIX_DOMAIN_NAME;";
echo ''; } >> $matrix_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $MATRIX_DOMAIN_NAME
function_check nginx_security_options
nginx_security_options $MATRIX_DOMAIN_NAME
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
@ -214,8 +214,8 @@ function matrix_nginx {
echo " listen 127.0.0.1:$MATRIX_ONION_PORT default_server;";
echo " server_name $MATRIX_DOMAIN_NAME;";
echo ''; } >> $matrix_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $MATRIX_DOMAIN_NAME
function_check nginx_security_options
nginx_security_options $MATRIX_DOMAIN_NAME
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';

8
src/freedombone-app-mediagoblin
View File

@ -381,8 +381,8 @@ function install_mediagoblin {
echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl "$MEDIAGOBLIN_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$MEDIAGOBLIN_DOMAIN_NAME"
function_check nginx_limits
nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
{ echo '';
@ -438,8 +438,8 @@ function install_mediagoblin {
echo ' default_type application/octet-stream;';
echo ' sendfile on;';
echo ''; } >> "/etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$MEDIAGOBLIN_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$MEDIAGOBLIN_DOMAIN_NAME"
function_check nginx_limits
nginx_limits "$MEDIAGOBLIN_DOMAIN_NAME" 800m
{ echo '';

8
src/freedombone-app-movim
View File

@ -444,8 +444,8 @@ function install_movim {
function_check nginx_ssl
nginx_ssl "$MOVIM_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$MOVIM_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -506,8 +506,8 @@ function install_movim {
function_check nginx_compress
nginx_compress "$MOVIM_DOMAIN_NAME"
echo '' >> "$movim_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$MOVIM_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$MOVIM_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';

10
src/freedombone-app-nextcloud
View File

@ -138,7 +138,7 @@ function install_interactive_nextcloud {
# remove any invalid characters
if [ ${#NEXTCLOUD_TITLE} -gt 0 ]; then
new_title=${"$NEXTCLOUD_TITLE"//\'//}
new_title=${NEXTCLOUD_TITLE//\'/}
NEXTCLOUD_TITLE="$new_title"
fi
@ -490,8 +490,8 @@ function install_nextcloud_main {
function_check nginx_ssl
nginx_ssl "$NEXTCLOUD_DOMAIN_NAME" mobile
function_check nginx_disable_sniffing
nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$NEXTCLOUD_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -554,8 +554,8 @@ function install_nextcloud_main {
echo " listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;";
echo " server_name $NEXTCLOUD_DOMAIN_NAME;";
echo ''; } >> "$nextcloud_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$NEXTCLOUD_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$NEXTCLOUD_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';

4
src/freedombone-app-peertube
View File

@ -376,8 +376,8 @@ function peertube_setup_web {
function_check nginx_ssl
nginx_ssl "$PEERTUBE_DOMAIN_NAME" mobile
function_check nginx_disable_sniffing
nginx_disable_sniffing "$PEERTUBE_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$PEERTUBE_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';

8
src/freedombone-app-pelican
View File

@ -84,8 +84,8 @@ function install_pelican_website {
echo ' charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
function_check nginx_ssl
nginx_ssl "$PELICAN_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$PELICAN_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
@ -125,8 +125,8 @@ function install_pelican_website_onion {
echo " error_log /dev/null;";
echo ' index index.html;';
echo ' charset utf-8;'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$PELICAN_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$PELICAN_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security "max-age=0;";';
echo '';
echo ' location / {'; } >> "/etc/nginx/sites-available/$PELICAN_DOMAIN_NAME"

15
src/freedombone-app-pleroma
View File

@ -353,7 +353,7 @@ function install_interactive_pleroma {
# remove any invalid characters
if [ ${#PLEROMA_TITLE} -gt 0 ]; then
new_title=${"$PLEROMA_TITLE"//\'//}
new_title=${PLEROMA_TITLE//\'/}
PLEROMA_TITLE="$new_title"
fi
@ -1029,8 +1029,8 @@ function install_pleroma {
function_check nginx_ssl
nginx_ssl "$PLEROMA_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$PLEROMA_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$PLEROMA_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -1069,8 +1069,8 @@ function install_pleroma {
function_check nginx_compress
nginx_compress "$PLEROMA_DOMAIN_NAME"
echo '' >> "$pleroma_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$PLEROMA_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$PLEROMA_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
@ -1173,6 +1173,11 @@ function install_pleroma {
echo '[Install]';
echo 'WantedBy=multi-user.target';
echo 'Alias=pleroma.service'; } > /etc/systemd/system/pleroma.service
# set registrations open initially
sed -i 's|registrations_open:.*|registrations_open: true,|g' $PLEROMA_DIR/config/config.exs
sed -i 's|"registrationOpen":.*|"registrationOpen": true,|g' $PLEROMA_DIR/priv/static/static/config.json
systemctl daemon-reload
systemctl enable pleroma
systemctl start pleroma

18
src/freedombone-app-postactiv
View File

@ -36,8 +36,8 @@ SHOW_ON_ABOUT=1
POSTACTIV_DOMAIN_NAME=
POSTACTIV_CODE=
POSTACTIV_ONION_PORT=8100
POSTACTIV_REPO="https://git.postactiv.com/postActiv/postActiv.git"
POSTACTIV_COMMIT='0531c469b44aab6a71230778ab4492eca889bb2c'
POSTACTIV_REPO="http://gitea.postactiv.com/postActiv/postActiv.git"
POSTACTIV_COMMIT='3c88992eeb'
POSTACTIV_ADMIN_PASSWORD=
POSTACTIV_BACKGROUND_IMAGE_URL=
@ -180,7 +180,7 @@ function install_interactive_postactiv {
# remove any invalid characters
if [ ${#POSTACTIV_TITLE} -gt 0 ]; then
new_title=${"$POSTACTIV_TITLE"//\'//}
new_title=${POSTACTIV_TITLE//\'/}
POSTACTIV_TITLE="$new_title"
fi
@ -665,8 +665,8 @@ function install_postactiv_main {
cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 46824682682
git pull
else
function_check git_clone
git_clone "$POSTACTIV_REPO" "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
# This is deliberately non-recursive
git clone "$POSTACTIV_REPO" "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs"
fi
if [ ! -d "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" ]; then
@ -721,8 +721,8 @@ function install_postactiv_main {
function_check nginx_ssl
nginx_ssl "$POSTACTIV_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$POSTACTIV_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -767,8 +767,8 @@ function install_postactiv_main {
echo " listen 127.0.0.1:$POSTACTIV_ONION_PORT default_server;";
echo " server_name $POSTACTIV_ONION_HOSTNAME;";
echo ''; } >> "$postactiv_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$POSTACTIV_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$POSTACTIV_DOMAIN_NAME"
echo '' >> "$postactiv_nginx_site"
function_check nginx_compress
nginx_compress "$POSTACTIV_DOMAIN_NAME"

8
src/freedombone-app-privatebin
View File

@ -351,8 +351,8 @@ function install_privatebin {
function_check nginx_ssl
nginx_ssl "$PRIVATEBIN_DOMAIN_NAME"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$PRIVATEBIN_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -393,8 +393,8 @@ function install_privatebin {
function_check nginx_compress
nginx_compress "$PRIVATEBIN_DOMAIN_NAME"
echo '' >> "$privatebin_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$PRIVATEBIN_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$PRIVATEBIN_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';

4
src/freedombone-app-radicale
View File

@ -476,8 +476,8 @@ function install_radicale {
echo ''; } > "/etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}"
function_check nginx_ssl
nginx_ssl "${DEFAULT_DOMAIN_NAME}" mobile
function_check nginx_disable_sniffing
nginx_disable_sniffing "${DEFAULT_DOMAIN_NAME}"
function_check nginx_security_options
nginx_security_options "${DEFAULT_DOMAIN_NAME}"
{ echo '';
echo " server_name ${DEFAULT_DOMAIN_NAME};";

8
src/freedombone-app-riot
View File

@ -279,8 +279,8 @@ function install_riot {
function_check nginx_ssl
nginx_ssl $RIOT_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $RIOT_DOMAIN_NAME
function_check nginx_security_options
nginx_security_options $RIOT_DOMAIN_NAME
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -306,8 +306,8 @@ function install_riot {
echo " listen 127.0.0.1:$RIOT_ONION_PORT default_server;";
echo " server_name $RIOT_ONION_HOSTNAME;";
echo ''; } >> $riot_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $RIOT_DOMAIN_NAME
function_check nginx_security_options
nginx_security_options $RIOT_DOMAIN_NAME
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';

4
src/freedombone-app-scuttlebot
View File

@ -317,8 +317,8 @@ function scuttlebot_git_setup {
function_check nginx_ssl
nginx_ssl $SCUTTLEBOT_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $SCUTTLEBOT_DOMAIN_NAME
function_check nginx_security_options
nginx_security_options $SCUTTLEBOT_DOMAIN_NAME
fi
{ echo '';

4
src/freedombone-app-searx
View File

@ -967,8 +967,8 @@ function install_searx {
echo ' access_log /dev/null;';
echo " error_log /var/log/searx_error.log $WEBSERVER_LOG_LEVEL;";
echo ''; } > /etc/nginx/sites-available/searx
function_check nginx_disable_sniffing
nginx_disable_sniffing searx
function_check nginx_security_options
nginx_security_options searx
{ echo ' add_header Strict-Transport-Security max-age=0;';
echo '';
echo ' location / {'; } >> /etc/nginx/sites-available/searx

4
src/freedombone-app-tahoelafs
View File

@ -608,8 +608,8 @@ function create_tahoelafs_web {
echo " listen 127.0.0.1:$TAHOELAFS_ONION_PORT default_server;";
echo " server_name $TAHOELAFS_ONION_HOSTNAME;";
echo ''; } > "$tahoelafs_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing tahoelafs
function_check nginx_security_options
nginx_security_options tahoelafs
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';

8
src/freedombone-app-turtl
View File

@ -674,8 +674,8 @@ function install_turtl_nginx {
function_check nginx_ssl
nginx_ssl $TURTL_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $TURTL_DOMAIN_NAME
function_check nginx_security_options
nginx_security_options $TURTL_DOMAIN_NAME
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -698,8 +698,8 @@ function install_turtl_nginx {
echo " listen 127.0.0.1:${TURTL_ONION_PORT};";
echo " server_name ${TURTL_ONION_HOSTNAME};";
echo ''; } >> $turtl_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $TURTL_DOMAIN_NAME
function_check nginx_security_options
nginx_security_options $TURTL_DOMAIN_NAME
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';

12
src/freedombone-image-customise
View File

@ -1901,7 +1901,7 @@ function image_preinstall_repos {
if [[ "$SOCIALINSTANCE" == "pleroma" ]]; then
git clone "$PLEROMA_REPO" "$rootdir/repos/pleroma"
#git clone $QVITTER_THEME_REPO "$rootdir/repos/qvitter"
git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
return
fi
@ -1909,16 +1909,16 @@ function image_preinstall_repos {
if [[ "$SOCIALINSTANCE" == "gnusocial" ]]; then
git clone "$GNUSOCIAL_REPO" "$rootdir/repos/gnusocial"
git clone "$GNUSOCIAL_MARKDOWN_REPO" "$rootdir/repos/gnusocial-markdown"
#git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
return
fi
if [[ "$SOCIALINSTANCE" == "postactiv" ]]; then
git clone "$GNUSOCIAL_MARKDOWN_REPO" "$rootdir/repos/gnusocial-markdown"
#git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
#git clone "$POSTACTIV_REPO" "$rootdir/repos/postactiv"
git clone "$POSTACTIV_REPO" "$rootdir/repos/postactiv"
return
fi
@ -1929,9 +1929,9 @@ function image_preinstall_repos {
git clone "$GNUSOCIAL_REPO" "$rootdir/repos/gnusocial"
git clone "$PLEROMA_REPO" "$rootdir/repos/pleroma"
git clone "$GNUSOCIAL_MARKDOWN_REPO" "$rootdir/repos/gnusocial-markdown"
#git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
git clone "$QVITTER_THEME_REPO" "$rootdir/repos/qvitter"
git clone "$PLEROMA_FRONTEND_REPO" "$rootdir/repos/pleroma-fe"
#git clone "$POSTACTIV_REPO" "$rootdir/repos/postactiv"
git clone "$POSTACTIV_REPO" "$rootdir/repos/postactiv"
git clone "$SHARINGS_REPO" "$rootdir/repos/sharings"
git clone "$HTMLY_REPO" "$rootdir/repos/htmly"
git clone "$HUBZILLA_REPO" "$rootdir/repos/hubzilla"

4
src/freedombone-template
View File

@ -665,7 +665,7 @@ if [ $app_onion_only ]; then
echo " echo ' # Security' >> \$${app_name}_nginx_site"
echo " nginx_ssl \$${app_name_upper}_DOMAIN_NAME"
echo ''
echo " nginx_disable_sniffing \$${app_name_upper}_DOMAIN_NAME"
echo " nginx_security_options \$${app_name_upper}_DOMAIN_NAME"
echo ''
echo " echo ' add_header Strict-Transport-Security max-age=15768000;' >> \$${app_name}_nginx_site"
echo " echo '' >> \$${app_name}_nginx_site"
@ -709,7 +709,7 @@ echo " echo \" server_name \$${app_name_upper}_ONION_HOSTNAME;\" >> \$${ap
echo " echo '' >> \$${app_name}_nginx_site"
echo " nginx_compress \$${app_name_upper}_DOMAIN_NAME"
echo " echo '' >> \$${app_name}_nginx_site"
echo " nginx_disable_sniffing \$${app_name_upper}_DOMAIN_NAME"
echo " nginx_security_options \$${app_name_upper}_DOMAIN_NAME"
echo " echo '' >> \$${app_name}_nginx_site"
echo " echo ' # Logs' >> \$${app_name}_nginx_site"
echo " echo ' access_log /dev/null;' >> \$${app_name}_nginx_site"

5
src/freedombone-utils-gnusocialtools
View File

@ -750,6 +750,7 @@ function gnusocial_use_classic {
if [ -f "/etc/nginx/sites-available/$domain_name" ]; then
sed -i 's|index_qvitter.php|index.php|g' "/etc/nginx/sites-available/$domain_name"
sed -i 's|index.html|index.php|g' "/etc/nginx/sites-available/$domain_name"
sed -i 's|#add_header Content-Security-Policy|add_header Content-Security-Policy|g' "/etc/nginx/sites-available/$domain_name"
fi
if ! grep -q "//addPlugin('Qvitter')" "/var/www/$domain_name/htdocs/config.php"; then
@ -774,6 +775,9 @@ function gnusocial_use_qvitter {
if [ -f "/etc/nginx/sites-available/$domain_name" ]; then
sed -i 's|index_qvitter.php|index.php|g' "/etc/nginx/sites-available/$domain_name"
sed -i 's|index.html|index.php|g' "/etc/nginx/sites-available/$domain_name"
if ! grep -q "#add_header Content-Security-Policy" "/etc/nginx/sites-available/$domain_name"; then
sed -i 's|add_header Content-Security-Policy|#add_header Content-Security-Policy|g' "/etc/nginx/sites-available/$domain_name"
fi
fi
if grep -q "//addPlugin('Qvitter')" "/var/www/$domain_name/htdocs/config.php"; then
@ -805,6 +809,7 @@ function gnusocial_use_pleroma {
if [ -f "/etc/nginx/sites-available/$domain_name" ]; then
sed -i 's|index.php|index_qvitter.php|g' "/etc/nginx/sites-available/$domain_name"
sed -i 's|index index_qvitter.php|index index.html|g' "/etc/nginx/sites-available/$domain_name"
sed -i 's|#add_header Content-Security-Policy|add_header Content-Security-Policy|g' "/etc/nginx/sites-available/$domain_name"
fi
if grep -q "//addPlugin('Qvitter')" "/var/www/$domain_name/htdocs/config.php"; then

8
src/freedombone-utils-turn
View File

@ -81,8 +81,8 @@ function install_turn {
function_check nginx_ssl
nginx_ssl "${DEFAULT_DOMAIN_NAME}"
function_check nginx_disable_sniffing
nginx_disable_sniffing "${DEFAULT_DOMAIN_NAME}"
function_check nginx_security_options
nginx_security_options "${DEFAULT_DOMAIN_NAME}"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -109,8 +109,8 @@ function install_turn {
echo " listen 127.0.0.1:$TURN_ONION_PORT default_server;";
echo " server_name $DEFAULT_DOMAIN_NAME;";
echo ''; } >> "$turn_nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$DEFAULT_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$DEFAULT_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';

20
src/freedombone-utils-web
View File

@ -71,11 +71,15 @@ function validate_domain_name {
fi
}
function nginx_disable_sniffing {
function nginx_security_options {
domain_name=$1
filename=/etc/nginx/sites-available/$domain_name
{ echo ' add_header X-Frame-Options DENY;';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Robots-Tag none;';
echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Permitted-Cross-Domain-Policies none;';
echo ''; } >> "$filename"
}
@ -157,11 +161,7 @@ function nginx_ssl {
else
echo " ssl_ciphers '$SSL_CIPHERS';" >> "$filename"
fi
{ echo " add_header Content-Security-Policy \"default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'\";";
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Robots-Tag none;';
echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Permitted-Cross-Domain-Policies none;'; } >> "$filename"
echo " add_header Content-Security-Policy \"default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'\";" >> "$filename"
#nginx_stapling $1
}
@ -913,8 +913,8 @@ function create_default_web_site {
function_check nginx_ssl
nginx_ssl "$DEFAULT_DOMAIN_NAME" mobile
function_check nginx_disable_sniffing
nginx_disable_sniffing "$DEFAULT_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$DEFAULT_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
@ -946,8 +946,8 @@ function create_default_web_site {
echo " listen 127.0.0.1:$DEFAULT_DOMAIN_ONION_PORT default_server;";
echo " server_name $DEFAULT_DOMAIN_NAME;";
echo ''; } >> "$nginx_site"
function_check nginx_disable_sniffing
nginx_disable_sniffing "$DEFAULT_DOMAIN_NAME"
function_check nginx_security_options
nginx_security_options "$DEFAULT_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';