Onion site for owncloud
This commit is contained in:
parent
0cbbeec0fb
commit
6aa2cdafe7
104
src/freedombone
104
src/freedombone
|
@ -202,6 +202,7 @@ GOGS_COMMIT='efea642d6cf419c9587d44b95ff2bc04e89f7bfe'
|
|||
# Domain name for Owncloud installation
|
||||
OWNCLOUD_DOMAIN_NAME=
|
||||
OWNCLOUD_CODE=
|
||||
OWNCLOUD_ONION_PORT=8088
|
||||
OWNCLOUD_ADMIN_PASSWORD=
|
||||
OWNCLOUD_MUSIC_APP_REPO="https://github.com/owncloud/music"
|
||||
OWNCLOUD_MUSIC_APP_COMMIT='7f79afb4ae9a6ecd8f530d87106f960306c0a15a'
|
||||
|
@ -5783,6 +5784,79 @@ quit" > $INSTALL_DIR/batch.sql
|
|||
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo 'server {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo " listen 127.0.0.1:${OWNCLOUD_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo " root /var/www/$OWNCLOUD_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo " server_name $OWNCLOUD_DOMAIN_NAME;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo " error_log /var/log/nginx/${OWNCLOUD_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' # then replace the above with the following:' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' # add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' client_max_body_size 10G; # set max upload size' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' location = /robots.txt {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' allow all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' log_not_found off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' location ~ ^/(data|config|\.ht|db_structure\.xml|README) {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' deny all;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' location / {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' # The following 2 rules are only needed with webfinger' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' rewrite ^/.well-known/host-meta /public.php?service=host-meta last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' try_files $uri $uri/ index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' location ~ ^(.+?\.php)(/.*)?$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' try_files $1 =404;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' fastcgi_param SCRIPT_FILENAME $document_root$1;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' fastcgi_param PATH_INFO $2;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' fastcgi_param HTTPS on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' # Optional: set long EXPIRES header on static assets' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' expires 30d;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo " # Optional: Don't log access to assets" >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' access_log off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '}' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
|
||||
configure_php
|
||||
|
||||
|
@ -5826,8 +5900,34 @@ quit" > $INSTALL_DIR/batch.sql
|
|||
echo 'fi' >> /usr/bin/backupdatabases
|
||||
|
||||
nginx_ensite $OWNCLOUD_DOMAIN_NAME
|
||||
|
||||
if [ ! -d /var/lib/tor ]; then
|
||||
echo $'No Tor installation found. Owncloud onion site cannot be configured.'
|
||||
exit 877367
|
||||
fi
|
||||
if ! grep -q "hidden_service_owncloud" /etc/tor/torrc; then
|
||||
echo 'HiddenServiceDir /var/lib/tor/hidden_service_owncloud/' >> /etc/tor/torrc
|
||||
echo "HiddenServicePort 80 127.0.0.1:${OWNCLOUD_ONION_PORT}" >> /etc/tor/torrc
|
||||
echo $'Added onion site for Owncloud'
|
||||
fi
|
||||
|
||||
service php5-fpm restart
|
||||
service nginx restart
|
||||
systemctl restart tor
|
||||
|
||||
if [ ! -f /var/lib/tor/hidden_service_owncloud/hostname ]; then
|
||||
echo $'Owncloud onion site hostname not found'
|
||||
exit 76362
|
||||
fi
|
||||
OWNCLOUD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_owncloud/hostname)
|
||||
|
||||
if ! grep -q "Owncloud onion domain" /home/$MY_USERNAME/README; then
|
||||
echo "Owncloud onion domain: ${OWNCLOUD_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
|
||||
echo '' >> /home/$MY_USERNAME/README
|
||||
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
|
||||
chmod 600 /home/$MY_USERNAME/README
|
||||
fi
|
||||
echo "Owncloud onion domain:${OWNCLOUD_ONION_HOSTNAME}" >> $COMPLETION_FILE
|
||||
|
||||
# update the dynamic DNS
|
||||
CURRENT_DDNS_DOMAIN=$OWNCLOUD_DOMAIN_NAME
|
||||
|
@ -7558,8 +7658,8 @@ quit" > $INSTALL_DIR/batch.sql
|
|||
echo $'Added onion site for GNU Social'
|
||||
fi
|
||||
|
||||
service php5-fpm restart
|
||||
service nginx restart
|
||||
systemctl restart php5-fpm
|
||||
systemctl restart nginx
|
||||
systemctl restart tor
|
||||
|
||||
if [ ! -f /var/lib/tor/hidden_service_microblog/hostname ]; then
|
||||
|
|
Loading…
Reference in New Issue