#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # Lychee photo album # # License # ======= # # Copyright (C) 2014-2017 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . VARIANTS="full full-vim writer" IN_DEFAULT_INSTALL=0 SHOW_ON_ABOUT=1 LYCHEE_DOMAIN_NAME= LYCHEE_CODE= LYCHEE_ONION_PORT=8105 LYCHEE_REPO="https://github.com/electerious/Lychee" LYCHEE_COMMIT='27f207dcbac8488629ffc3b5a9cac78ae123bee9' lychee_variables=(LYCHEE_REPO LYCHEE_DOMAIN_NAME LYCHEE_CODE ONION_ONLY DDNS_PROVIDER MY_USERNAME) function lychee_create_database { if [ -f ${IMAGE_PASSWORD_FILE} ]; then LYCHEE_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" else if [ ! ${LYCHEE_ADMIN_PASSWORD} ]; then LYCHEE_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" fi fi if [ ! $LYCHEE_ADMIN_PASSWORD ]; then return fi function_check create_database create_database lychee "$LYCHEE_ADMIN_PASSWORD" } function remove_user_lychee { remove_username="$1" ${PROJECT_NAME}-pass -u $remove_username --rmapp lychee } function add_user_lychee { if [[ $(app_is_installed lychee) == "0" ]]; then echo '0' return fi new_username="$1" new_user_password="$2" ${PROJECT_NAME}-pass -u $new_username -a lychee -p "$new_user_password" echo '0' } function install_interactive_lychee { if [ ! $ONION_ONLY ]; then ONION_ONLY='no' fi if [[ $ONION_ONLY != "no" ]]; then LYCHEE_DOMAIN_NAME='lychee.local' write_config_param "LYCHEE_DOMAIN_NAME" "$LYCHEE_DOMAIN_NAME" else function_check interactive_site_details interactive_site_details "lychee" "LYCHEE_DOMAIN_NAME" "LYCHEE_CODE" fi APP_INSTALLED=1 } function configure_interactive_lychee { function_check get_mariadb_password get_mariadb_password dialog --title $"Lychee Configuration" \ --msgbox $"\nYou can initially install the system with:\n\n Username: root\n Password: $MARIADB_PASSWORD" 10 70 } function change_password_lychee { LYCHEE_USERNAME="$1" LYCHEE_PASSWORD="$2" if [ ${#LYCHEE_PASSWORD} -lt 8 ]; then echo $'Lychee password is too short' return fi # TODO: This doesn't actually change the password #${PROJECT_NAME}-pass -u $LYCHEE_USERNAME -a lychee -p "$LYCHEE_PASSWORD" } function reconfigure_lychee { echo -n '' } function upgrade_lychee { CURR_LYCHEE_COMMIT=$(get_completion_param "lychee commit") if [[ "$CURR_LYCHEE_COMMIT" == "$LYCHEE_COMMIT" ]]; then return fi read_config_param "LYCHEE_DOMAIN_NAME" function_check set_repo_commit set_repo_commit /var/www/$LYCHEE_DOMAIN_NAME/htdocs "lychee commit" "$LYCHEE_COMMIT" $LYCHEE_REPO } function backup_local_lychee { LYCHEE_DOMAIN_NAME='lychee.local' if grep -q "lychee domain" $COMPLETION_FILE; then LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain") fi lychee_path=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs if [ -d $lychee_path ]; then function_check backup_database_to_usb backup_database_to_usb lychee backup_directory_to_usb $lychee_path lychee restart_site fi } function restore_local_lychee { LYCHEE_DOMAIN_NAME='lychee.local' if grep -q "lychee domain" $COMPLETION_FILE; then LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain") fi if [ $LYCHEE_DOMAIN_NAME ]; then function_check lychee_create_database lychee_create_database function_check restore_database restore_database lychee ${LYCHEE_DOMAIN_NAME} fi } function backup_remote_lychee { LYCHEE_DOMAIN_NAME='lychee.local' if grep -q "lychee domain" $COMPLETION_FILE; then LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain") fi temp_backup_dir=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs if [ -d $temp_backup_dir ]; then suspend_site ${LYCHEE_DOMAIN_NAME} backup_database_to_friend lychee backup_directory_to_friend $temp_backup_dir lychee restart_site else echo $"Lychee domain specified but not found in /var/www/${LYCHEE_DOMAIN_NAME}" exit 2578 fi } function restore_remote_lychee { LYCHEE_DOMAIN_NAME='lychee.local' if grep -q "lychee domain" $COMPLETION_FILE; then LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain") fi function_check restore_database_from_friend function_check lychee_create_database lychee_create_database restore_database_from_friend lychee ${LYCHEE_DOMAIN_NAME} restart_site chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/ } function remove_lychee { if [ ${#LYCHEE_DOMAIN_NAME} -eq 0 ]; then return fi read_config_param "LYCHEE_DOMAIN_NAME" nginx_dissite $LYCHEE_DOMAIN_NAME remove_certs ${LYCHEE_DOMAIN_NAME} drop_database lychee remove_backup_database_local lychee if [ -f /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME ]; then rm -f /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME fi if [ -d /var/www/$LYCHEE_DOMAIN_NAME ]; then rm -rf /var/www/$LYCHEE_DOMAIN_NAME fi remove_config_param LYCHEE_DOMAIN_NAME remove_config_param LYCHEE_CODE function_check remove_onion_service remove_onion_service lychee ${LYCHEE_ONION_PORT} remove_completion_param "install_lychee" sed -i '/Lychee/d' $COMPLETION_FILE sed -i '/lychee/d' $COMPLETION_FILE function_check remove_ddns_domain remove_ddns_domain $LYCHEE_DOMAIN_NAME } function install_lychee_website { function_check nginx_http_redirect nginx_http_redirect $LYCHEE_DOMAIN_NAME echo 'server {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' listen [::]:443 ssl;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " server_name $LYCHEE_DOMAIN_NAME;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " error_log /dev/null;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME function_check nginx_ssl nginx_ssl $LYCHEE_DOMAIN_NAME function_check nginx_disable_sniffing nginx_disable_sniffing $LYCHEE_DOMAIN_NAME echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME function_check nginx_limits nginx_limits $LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME nginx_keybase ${LYCHEE_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /\. {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' #deny access to store' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /store {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME } function install_lychee_website_onion { echo 'server {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " server_name $LYCHEE_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' access_log /dev/null;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " error_log /dev/null;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' charset utf-8;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME function_check nginx_disable_sniffing nginx_disable_sniffing $LYCHEE_DOMAIN_NAME echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location / {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME function_check nginx_limits nginx_limits $LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME nginx_keybase ${LYCHEE_DOMAIN_NAME} echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # block these file types' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME function_check nginx_limits nginx_limits $LYCHEE_DOMAIN_NAME echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /\. {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' #deny access to store' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /store {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME } function install_lychee_from_repo { if [ ! -d /var/www/$LYCHEE_DOMAIN_NAME ]; then mkdir /var/www/$LYCHEE_DOMAIN_NAME fi cd /var/www/$LYCHEE_DOMAIN_NAME if [ -d /repos/lychee ]; then mkdir htdocs cp -r -p /repos/lychee/. htdocs cd htdocs git pull else git_clone $LYCHEE_REPO htdocs fi cd htdocs git checkout $LYCHEE_COMMIT -b $LYCHEE_COMMIT set_completion_param "lychee commit" "$LYCHEE_COMMIT" } function install_lychee { if [ ! $ONION_ONLY ]; then ONION_ONLY='no' fi if [ ! $LYCHEE_DOMAIN_NAME ]; then echo $'The lychee domain name was not specified' exit 543672 fi # for the avatar changing command apt-get -yq install imagemagick exif zip php-mcrypt mcrypt libfcgi0ldbl function_check install_lychee_from_repo install_lychee_from_repo if [[ $ONION_ONLY == "no" ]]; then function_check install_lychee_website install_lychee_website else echo -n '' > /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME fi LYCHEE_ONION_HOSTNAME=$(add_onion_service lychee 80 ${LYCHEE_ONION_PORT}) function_check install_lychee_website_onion install_lychee_website_onion function_check create_site_certificate create_site_certificate $LYCHEE_DOMAIN_NAME 'yes' function_check configure_php configure_php chmod -R 1777 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/ chmod -R 1777 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/ chown -R www-data:www-data /var/www/$LYCHEE_DOMAIN_NAME/htdocs chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore function_check nginx_ensite nginx_ensite $LYCHEE_DOMAIN_NAME function_check install_mariadb install_mariadb function_check get_mariadb_password get_mariadb_password function_check lychee_create_database lychee_create_database systemctl restart mariadb systemctl restart php7.0-fpm systemctl restart nginx ${PROJECT_NAME}-pass -u $MY_USERNAME -a lychee -p "$LYCHEE_ADMIN_PASSWORD" function_check add_ddns_domain add_ddns_domain $LYCHEE_DOMAIN_NAME set_completion_param "lychee domain" "$LYCHEE_DOMAIN_NAME" APP_INSTALLED=1 } # NOTE: deliberately no exit 0