free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
freedomboneeee/src/freedombone-app-nextcloud

730 lines
25 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# Freedom in the Cloud
#
# nextcloud application
# In tests this is much too slow, and it appeared to self-destruct after a few minutes
# i.e. becoming totally unusable.
#
# License
# =======
#
# Copyright (C) 2017-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim cloud'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
NEXTCLOUD_DOMAIN_NAME=
NEXTCLOUD_CODE=
NEXTCLOUD_ONION_PORT=8112
NEXTCLOUD_REPO="https://github.com/nextcloud/server"
# Stable 13 branch
NEXTCLOUD_COMMIT='edd5712c6ead5b09fa4f996cfda66fc4e18ba597'
NEXTCLOUD_ADMIN_PASSWORD=
NEXTCLOUD_SERVER_SIDE_ENCRYPTION=1
NEXTCLOUD_SHORT_DESCRIPTION=$'File storage and sync'
NEXTCLOUD_DESCRIPTION=$'File storage and sync'
NEXTCLOUD_MOBILE_APP_URL='https://f-droid.org/packages/com.nextcloud.client'
nextcloud_variables=(ONION_ONLY
NEXTCLOUD_DOMAIN_NAME
NEXTCLOUD_CODE
DDNS_PROVIDER
MY_USERNAME)
function logging_on_nextcloud {
echo -n ''
}
function logging_off_nextcloud {
echo -n ''
}
function remove_user_nextcloud {
remove_username="$1"
"${PROJECT_NAME}-pass" -u "$remove_username" --rmapp nextcloud
}
function add_user_nextcloud {
new_username="$1"
new_user_password="$2"
"${PROJECT_NAME}-pass" -u "$new_username" -a nextcloud -p "$new_user_password"
echo '0'
}
function change_password_nextcloud {
curr_username="$1"
export OC_PASS="$2"
su -s /bin/sh www-data -c "php occ user:resetpassword --password-from-env $curr_username"
"${PROJECT_NAME}-pass" -u "$curr_username" -a nextcloud -p "$OC_PASS"
export OC_PASS=""
}
function install_interactive_nextcloud {
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
dialog --title $"Enable NextCloud server side encryption" \
--backtitle $"Freedombone Configuration" \
--yesno $"\\nDo you want to enable server side encryption. On ARM or older x86 systems, especially without HRNG, this may make performance excessively slow?" 10 60
sel=$?
case $sel in
1) NEXTCLOUD_SERVER_SIDE_ENCRYPTION=
;;
255) return;;
esac
if [[ $ONION_ONLY != "no" ]]; then
NEXTCLOUD_DOMAIN_NAME='nextcloud.local'
else
NEXTCLOUD_DETAILS_COMPLETE=
while [ ! $NEXTCLOUD_DETAILS_COMPLETE ]
do
data=$(mktemp 2>/dev/null)
if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
dialog --backtitle $"Freedombone Configuration" \
--title $"NextCloud Configuration" \
--form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 3 \
$"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
$"Code:" 2 1 "$(grep 'NEXTCLOUD_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 15 40 255 \
2> "$data"
else
dialog --backtitle $"Freedombone Configuration" \
--title $"NextCloud Configuration" \
--form $"\\nPlease enter your NextCloud details.\\n\\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 13 65 2 \
$"Domain:" 1 1 "$(grep 'NEXTCLOUD_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 15 40 40 \
2> "$data"
fi
sel=$?
case $sel in
1) rm -f "$data"
exit 1;;
255) rm -f "$data"
exit 1;;
esac
NEXTCLOUD_DOMAIN_NAME=$(sed -n 1p < "$data")
if [ "$NEXTCLOUD_DOMAIN_NAME" ]; then
TEST_DOMAIN_NAME=$NEXTCLOUD_DOMAIN_NAME
validate_domain_name
if [[ "$TEST_DOMAIN_NAME" != "$NEXTCLOUD_DOMAIN_NAME" ]]; then
NEXTCLOUD_DOMAIN_NAME=
dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
else
if [[ "$DDNS_PROVIDER" == *"freedns"* ]]; then
NEXTCLOUD_CODE=$(sed -n 2p < "$data")
validate_freedns_code "$NEXTCLOUD_CODE"
if [ ! "$VALID_CODE" ]; then
NEXTCLOUD_DOMAIN_NAME=
fi
fi
fi
fi
if [ $NEXTCLOUD_DOMAIN_NAME ]; then
NEXTCLOUD_DETAILS_COMPLETE="yes"
fi
rm -f "$data"
done
# remove any invalid characters
if [ ${#NEXTCLOUD_TITLE} -gt 0 ]; then
new_title=${NEXTCLOUD_TITLE//\'/}
NEXTCLOUD_TITLE="$new_title"
fi
# save the results in the config file
write_config_param "NEXTCLOUD_CODE" "$NEXTCLOUD_CODE"
fi
write_config_param "NEXTCLOUD_DOMAIN_NAME" "$NEXTCLOUD_DOMAIN_NAME"
APP_INSTALLED=1
}
function change_password_nextcloud {
curr_username="$1"
new_user_password="$2"
read_config_param ${NEXTCLOUD_DOMAIN_NAME}
"${PROJECT_NAME}-pass" -u "$curr_username" -a nextcloud -p "$new_user_password"
}
function nextcloud_create_database {
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
NEXTCLOUD_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
else
if [ ! "$NEXTCLOUD_ADMIN_PASSWORD" ]; then
NEXTCLOUD_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
fi
fi
if [ ! "$NEXTCLOUD_ADMIN_PASSWORD" ]; then
return
fi
function_check create_database
create_database nextcloud "$NEXTCLOUD_ADMIN_PASSWORD" "$MY_USERNAME"
}
function reconfigure_nextcloud {
echo -n ''
}
function configure_interactive_nextcloud {
echo -n ''
}
function upgrade_nextcloud_base {
chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs
chown -R www-data:www-data /var/www/$NEXTCLOUD_DOMAIN_NAME/data
cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 232547985
sudo -u www-data ./occ maintenance:repair
sudo -u www-data ./occ files:cleanup
sudo -u www-data ./occ files:scan --all
sudo -u www-data ./occ maintenance:mode --off
}
function upgrade_nextcloud {
CURR_NEXTCLOUD_COMMIT=$(get_completion_param "nextcloud commit")
if [[ "$CURR_NEXTCLOUD_COMMIT" == "$NEXTCLOUD_COMMIT" ]]; then
upgrade_nextcloud_base
return
fi
if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" "nextcloud commit" "$NEXTCLOUD_COMMIT" "$NEXTCLOUD_REPO"
upgrade_nextcloud_base
sudo -u www-data ./occ upgrade
}
function backup_local_nextcloud {
NEXTCLOUD_DOMAIN_NAME='nextcloud'
if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
fi
source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data
if [ -d "$source_directory" ]; then
function_check suspend_site
suspend_site "${NEXTCLOUD_DOMAIN_NAME}"
dest_directory=nextcloudfiles
function_check backup_directory_to_usb
backup_directory_to_usb "$source_directory" "$dest_directory"
source_directory=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config
dest_directory=nextcloudconfig
backup_directory_to_usb "$source_directory" "$dest_directory"
function_check backup_database_to_usb
backup_database_to_usb nextcloud
function_check restart_site
restart_site
fi
}
function restore_local_nextcloud {
if ! grep -q "nextcloud domain" "$COMPLETION_FILE"; then
return
fi
NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
if [ "$NEXTCLOUD_DOMAIN_NAME" ]; then
temp_restore_dir=/root/tempnextcloud
function_check nextcloud_create_database
nextcloud_create_database
restore_database nextcloud "${NEXTCLOUD_DOMAIN_NAME}"
temp_restore_dir=/root/tempnextcloudfiles
restore_directory_from_usb $temp_restore_dir nextcloudfiles
if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" ]; then
cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
else
cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
set_user_permissions
backup_unmount_drive
exit 346723
fi
rm -rf ${temp_restore_dir}
temp_restore_dir=/root/tempnextcloudconfig
restore_directory_from_usb $temp_restore_dir nextcloudconfig
if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" ]; then
cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
else
cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
set_user_permissions
backup_unmount_drive
exit 3467343
fi
rm -rf ${temp_restore_dir}
chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 14893545875
sudo -u www-data ./occ maintenance:repair
sudo -u www-data ./occ files:cleanup
sudo -u www-data ./occ files:scan --all
fi
}
function backup_remote_nextcloud {
if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/data
if [ -d "$temp_backup_dir" ]; then
function_check suspend_site
suspend_site "${NEXTCLOUD_DOMAIN_NAME}"
function_check backup_database_to_friend
backup_database_to_friend nextcloud
function_check backup_directory_to_friend
backup_directory_to_friend "$temp_backup_dir" nextclouddata
temp_backup_dir=/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config
backup_directory_to_friend "$temp_backup_dir" nextcloudconfig
function_check restart_site
restart_site
else
echo $"nextcloud domain specified but not found in ${temp_backup_dir}"
fi
fi
}
function restore_remote_nextcloud {
if grep -q "nextcloud domain" "$COMPLETION_FILE"; then
echo $"Restoring nextcloud"
NEXTCLOUD_DOMAIN_NAME=$(get_completion_param "nextcloud domain")
function_check nextcloud_create_database
nextcloud_create_database
function_check restore_database_from_friend
restore_database_from_friend nextcloud "${NEXTCLOUD_DOMAIN_NAME}"
if [ -d /root/tempnextcloud ]; then
rm -rf /root/tempnextcloud
fi
temp_restore_dir=/root/tempnextcloudfiles
restore_directory_from_friend $temp_restore_dir nextcloudfiles
if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" ]; then
cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/data" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
else
cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 768254
fi
rm -rf ${temp_restore_dir}
temp_restore_dir=/root/tempnextcloudconfig
restore_directory_from_friend $temp_restore_dir nextcloudconfig
if [ -d "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" ]; then
cp -r "$temp_restore_dir/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
else
cp -r $temp_restore_dir/* "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/"
fi
# shellcheck disable=SC2181
if [ ! "$?" = "0" ]; then
exit 573427
fi
rm -rf ${temp_restore_dir}
chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 2642846824
sudo -u www-data ./occ maintenance:repair
sudo -u www-data ./occ files:cleanup
sudo -u www-data ./occ files:scan --all
fi
}
function remove_nextcloud {
if [ ${#NEXTCLOUD_DOMAIN_NAME} -eq 0 ]; then
return
fi
function_check remove_nodejs
remove_nodejs pleroma-nextcloud
sed -i 's|env[PATH]|;env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf
read_config_param "NEXTCLOUD_DOMAIN_NAME"
read_config_param "MY_USERNAME"
echo "Removing $NEXTCLOUD_DOMAIN_NAME"
nginx_dissite "$NEXTCLOUD_DOMAIN_NAME"
remove_certs "$NEXTCLOUD_DOMAIN_NAME"
if [ -d "/var/www/$NEXTCLOUD_DOMAIN_NAME" ]; then
rm -rf "/var/www/$NEXTCLOUD_DOMAIN_NAME"
fi
if [ -f "/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME" ]; then
rm "/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME"
fi
function_check drop_database
drop_database nextcloud
function_check remove_onion_service
remove_onion_service nextcloud ${NEXTCLOUD_ONION_PORT}
remove_app nextcloud
remove_completion_param install_nextcloud
sed -i '/nextcloud/d' "$COMPLETION_FILE"
remove_backup_database_local nextcloud
function_check remove_ddns_domain
remove_ddns_domain "$NEXTCLOUD_DOMAIN_NAME"
systemctl restart nginx
systemctl restart php7.0-fpm
}
function install_nextcloud_main {
if [ ! "$NEXTCLOUD_DOMAIN_NAME" ]; then
echo $'No domain name was given for nextcloud'
exit 7359
fi
if [[ $(app_is_installed nextcloud_main) == "1" ]]; then
return
fi
function_check install_mariadb
install_mariadb
function_check get_mariadb_password
get_mariadb_password
function_check repair_databases_script
repair_databases_script
apt-get -yq install php-gettext php-curl php-gd php-mysql git curl
apt-get -yq install php-intl memcached php-memcached libfcgi0ldbl
apt-get -yq install php-zip
# Ensure PATH is available to php
if [ ! -f /etc/php/7.0/fpm/pool.d/www.conf ]; then
echo $'No php www configuration file found'
exit 628757
fi
sed -i 's|;env[PATH]|env[PATH]|g' /etc/php/7.0/fpm/pool.d/www.conf
if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME" ]; then
mkdir "/var/www/$NEXTCLOUD_DOMAIN_NAME"
fi
if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" ]; then
if [ -d /repos/nextcloud ]; then
mkdir "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
cp -r -p /repos/nextcloud/. "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 2783539793
git pull
else
function_check git_clone
git_clone "$NEXTCLOUD_REPO" "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
fi
if [ ! -d "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" ]; then
echo $'Unable to clone nextcloud repo'
exit 87525
fi
fi
cd "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs" || exit 3468346834
git submodule update --init
git checkout $NEXTCLOUD_COMMIT -b $NEXTCLOUD_COMMIT
set_completion_param "nextcloud commit" "$NEXTCLOUD_COMMIT"
chmod g+w "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
chown -R www-data:www-data "/var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs"
function_check nextcloud_create_database
nextcloud_create_database
if [ ! -f "/etc/aliases" ]; then
touch /etc/aliases
fi
if ! grep -q "www-data: root" /etc/aliases; then
echo 'www-data: root' >> /etc/aliases
fi
function_check add_ddns_domain
add_ddns_domain "$NEXTCLOUD_DOMAIN_NAME"
nextcloud_nginx_site=/etc/nginx/sites-available/$NEXTCLOUD_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_http_redirect
nginx_http_redirect "$NEXTCLOUD_DOMAIN_NAME"
{ echo 'server {';
echo ' listen 443 ssl;';
echo ' #listen [::]:443 ssl;';
echo " server_name $NEXTCLOUD_DOMAIN_NAME;";
echo '';
echo ' # Security'; } >> "$nextcloud_nginx_site"
function_check nginx_ssl
nginx_ssl "$NEXTCLOUD_DOMAIN_NAME" mobile
function_check nginx_security_options
nginx_security_options "$NEXTCLOUD_DOMAIN_NAME"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;";
echo '';
echo ' # Index';
echo ' index index.php;';
echo '';
# By default nextcloud advertises highly specific version information
# on status.php, which can obviously be used by adversaries.
# Blocking status.php prevents this information leak
echo ' location = /status.php {';
echo ' return 404;';
echo ' }';
echo '';
echo ' # PHP';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;';
echo ' }';
echo '';
echo ' # Location';
echo ' location / {'; } >> "$nextcloud_nginx_site"
function_check nginx_limits
nginx_limits "$NEXTCLOUD_DOMAIN_NAME" '15m'
{ echo " try_files \$uri \$uri/ @nextcloud;";
echo ' }';
echo '';
echo ' # Fancy URLs';
echo ' location @nextcloud {';
echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }';
echo '';
echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {';
echo ' deny all;';
echo ' }';
echo '';
echo ' location = /.well-known/carddav {';
echo " return 301 \$scheme://\$host/remote.php/dav;";
echo ' }';
echo ' location = /.well-known/caldav {';
echo " return 301 \$scheme://\$host/remote.php/dav;";
echo ' }';
echo '';
echo ' location /.well-known/acme-challenge { }';
echo '}'; } >> "$nextcloud_nginx_site"
else
echo -n '' > "$nextcloud_nginx_site"
fi
{ echo 'server {';
echo " listen 127.0.0.1:$NEXTCLOUD_ONION_PORT default_server;";
echo " server_name $NEXTCLOUD_DOMAIN_NAME;";
echo ''; } >> "$nextcloud_nginx_site"
function_check nginx_security_options
nginx_security_options "$NEXTCLOUD_DOMAIN_NAME"
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root /var/www/$NEXTCLOUD_DOMAIN_NAME/htdocs;";
echo '';
echo ' # Index';
echo ' index index.php;';
echo '';
# By default nextcloud advertises highly specific version information
# on status.php, which can obviously be used by adversaries.
# Blocking status.php prevents this information leak
echo ' location = /status.php {';
echo ' return 404;';
echo ' }';
echo '';
echo ' # PHP';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;';
echo ' fastcgi_read_timeout 30;';
echo ' }';
echo '';
echo ' # Location';
echo ' location / {'; } >> "$nextcloud_nginx_site"
function_check nginx_limits
nginx_limits "$NEXTCLOUD_DOMAIN_NAME" '15m'
{ echo " try_files \$uri \$uri/ @nextcloud;";
echo ' }';
echo '';
echo ' # Fancy URLs';
echo ' location @nextcloud {';
echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }';
echo '';
echo ' # Restrict access that is unnecessary anyway';
echo ' location ~ /\.(ht|git) {';
echo ' deny all;';
echo ' }';
echo '';
echo ' location = /.well-known/carddav {';
echo " return 301 \$scheme://\$host/remote.php/dav;";
echo ' }';
echo ' location = /.well-known/caldav {';
echo " return 301 \$scheme://\$host/remote.php/dav;";
echo ' }';
echo '';
echo ' location /.well-known/acme-challenge { }';
echo '}'; } >> "$nextcloud_nginx_site"
sed -i 's| DENY;| SAMEORIGIN;|g' "$nextcloud_nginx_site"
# NextCloud doesn't like content-security-policy at all
sed -i '/Content-Security-Policy/d' "$nextcloud_nginx_site"
function_check configure_php
configure_php
function_check create_site_certificate
create_site_certificate "$NEXTCLOUD_DOMAIN_NAME" 'yes'
if [[ "$ONION_ONLY" == "no" ]]; then
if [ ! -f "/etc/ssl/certs/${NEXTCLOUD_DOMAIN_NAME}.pem" ]; then
echo $'Certificate not generated for nextcloud'
exit 725762
fi
fi
# Ensure that the database gets backed up locally, if remote
# backups are not being used
function_check backup_databases_script_header
backup_databases_script_header
function_check backup_database_local
backup_database_local nextcloud
function_check nginx_ensite
nginx_ensite "$NEXTCLOUD_DOMAIN_NAME"
NEXTCLOUD_ONION_HOSTNAME=$(add_onion_service nextcloud 80 ${NEXTCLOUD_ONION_PORT})
systemctl restart php7.0-fpm
systemctl restart nginx
"${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$NEXTCLOUD_DOMAIN_NAME" -g nextcloud --public no
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a nextcloud -p "$NEXTCLOUD_ADMIN_PASSWORD"
cd "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs" || exit 2467245247
if [ -d config ]; then
chown -R www-data:www-data config
fi
if [ -d data ]; then
chown -R www-data:www-data data
fi
chmod +x occ
./occ maintenance:install --database-name nextcloud --admin-user "${MY_USERNAME}" --admin-pass "${NEXTCLOUD_ADMIN_PASSWORD}" --database mysql --database-user root --database-pass "${MARIADB_PASSWORD}"
if [ ! -d data ]; then
echo $'Nextcloud data directory was not found. This probably means that the installation failed.'
echo ''
echo $'Install command was:'
echo "./occ maintenance:install --database-name nextcloud --admin-user ${MY_USERNAME} --admin-pass \"${NEXTCLOUD_ADMIN_PASSWORD}\" --database mysql --database-user root --database-pass \"${MARIADB_PASSWORD}\""
exit 83522
fi
chown -R www-data:www-data config
chown -R www-data:www-data data
sudo -u www-data ./occ check
sudo -u www-data ./occ status
sudo -u www-data ./occ app:list
if [ $NEXTCLOUD_SERVER_SIDE_ENCRYPTION ]; then
sudo -u www-data ./occ app:enable encryption
if ! sudo -u www-data ./occ encryption:enable; then
echo $'Encryption not enabled'
exit 73527
fi
sudo -u www-data ./occ encryption:status
fi
sudo -u www-data ./occ config:system:set appstoreenabled --value=false
chmod g+w "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php"
chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs"
chmod 0644 .htaccess
chmod 0750 data
chown -R www-data:www-data "/var/www/${NEXTCLOUD_DOMAIN_NAME}/data"
sudo -u www-data ./occ config:system:set trusted_domains 1 --value="$NEXTCLOUD_DOMAIN_NAME"
sudo -u www-data ./occ config:system:set trusted_domains 2 --value="$NEXTCLOUD_ONION_HOSTNAME"
sudo -u www-data ./occ files:cleanup
sudo -u www-data ./occ files:scan --all
sudo -u www-data ./occ maintenance:repair
sudo -u www-data ./occ maintenance:mode --off
systemctl restart mariadb
# move the data directory
# shellcheck disable=SC2086
mv /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/data /var/www/${NEXTCLOUD_DOMAIN_NAME}/
sed -i "s|'datadirectory'.*|'datadirectory' => '/var/www/$NEXTCLOUD_DOMAIN_NAME/data',|g" "/var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php"
set_completion_param "nextcloud domain" "$NEXTCLOUD_DOMAIN_NAME"
install_completed nextcloud_main
}
function install_nextcloud {
if [ ! "$ONION_ONLY" ]; then
ONION_ONLY='no'
fi
install_nextcloud_main
APP_INSTALLED=1
}
# NOTE: deliberately there is no "exit 0"
Reference in New Issue View Git Blame Copy Permalink