voltron/Nextcloud-Install
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

v1

Browse Source
This commit is contained in:
David Schroeder
2019-11-14 20:26:32 -06:00
parent ac7cd93dfe
commit ff77cf26f5
4 changed files with 30 additions and 415 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
lib.sh
View File

@@ -30,14 +30,15 @@ WANIP4=$(curl -s -k -m 5 https://ipv4bot.whatismyipaddress.com)
[ -n "$LOAD_IP6" ] && WANIP6=$(curl -s -k -m 5 https://ipv6bot.whatismyipaddress.com) [ -n "$LOAD_IP6" ] && WANIP6=$(curl -s -k -m 5 https://ipv6bot.whatismyipaddress.com)
INTERFACES="/etc/netplan/01-netcfg.yaml" INTERFACES="/etc/netplan/01-netcfg.yaml"
GATEWAY=$(ip route | grep default | awk '{print $3}') GATEWAY=$(ip route | grep default | awk '{print $3}')
DNS1="9.9.9.9" DNS1="10.10.10.10"
DNS2="149.112.112.112" DNS2="10.5.10.5"
# Repo # Repo
GITHUB_REPO="https://raw.githubusercontent.com/nextcloud/vm/master" GITHUB_REPO="https://raw.githubusercontent.com/nextcloud/vm/master"
STATIC="$GITHUB_REPO/static" STATIC="$GITHUB_REPO/static"
LETS_ENC="$GITHUB_REPO/lets-encrypt" LETS_ENC="$GITHUB_REPO/lets-encrypt"
APP="$GITHUB_REPO/apps" APP="$GITHUB_REPO/apps"
NCREPO="https://download.nextcloud.com/server/releases" #NCREPO="https://download.nextcloud.com/server/releases"
NCREPO="https://download.nextcloud.com/server/prereleases"
ISSUES="https://github.com/nextcloud/vm/issues" ISSUES="https://github.com/nextcloud/vm/issues"
# User information # User information
NCPASS=nextcloud NCPASS=nextcloud
@@ -53,7 +54,8 @@ NEWMARIADBPASS=$(tr -dc "a-zA-Z0-9@#*=" < /dev/urandom | fold -w "$SHUF" | head
ETCMYCNF=/etc/mysql/my.cnf ETCMYCNF=/etc/mysql/my.cnf
MYCNF=/root/.my.cnf MYCNF=/root/.my.cnf
[ -n "$MYCNFPW" ] && MARIADBMYCNFPASS=$(grep "password" $MYCNF | sed -n "/password/s/^password='\(.*\)'$/\1/p") [ -n "$MYCNFPW" ] && MARIADBMYCNFPASS=$(grep "password" $MYCNF | sed -n "/password/s/^password='\(.*\)'$/\1/p")
PGDB_PASS=$(tr -dc "a-zA-Z0-9@#*=" < /dev/urandom | fold -w "$SHUF" | head -n 1) DB_USER='nextcloud'
DB_PASS='Dc$@2057'
NEWPGPASS=$(tr -dc "a-zA-Z0-9@#*=" < /dev/urandom | fold -w "$SHUF" | head -n 1) NEWPGPASS=$(tr -dc "a-zA-Z0-9@#*=" < /dev/urandom | fold -w "$SHUF" | head -n 1)
[ -n "$NCDB" ] && NCCONFIGDB=$(grep "dbname" $NCPATH/config/config.php | awk '{print $3}' | sed "s/[',]//g") [ -n "$NCDB" ] && NCCONFIGDB=$(grep "dbname" $NCPATH/config/config.php | awk '{print $3}' | sed "s/[',]//g")
[ -n "$NCDBPASS" ] && NCCONFIGDBPASS=$(grep "dbpassword" $NCPATH/config/config.php | awk '{print $3}' | sed "s/[',]//g") [ -n "$NCDBPASS" ] && NCCONFIGDBPASS=$(grep "dbpassword" $NCPATH/config/config.php | awk '{print $3}' | sed "s/[',]//g")
@@ -63,8 +65,11 @@ SSL_CONF="/etc/apache2/sites-available/nextcloud_ssl_domain_self_signed.conf"
HTTP_CONF="/etc/apache2/sites-available/nextcloud_http_domain_self_signed.conf" HTTP_CONF="/etc/apache2/sites-available/nextcloud_http_domain_self_signed.conf"
# Nextcloud version # Nextcloud version
[ -n "$NC_UPDATE" ] && CURRENTVERSION=$(sudo -u www-data php $NCPATH/occ status | grep "versionstring" | awk '{print $3}') [ -n "$NC_UPDATE" ] && CURRENTVERSION=$(sudo -u www-data php $NCPATH/occ status | grep "versionstring" | awk '{print $3}')
# [ -n "$NC_UPDATE" ] && NCVERSION=$(curl -s -m 900 $NCREPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)
# [ -n "$NC_UPDATE" ] && STABLEVERSION="nextcloud-$NCVERSION"
[ -n "$NC_UPDATE" ] && NCVERSION=$(curl -s -m 900 $NCREPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1) [ -n "$NC_UPDATE" ] && NCVERSION=$(curl -s -m 900 $NCREPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)
[ -n "$NC_UPDATE" ] && STABLEVERSION="nextcloud-$NCVERSION" [ -n "$NC_UPDATE" ] && STABLEVERSION="nextcloud-$NCVERSION"
[ -n "$NC_UPDATE" ] && NCMAJOR="${NCVERSION%%.*}" [ -n "$NC_UPDATE" ] && NCMAJOR="${NCVERSION%%.*}"
[ -n "$NC_UPDATE" ] && NCBAD=$((NCMAJOR-2)) [ -n "$NC_UPDATE" ] && NCBAD=$((NCMAJOR-2))
# Keys # Keys
@@ -85,7 +90,7 @@ DHPARAMS="$CERTFILES/$SUBDOMAIN/dhparam.pem"
HTTPS_CONF="/etc/apache2/sites-available/$SUBDOMAIN.conf" HTTPS_CONF="/etc/apache2/sites-available/$SUBDOMAIN.conf"
HTTP2_CONF="/etc/apache2/mods-available/http2.conf" HTTP2_CONF="/etc/apache2/mods-available/http2.conf"
# PHP-FPM # PHP-FPM
PHPVER=7.2 PHPVER=7.3
PHP_FPM_DIR=/etc/php/$PHPVER/fpm PHP_FPM_DIR=/etc/php/$PHPVER/fpm
PHP_INI=$PHP_FPM_DIR/php.ini PHP_INI=$PHP_FPM_DIR/php.ini
PHP_POOL_DIR=$PHP_FPM_DIR/pool.d PHP_POOL_DIR=$PHP_FPM_DIR/pool.d
@@ -270,97 +275,6 @@ then
fi fi
} }
# Warn user that HTTP/2 will be disabled if installing app that use Apache2 PHP instead of PHP-FPM
# E.g: http2_warn Modsecurity
http2_warn() {
msg_box "This VM has HTTP/2 enabled by default.
If you continue with installing $1, HTTP/2 will be disabled since it's not compatible with the mpm module used by $1.
This is what Apache will say in the error.log if you enable $1 anyway:
'The mpm module (prefork.c) is not supported by mod_http2.
The mpm determines how things are processed in your server.
HTTP/2 has more demands in this regard and the currently selected mpm will just not do.
This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.'"
if [[ "no" == $(ask_yes_or_no "Do you really want to enable $1 anyway?") ]]
then
exit 1
fi
}
calculate_php_fpm() {
# Minimum amount of max children (lower than this won't work with 2 GB RAM)
min_max_children=8
# If start servers are lower than this then it's likely that there are room for max_spare_servers
min_start_servers=20
# Maximum amount of children is only set if the min_start_servers value are met
min_max_spare_servers=35
# Calculate the sum of the current values
CURRENT_START="$(grep pm.start_servers "$PHP_POOL_DIR"/nextcloud.conf | awk '{ print $3}')"
CURRENT_MAX="$(grep pm.max_spare_servers "$PHP_POOL_DIR"/nextcloud.conf | awk '{ print $3}')"
CURRENT_MIN="$(grep pm.min_spare_servers "$PHP_POOL_DIR"/nextcloud.conf | awk '{ print $3}')"
CURRENT_SUM="$((CURRENT_START + CURRENT_MAX + CURRENT_MIN))"
# Calculate max_children depending on RAM
# Tends to be between 30-50MB per children
average_php_memory_requirement=50
available_memory=$(awk '/MemAvailable/ {printf "%d", $2/1024}' /proc/meminfo)
PHP_FPM_MAX_CHILDREN=$((available_memory/average_php_memory_requirement))
# Lowest possible value is 8
print_text_in_color "$ICyan" "Automatically configures pm.max_children for php-fpm..."
if [ $PHP_FPM_MAX_CHILDREN -lt $min_max_children ]
then
msg_box "The current max_children value available to set is $PHP_FPM_MAX_CHILDREN, and with that value PHP-FPM won't function properly.
The minimum value is 8, and the value is calculated depening on how much RAM you have left to use in the system.
The absolute minimum amount of RAM required to run the VM is 2 GB, but we recomend 4 GB.
You now have two choices:
1. Import this VM again, raise the amount of RAM with at least 1 GB, and then run this script again,
installing it in the same way as you did before.
2. Import this VM again without raising the RAM, but don't install any of the following apps:
1) Collabora
2) OnlyOffice
3) Full Text Search
This script will now exit.
The installation was not successful, sorry for the inconvenience.
If you think this is a bug, please report it to $ISSUES"
exit 1
else
check_command sed -i "s|pm.max_children.*|pm.max_children = $PHP_FPM_MAX_CHILDREN|g" "$PHP_POOL_DIR"/nextcloud.conf
print_text_in_color "$IGreen" "pm.max_children was set to $PHP_FPM_MAX_CHILDREN"
# Check if the sum of all the current values are more than $PHP_FPM_MAX_CHILDREN and only continue it is
if [ $PHP_FPM_MAX_CHILDREN -gt $CURRENT_SUM ]
then
# Set pm.max_spare_servers
if [ $PHP_FPM_MAX_CHILDREN -ge $min_max_spare_servers ]
then
if [ "$(grep pm.start_servers "$PHP_POOL_DIR"/nextcloud.conf | awk '{ print $3}')" -lt $min_start_servers ]
then
check_command sed -i "s|pm.max_spare_servers.*|pm.max_spare_servers = $((PHP_FPM_MAX_CHILDREN - 30))|g" "$PHP_POOL_DIR"/nextcloud.conf
print_text_in_color "$IGreen" "pm.max_spare_servers was set to $((PHP_FPM_MAX_CHILDREN - 30))"
fi
fi
fi
fi
# If $PHP_FPM_MAX_CHILDREN is lower than the current sum of all values, revert to default settings
if [ $PHP_FPM_MAX_CHILDREN -lt $CURRENT_SUM ]
then
check_command sed -i "s|pm.max_children.*|pm.max_children = $PHP_FPM_MAX_CHILDREN|g" "$PHP_POOL_DIR"/nextcloud.conf
check_command sed -i "s|pm.start_servers.*|pm.start_servers = 3|g" "$PHP_POOL_DIR"/nextcloud.conf
check_command sed -i "s|pm.min_spare_servers.*|pm.min_spare_servers = 2|g" "$PHP_POOL_DIR"/nextcloud.conf
check_command sed -i "s|pm.max_spare_servers.*|pm.max_spare_servers = 3|g" "$PHP_POOL_DIR"/nextcloud.conf
print_text_in_color "$ICyan" "All PHP-INI values were set back to default values as the value for pm.max_children ($PHP_FPM_MAX_CHILDREN) was lower than the sum of all the current values ($CURRENT_SUM)"
print_text_in_color "$ICyan" "Please run this again to set optimal values"
fi
restart_webserver
}
test_connection() { test_connection() {
# Install dnsutils if not existing # Install dnsutils if not existing
@@ -411,32 +325,6 @@ fi
} }
# Install certbot (Let's Encrypt)
install_certbot() {
certbot --version 2> /dev/null
LE_IS_AVAILABLE=$?
if [ $LE_IS_AVAILABLE -eq 0 ]
then
certbot --version 2> /dev/null
else
print_text_in_color "$ICyan" "Installing certbot (Let's Encrypt)..."
apt update -q4 & spinner_loading
install_if_not software-properties-common
add-apt-repository ppa:certbot/certbot -y
apt update -q4 & spinner_loading
install_if_not certbot
apt update -q4 & spinner_loading
apt dist-upgrade -y
fi
}
# Let's Encrypt for subdomains
le_subdomain() {
a2dissite 000-default.conf
service apache2 reload
certbot certonly --standalone --pre-hook "service apache2 stop" --post-hook "service apache2 start" --agree-tos --rsa-key-size 4096 -d "$SUBDOMAIN"
}
# Check if port is open # check_open_port 443 domain.example.com # Check if port is open # check_open_port 443 domain.example.com
check_open_port() { check_open_port() {
print_text_in_color "$ICyan" "Checking if port ${1} is open with https://ports.yougetsignal.com..." print_text_in_color "$ICyan" "Checking if port ${1} is open with https://ports.yougetsignal.com..."
@@ -628,8 +516,10 @@ download_verify_nextcloud_stable() {
while [ -z "$NCVERSION" ] while [ -z "$NCVERSION" ]
do do
print_text_in_color "$ICyan" "Fetching the latest Nextcloud version..." print_text_in_color "$ICyan" "Fetching the latest Nextcloud version..."
NCVERSION=$(curl -s -m 900 $NCREPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1) # NCVERSION=$(curl -s -m 900 $NCREPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)
STABLEVERSION="nextcloud-$NCVERSION" # STABLEVERSION="nextcloud-$NCVERSION"
NCVERSION=$(curl -s -m 900 $NCREPO/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)
STABLEVERSION="nextcloud-$NCVERSION"
print_text_in_color "$IGreen" "$NCVERSION" print_text_in_color "$IGreen" "$NCVERSION"
done done
install_if_not gnupg install_if_not gnupg

44
nextcloud-startup-script.sh
View File

@@ -51,7 +51,7 @@ elif print_text_in_color "$ICyan" "Testing internet connection..." && ping githu
then then
true true
# shellcheck source=lib.sh # shellcheck source=lib.sh
NCDB=1 && FIRST_IFACE=1 && CHECK_CURRENT_REPO=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) NCDB=1 && FIRST_IFACE=1 && CHECK_CURRENT_REPO=1 . <(curl -sL https://git.schroedercity.com/voltron/Nextcloud-Install/raw/branch/master/lib.sh)
unset FIRST_IFACE unset FIRST_IFACE
unset CHECK_CURRENT_REPO unset CHECK_CURRENT_REPO
unset NCDB unset NCDB
@@ -117,7 +117,7 @@ Please also post this issue on: https://github.com/nextcloud/vm/issues"
fi fi
# shellcheck source=lib.sh # shellcheck source=lib.sh
NCDB=1 && CHECK_CURRENT_REPO=1 && NC_UPDATE=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) NCDB=1 && CHECK_CURRENT_REPO=1 && NC_UPDATE=1 . <(curl -sL https://git.schroedercity.com/voltron/Nextcloud-Install/raw/branch/master/lib.sh)
unset NC_UPDATE unset NC_UPDATE
unset CHECK_CURRENT_REPO unset CHECK_CURRENT_REPO
unset NCDB unset NCDB
@@ -246,17 +246,6 @@ else
chmod 750 $HTML/index.php && chown www-data:www-data $HTML/index.php chmod 750 $HTML/index.php && chown www-data:www-data $HTML/index.php
fi fi
# Change 000-default to $WEB_ROOT
sed -i "s|DocumentRoot /var/www/html|DocumentRoot $HTML|g" /etc/apache2/sites-available/000-default.conf
# Make possible to see the welcome screen (without this php-fpm won't reach it)
sed -i '14i\ # http://lost.l-w.ca/0x05/apache-mod_proxy_fcgi-and-php-fpm/' /etc/apache2/sites-available/000-default.conf
sed -i '15i\ <FilesMatch "\.php$">' /etc/apache2/sites-available/000-default.conf
sed -i '16i\ <If "-f %{SCRIPT_FILENAME}">' /etc/apache2/sites-available/000-default.conf
sed -i '17i\ SetHandler "proxy:unix:/run/php/php'$PHPVER'-fpm.nextcloud.sock|fcgi://localhost"' /etc/apache2/sites-available/000-default.conf
sed -i '18i\ </If>' /etc/apache2/sites-available/000-default.conf
sed -i '19i\ </FilesMatch>' /etc/apache2/sites-available/000-default.conf
sed -i '20i\ ' /etc/apache2/sites-available/000-default.conf
# Make $SCRIPTS excutable # Make $SCRIPTS excutable
chmod +x -R $SCRIPTS chmod +x -R $SCRIPTS
@@ -406,16 +395,7 @@ do
done 9< results done 9< results
rm -f results rm -f results
# Let's Encrypt
if [[ "yes" == $(ask_yes_or_no "Do you want to install SSL?") ]]
then
bash $SCRIPTS/activate-ssl.sh
else
echo
print_text_in_color "$ICyan" "OK, but if you want to run it later, just type: sudo bash $SCRIPTS/activate-ssl.sh"
any_key "Press any key to continue..."
fi
clear
# Install Apps # Install Apps
whiptail --title "Which apps do you want to install?" --checklist --separate-output "Automatically configure and install selected apps\nSelect by pressing the spacebar" "$WT_HEIGHT" "$WT_WIDTH" 4 \ whiptail --title "Which apps do you want to install?" --checklist --separate-output "Automatically configure and install selected apps\nSelect by pressing the spacebar" "$WT_HEIGHT" "$WT_WIDTH" 4 \
@@ -530,25 +510,7 @@ NCADMIN=$(occ_command user:list | awk '{print $3}')
occ_command notification:generate -l "Please remember to setup SMTP to be able to send shared links, user notifications and more via email. Please go here and start setting it up: https://your-nextcloud/settings/admin." "$NCADMIN" "Please setup SMTP" occ_command notification:generate -l "Please remember to setup SMTP to be able to send shared links, user notifications and more via email. Please go here and start setting it up: https://your-nextcloud/settings/admin." "$NCADMIN" "Please setup SMTP"
occ_command notification:generate -l "If you need support, please visit the shop: https://shop.hanssonit.se" "$NCADMIN" "Do you need support?" occ_command notification:generate -l "If you need support, please visit the shop: https://shop.hanssonit.se" "$NCADMIN" "Do you need support?"
# Fixes https://github.com/nextcloud/vm/issues/58
a2dismod status
restart_webserver
if home_sme_server
then
# Add specific values to PHP-FPM based on 16 GB RAM
check_command sed -i "s|pm.max_children.*|pm.max_children = 307|g" "$PHP_POOL_DIR"/nextcloud.conf
check_command sed -i "s|pm.start_servers.*|pm.start_servers = 30|g" "$PHP_POOL_DIR"/nextcloud.conf
check_command sed -i "s|pm.min_spare_servers.*|pm.min_spare_servers = 20|g" "$PHP_POOL_DIR"/nextcloud.conf
check_command sed -i "s|pm.max_spare_servers.*|pm.max_spare_servers = 257|g" "$PHP_POOL_DIR"/nextcloud.conf
restart_webserver
else
# Calculate the values of PHP-FPM based on the amount of RAM available (minimum 2 GB or 8 children)
calculate_php_fpm
# Run again if values are reset on last run
calculate_php_fpm
fi
# Add temporary fix if needed # Add temporary fix if needed
bash "$SCRIPTS"/temporary-fix.sh bash "$SCRIPTS"/temporary-fix.sh

261
nextcloud_install_production.sh
View File

@@ -8,7 +8,7 @@ sed -i "s|#precedence ::ffff:0:0/96 100|precedence ::ffff:0:0/96 100|g" /etc/g
# shellcheck disable=2034,2059 # shellcheck disable=2034,2059
true true
# shellcheck source=lib.sh # shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) . <(curl -sL https://git.schroedercity.com/voltron/Nextcloud-Install/raw/branch/master/lib.sh)
# Check if dpkg or apt is running # Check if dpkg or apt is running
is_process_running apt is_process_running apt
@@ -44,7 +44,7 @@ fi
# shellcheck disable=2034,2059 # shellcheck disable=2034,2059
true true
# shellcheck source=lib.sh # shellcheck source=lib.sh
FIRST_IFACE=1 && CHECK_CURRENT_REPO=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) FIRST_IFACE=1 && CHECK_CURRENT_REPO=1 . <(curl -sL https://git.schroedercity.com/voltron/Nextcloud-Install/raw/branch/master/lib.sh)
unset FIRST_IFACE unset FIRST_IFACE
unset CHECK_CURRENT_REPO unset CHECK_CURRENT_REPO
@@ -216,50 +216,6 @@ else
fi fi
fi fi
# Install PostgreSQL
# sudo add-apt-repository "deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main"
# curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
apt update -q4 & spinner_loading
apt install postgresql-10 -y
# Create DB
cd /tmp
sudo -u postgres psql <<END
CREATE USER $NCUSER WITH PASSWORD '$PGDB_PASS';
CREATE DATABASE nextcloud_db WITH OWNER $NCUSER TEMPLATE template0 ENCODING 'UTF8';
END
print_text_in_color "$ICyan" "PostgreSQL password: $PGDB_PASS"
service postgresql restart
# Install Apache
check_command apt install apache2 -y
a2enmod rewrite \
headers \
proxy \
proxy_fcgi \
setenvif \
env \
mime \
dir \
authz_core \
alias \
ssl
# We don't use Apache PHP (just to be sure)
a2dismod mpm_prefork
# Disable server tokens in Apache
if ! grep -q 'ServerSignature' /etc/apache2/apache2.conf
then
{
echo "# Turn off ServerTokens for both Apache and PHP"
echo "ServerSignature Off"
echo "ServerTokens Prod"
} >> /etc/apache2/apache2.conf
check_command systemctl restart apache2.service
fi
# Install PHP "$PHPVER" # Install PHP "$PHPVER"
apt update -q4 & spinner_loading apt update -q4 & spinner_loading
check_command apt install -y \ check_command apt install -y \
@@ -268,12 +224,15 @@ check_command apt install -y \
php"$PHPVER"-ldap \ php"$PHPVER"-ldap \
php"$PHPVER"-imap \ php"$PHPVER"-imap \
php"$PHPVER"-gd \ php"$PHPVER"-gd \
php"$PHPVER"-pgsql \ php"$PHPVER"-mysql \
php"$PHPVER"-curl \ php"$PHPVER"-curl \
php"$PHPVER"-xml \ php"$PHPVER"-xsl \
php"$PHPVER"-zip \ php"$PHPVER"-zip \
php"$PHPVER"-mbstring \ php"$PHPVER"-mbstring \
php"$PHPVER"-soap \ php"$PHPVER"-soap \
php"$PHPVER"-opcache \
php"$PHPVER"-xml \
php"$PHPVER"-xmlrpc \
php"$PHPVER"-smbclient \ php"$PHPVER"-smbclient \
php"$PHPVER"-json \ php"$PHPVER"-json \
php"$PHPVER"-gmp \ php"$PHPVER"-gmp \
@@ -282,55 +241,7 @@ check_command apt install -y \
# php"$PHPVER"-imagick \ # php"$PHPVER"-imagick \
# libmagickcore-6.q16-3-extra # libmagickcore-6.q16-3-extra
# Enable php-fpm
a2enconf php"$PHPVER"-fpm
# Enable HTTP/2 server wide
print_text_in_color "$ICyan" "Enabling HTTP/2 server wide..."
cat << HTTP2_ENABLE > "$HTTP2_CONF"
<IfModule http2_module>
Protocols h2 h2c http/1.1
H2Direct on
</IfModule>
HTTP2_ENABLE
print_text_in_color "$IGreen" "$HTTP2_CONF was successfully created"
a2enmod http2
restart_webserver
# Set up a php-fpm pool with a unixsocket
cat << POOL_CONF > "$PHP_POOL_DIR"/nextcloud.conf
[Nextcloud]
user = www-data
group = www-data
listen = /run/php/php"$PHPVER"-fpm.nextcloud.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
; max_children is set dynamically with calculate_php_fpm()
pm.max_children = 8
pm.start_servers = 3
pm.min_spare_servers = 2
pm.max_spare_servers = 3
env[HOSTNAME] = $(hostname -f)
env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
security.limit_extensions = .php
php_admin_value [cgi.fix_pathinfo] = 1
; Optional
; pm.max_requests = 2000
POOL_CONF
# Disable the idling example pool.
mv "$PHP_POOL_DIR"/www.conf "$PHP_POOL_DIR"/www.conf.backup
# Enable the new php-fpm config
restart_webserver
# Calculate the values of PHP-FPM based on the amount of RAM available (it's done in the startup script as well)
calculate_php_fpm
# Enable SMB client # already loaded with php-smbclient # Enable SMB client # already loaded with php-smbclient
# echo '# This enables php-smbclient' >> /etc/php/"$PHPVER"/apache2/php.ini # echo '# This enables php-smbclient' >> /etc/php/"$PHPVER"/apache2/php.ini
@@ -361,10 +272,11 @@ print_text_in_color "$ICyan" "Installing Nextcloud..."
cd "$NCPATH" cd "$NCPATH"
occ_command maintenance:install \ occ_command maintenance:install \
--data-dir="$NCDATA" \ --data-dir="$NCDATA" \
--database=pgsql \ --database=mysql \
--database-name=nextcloud_db \ --database-host=10.5.10.51 \
--database-user="$NCUSER" \ --database-name=nextcloud \
--database-pass="$PGDB_PASS" \ --database-user="$DB_USER" \
--database-pass="$DB_PASS" \
--admin-user="$NCUSER" \ --admin-user="$NCUSER" \
--admin-pass="$NCPASS" --admin-pass="$NCPASS"
echo echo
@@ -435,17 +347,6 @@ sed -i "s|;emergency_restart_threshold.*|emergency_restart_threshold = 10|g" /et
sed -i "s|;emergency_restart_interval.*|emergency_restart_interval = 1m|g" /etc/php/"$PHPVER"/fpm/php-fpm.conf sed -i "s|;emergency_restart_interval.*|emergency_restart_interval = 1m|g" /etc/php/"$PHPVER"/fpm/php-fpm.conf
sed -i "s|;process_control_timeout.*|process_control_timeout = 10|g" /etc/php/"$PHPVER"/fpm/php-fpm.conf sed -i "s|;process_control_timeout.*|process_control_timeout = 10|g" /etc/php/"$PHPVER"/fpm/php-fpm.conf
# PostgreSQL values for PHP (https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/linux_database_configuration.html#postgresql-database)
{
echo ""
echo "[PostgresSQL]"
echo "pgsql.allow_persistent = On"
echo "pgsql.auto_reset_persistent = Off"
echo "pgsql.max_persistent = -1"
echo "pgsql.max_links = -1"
echo "pgsql.ignore_notice = 0"
echo "pgsql.log_notice = 0"
} >> "$PHP_FPM_DIR"/conf.d/20-pdo_pgsql.ini
# Install Redis (distrubuted cache) # Install Redis (distrubuted cache)
run_static_script redis-server-ubuntu run_static_script redis-server-ubuntu
@@ -509,144 +410,6 @@ occ_command db:add-missing-indices
# Install Figlet # Install Figlet
install_if_not figlet install_if_not figlet
# To be able to use snakeoil certs
install_if_not ssl-cert
# Generate $HTTP_CONF
if [ ! -f $HTTP_CONF ]
then
touch "$HTTP_CONF"
cat << HTTP_CREATE > "$HTTP_CONF"
<VirtualHost *:80>
### YOUR SERVER ADDRESS ###
# ServerAdmin admin@example.com
# ServerName example.com
# ServerAlias subdomain.example.com
### SETTINGS ###
<FilesMatch "\.php$">
SetHandler "proxy:unix:/run/php/php$PHPVER-fpm.nextcloud.sock|fcgi://localhost"
</FilesMatch>
DocumentRoot $NCPATH
<Directory $NCPATH>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Satisfy Any
</Directory>
<IfModule mod_dav.c>
Dav off
</IfModule>
<Directory "$NCDATA">
# just in case if .htaccess gets disabled
Require all denied
</Directory>
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<Files ".ht*">
Require all denied
</Files>
# Disable HTTP TRACE method.
TraceEnable off
# Disable HTTP TRACK method.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* - [R=405,L]
SetEnv HOME $NCPATH
SetEnv HTTP_HOME $NCPATH
# Avoid "Sabre\DAV\Exception\BadRequest: expected filesize XXXX got XXXX"
<IfModule mod_reqtimeout.c>
RequestReadTimeout body=0
</IfModule>
</VirtualHost>
HTTP_CREATE
print_text_in_color "$IGreen" "$HTTP_CONF was successfully created."
fi
# Generate $SSL_CONF
if [ ! -f $SSL_CONF ]
then
touch "$SSL_CONF"
cat << SSL_CREATE > "$SSL_CONF"
<VirtualHost *:443>
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
SSLEngine on
### YOUR SERVER ADDRESS ###
# ServerAdmin admin@example.com
# ServerName example.com
# ServerAlias subdomain.example.com
### SETTINGS ###
<FilesMatch "\.php$">
SetHandler "proxy:unix:/run/php/php$PHPVER-fpm.nextcloud.sock|fcgi://localhost"
</FilesMatch>
DocumentRoot $NCPATH
<Directory $NCPATH>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Satisfy Any
</Directory>
<IfModule mod_dav.c>
Dav off
</IfModule>
<Directory "$NCDATA">
# just in case if .htaccess gets disabled
Require all denied
</Directory>
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<Files ".ht*">
Require all denied
</Files>
# Disable HTTP TRACE method.
TraceEnable off
# Disable HTTP TRACK method.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* - [R=405,L]
SetEnv HOME $NCPATH
SetEnv HTTP_HOME $NCPATH
# Avoid "Sabre\DAV\Exception\BadRequest: expected filesize XXXX got XXXX"
<IfModule mod_reqtimeout.c>
RequestReadTimeout body=0
</IfModule>
### LOCATION OF CERT FILES ###
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
SSL_CREATE
print_text_in_color "$IGreen" "$SSL_CONF was successfully created."
fi
# Enable new config
a2ensite nextcloud_ssl_domain_self_signed.conf
a2ensite nextcloud_http_domain_self_signed.conf
a2dissite default-ssl
restart_webserver
whiptail --title "Install apps or software" --checklist --separate-output "Automatically configure and install selected apps or software\nDeselect by pressing the spacebar" "$WT_HEIGHT" "$WT_WIDTH" 4 \ whiptail --title "Install apps or software" --checklist --separate-output "Automatically configure and install selected apps or software\nDeselect by pressing the spacebar" "$WT_HEIGHT" "$WT_WIDTH" 4 \
"Calendar" " " on \ "Calendar" " " on \
"Contacts" " " on \ "Contacts" " " on \

2
nextcloud_update.sh
View File

@@ -7,7 +7,7 @@
# shellcheck disable=2034,2059 # shellcheck disable=2034,2059
true true
# shellcheck source=lib.sh # shellcheck source=lib.sh
NCDB=1 && NC_UPDATE=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) NCDB=1 && NC_UPDATE=1 . <(curl -sL https://git.schroedercity.com/voltron/Nextcloud-Install/raw/branch/master/lib.sh)
unset NC_UPDATE unset NC_UPDATE
unset NCDB unset NCDB