Skip to content

W
wtlinux_server_setup
Commit adda3a5c authored by w4t's avatar w4t
Browse files
Options

wtserver 0.24

parent c6ac6e23
Show whitespace changes
Inline Side-by-side
Showing with 761 additions and 759 deletions
distros/debian12/install_ftp.sh
View file @ adda3a5c
...@@ -27,7 +27,7 @@ InstallFTP() { ...@@ -27,7 +27,7 @@ InstallFTP() {
"onlyTLS") echo -n -e "${red}TLS Only${NC}"; echo 2 >/etc/pure-ftpd/conf/TLS ;; "onlyTLS") echo -n -e "${red}TLS Only${NC}"; echo 2 >/etc/pure-ftpd/conf/TLS ;;
*) echo -n -e "${red}Both FTP and TLS${NC}"; echo 1 >/etc/pure-ftpd/conf/TLS ;; *) echo -n -e "${red}Both FTP and TLS${NC}"; echo 1 >/etc/pure-ftpd/conf/TLS ;;
esac esac
echo -e "connections [${green}DONE${NC}]" echo -e " connections [${green}DONE${NC}]"
echo -n -e "$IDENTATION_LVL_1 Generating and Installing SSL Certificate for FTP Server... " echo -n -e "$IDENTATION_LVL_1 Generating and Installing SSL Certificate for FTP Server... "
mkdir -p /etc/ssl/private/ >>"$PROGRAMS_INSTALL_LOG_FILES" 2>&1 mkdir -p /etc/ssl/private/ >>"$PROGRAMS_INSTALL_LOG_FILES" 2>&1
......
distros/debian12/install_mta.sh
View file @ adda3a5c
...@@ -66,23 +66,23 @@ InstallMTA() { ...@@ -66,23 +66,23 @@ InstallMTA() {
-e "/^#default_login_user =/a log_path = /var/log/mail.log" \ -e "/^#default_login_user =/a log_path = /var/log/mail.log" \
"/etc/dovecot/conf.d/10-master.conf" "/etc/dovecot/conf.d/10-master.conf"
sed -i 's/ #user =/ user = postfix/' /etc/dovecot/conf.d/10-master.conf sed -i "s/ #user =/ user = postfix/" /etc/dovecot/conf.d/10-master.conf
sed -i 's/ #group =/ group = postfix/' /etc/dovecot/conf.d/10-master.conf sed -i "s/ #group =/ group = postfix/" /etc/dovecot/conf.d/10-master.conf
# The inotify `max_user_instances` default is 128, which constrains # The inotify `max_user_instances` default is 128, which constrains
# the total number of watched (IMAP IDLE push) folders by open connections. # the total number of watched (IMAP IDLE push) folders by open connections.
# See http://www.dovecot.org/pipermail/dovecot/2013-March/088834.html. # See http://www.dovecot.org/pipermail/dovecot/2013-March/088834.html.
# A reboot is required for this to take effect (which we don't do as # A reboot is required for this to take effect (which we don't do as
# as a part of setup). Test with `cat /proc/sys/fs/inotify/max_user_instances`. # as a part of setup). Test with `cat /proc/sys/fs/inotify/max_user_instances`.
sed -i '/^#*\s*fs\.inotify\.max_user_instances\s*=/d; $a\fs.inotify.max_user_instances=1024' /etc/sysctl.conf sed -i "/^#*\s*fs\.inotify\.max_user_instances\s*=/d; $a\fs.inotify.max_user_instances=1024" /etc/sysctl.conf
# Set the location where we'll store user mailboxes. '%d' is the domain name and '%n' is the # Set the location where we'll store user mailboxes. '%d' is the domain name and '%n' is the
# username part of the user's email address. We'll ensure that no bad domains or email addresses # username part of the user's email address. We'll ensure that no bad domains or email addresses
# are created within the management daemon. # are created within the management daemon.
sed -i -E \ sed -i -E \
-e 's/^mail_location\s*=\s*.*/mail_location = maildir:$STORAGE_ROOT\/mail\/mailboxes\/%d\/%n/' \ -e "s/^mail_location\s*=\s*.*/mail_location = maildir:$STORAGE_ROOT\/mail\/mailboxes\/%d\/%n/" \
-e 's/^mail_privileged_group\s*=\s*.*/mail_privileged_group = mail/' \ -e "s/^mail_privileged_group\s*=\s*.*/mail_privileged_group = mail/" \
-e 's/^#first_valid_uid\s*=\s*.*/first_valid_uid = 0/' \ -e "s/^#first_valid_uid\s*=\s*.*/first_valid_uid = 0/" \
/etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf
# Create, subscribe, and mark as special folders: INBOX, Drafts, Sent, Trash, Spam and Archive. # Create, subscribe, and mark as special folders: INBOX, Drafts, Sent, Trash, Spam and Archive.
...@@ -120,21 +120,21 @@ EOF ...@@ -120,21 +120,21 @@ EOF
# The LOGIN mechanism is supposedly for Microsoft products like Outlook to do SMTP login (I guess # The LOGIN mechanism is supposedly for Microsoft products like Outlook to do SMTP login (I guess
# since we're using Dovecot to handle SMTP authentication?). # since we're using Dovecot to handle SMTP authentication?).
sed -i -E \ sed -i -E \
-e 's/^#?disable_plaintext_auth\s*=\s*.*/disable_plaintext_auth = yes/' \ -e "s/^#?disable_plaintext_auth\s*=\s*.*/disable_plaintext_auth = yes/" \
-e 's/^auth_mechanisms\s*=\s*.*/auth_mechanisms = plain login/' \ -e "s/^auth_mechanisms\s*=\s*.*/auth_mechanisms = plain login/" \
/etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf
# Enable SSL, specify the location of the SSL certificate and private key files. # Enable SSL, specify the location of the SSL certificate and private key files.
# Use Mozilla's "Intermediate" recommendations at https://ssl-config.mozilla.org/#server=dovecot&server-version=2.3.7.2&config=intermediate&openssl-version=1.1.1, # Use Mozilla's "Intermediate" recommendations at https://ssl-config.mozilla.org/#server=dovecot&server-version=2.3.7.2&config=intermediate&openssl-version=1.1.1,
# except that the current version of Dovecot does not have a TLSv1.3 setting, so we only use TLSv1.2. # except that the current version of Dovecot does not have a TLSv1.3 setting, so we only use TLSv1.2.
sed -i -E \ sed -i -E \
-e 's/^ssl\s*=\s*.*/ssl = required/' \ -e "s/^ssl\s*=\s*.*/ssl = required/" \
-e 's|^ssl_cert\s*=\s*<.*|ssl_cert = <$STORAGE_ROOT/ssl/ssl_certificate.pem|' \ -e "s|^ssl_cert\s*=\s*<.*|ssl_cert = <$STORAGE_ROOT/ssl/ssl_certificate.pem|" \
-e 's|^ssl_key\s*=\s*<.*|ssl_key = <$STORAGE_ROOT/ssl/ssl_private_key.pem|' \ -e "s|^ssl_key\s*=\s*<.*|ssl_key = <$STORAGE_ROOT/ssl/ssl_private_key.pem|" \
-e 's/^#?ssl_min_protocol\s*=\s*.*/ssl_min_protocol = TLSv1.2/' \ -e "s/^#?ssl_min_protocol\s*=\s*.*/ssl_min_protocol = TLSv1.2/" \
-e 's/^#?ssl_cipher_list\s*=\s*.*/ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384/' \ -e "s/^#?ssl_cipher_list\s*=\s*.*/ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384/" \
-e 's/^#?ssl_prefer_server_ciphers\s*=\s*.*/ssl_prefer_server_ciphers = yes/' \ -e "s/^#?ssl_prefer_server_ciphers\s*=\s*.*/ssl_prefer_server_ciphers = yes/" \
-e 's|^#?ssl_dh\s*=\s*<.*|ssl_dh = <$STORAGE_ROOT/ssl/dh4096.pem|' \ -e "s|^#?ssl_dh\s*=\s*<.*|ssl_dh = <$STORAGE_ROOT/ssl/dh4096.pem|" \
/etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf
# Disable in-the-clear IMAP/POP because there is no reason for a user to transmit # Disable in-the-clear IMAP/POP because there is no reason for a user to transmit
...@@ -151,13 +151,13 @@ EOF ...@@ -151,13 +151,13 @@ EOF
# The risk is that if the connection is silent for too long it might be reset # The risk is that if the connection is silent for too long it might be reset
# by a peer. See [#129](https://github.com/mail-in-a-box/mailinabox/issues/129) # by a peer. See [#129](https://github.com/mail-in-a-box/mailinabox/issues/129)
# and [How bad is IMAP IDLE](http://razor.occams.info/blog/2014/08/09/how-bad-is-imap-idle/). # and [How bad is IMAP IDLE](http://razor.occams.info/blog/2014/08/09/how-bad-is-imap-idle/).
sed -i -E 's/^#?imap_idle_notify_interval\s*=\s*.*/imap_idle_notify_interval = 4 mins/' /etc/dovecot/conf.d/20-imap.conf sed -i -E "s/^#?imap_idle_notify_interval\s*=\s*.*/imap_idle_notify_interval = 4 mins/" /etc/dovecot/conf.d/20-imap.conf
# Set POP3 UIDL. # Set POP3 UIDL.
# UIDLs are used by POP3 clients to keep track of what messages they've downloaded. # UIDLs are used by POP3 clients to keep track of what messages they've downloaded.
# For new POP3 servers, the easiest way to set up UIDLs is to use IMAP's UIDVALIDITY # For new POP3 servers, the easiest way to set up UIDLs is to use IMAP's UIDVALIDITY
# and UID values, the default in Dovecot. # and UID values, the default in Dovecot.
sed -i -E 's/^#?pop3_uidl_format\s*=\s*.*/pop3_uidl_format = %08Xu%08Xv/' /etc/dovecot/conf.d/20-pop3.conf sed -i -E "s/^#?pop3_uidl_format\s*=\s*.*/pop3_uidl_format = %08Xu%08Xv/" /etc/dovecot/conf.d/20-pop3.conf
# ### LDA (LMTP) # ### LDA (LMTP)
...@@ -197,7 +197,7 @@ EOF ...@@ -197,7 +197,7 @@ EOF
# Setting a `postmaster_address` is required or LMTP won't start. An alias # Setting a `postmaster_address` is required or LMTP won't start. An alias
# will be created automatically by our management daemon. # will be created automatically by our management daemon.
sed -i -E 's/^#?postmaster_address\s*=\s*.*/postmaster_address = postmaster@$CFG_HOSTNAME_DOMAIN/' /etc/dovecot/conf.d/15-lda.conf sed -i -E "s/^#?postmaster_address\s*=\s*.*/postmaster_address = postmaster@$CFG_HOSTNAME_DOMAIN/" /etc/dovecot/conf.d/15-lda.conf
# ### Sieve # ### Sieve
......
distros/debian12/install_owncloud.sh
View file @ adda3a5c
#--------------------------------------------------------------------- #---------------------------------------------------------------------
# Function: InstallNextcloudVer # Function: InstallCloud
# Install a specific version of Nextcloud # Install and configure Nextcloud or Seafile based on configuration
#--------------------------------------------------------------------- #---------------------------------------------------------------------
InstallNextcloudVer() { InstallCloud() {
version=$1 STORAGE_ROOT="/var/www"
hash=$2
echo -n -e "$IDENTATION_LVL_1 Installing Nextcloud $version"
# Remove the current Nextcloud installation case $CFG_CLOUDTYPE in
rm -rf $CLOUD_DIR "nextcloud")
INSTALL_DIR=/usr/local/lib/nextcloud
CLOUD_DIR=$INSTALL_DIR/cloud
InstallNextcloud
;;
"seafile")
echo -e "Not implemented!!!"
;;
esac
# Download and verify the Nextcloud package # Generate SSL certificate
wget_verify https://download.nextcloud.com/server/releases/nextcloud-$version.zip $hash /tmp/nextcloud.zip systemctl stop nginx
if [ "$CFG_SSL_NEW" == "yes" ]; then
sh /root/.acme.sh/acme.sh --issue --standalone -d cloud.$CFG_HOSTNAME_DOMAIN --force >> $PROGRAMS_INSTALL_LOG_FILES 2>&1
else
#cp -av /home/administrator/wtlinux_server_setup/acme_ssl/arbajnok/cloud.$CFG_HOSTNAME_DOMAIN ~/.acme.sh/
cp -av /home/$SUDO_USER/wtlinux_server_setup/acme_ssl/$CFG_HOSTNAME_DOMAIN/cloud.$CFG_HOSTNAME_DOMAIN /root/.acme.sh/ >> $PROGRAMS_INSTALL_LOG_FILES 2>&1
fi
# Extract Nextcloud systemctl restart nginx
unzip -q /tmp/nextcloud.zip -d $INSTALL_DIR
mv $INSTALL_DIR/nextcloud $CLOUD_DIR
rm -f /tmp/nextcloud.zip
# Empty the skeleton dir to save some space for each new user # Save configuration details
rm -rf $CLOUD_DIR/core/skeleton/* cat >> /home/$SUDO_USER/wtlinux_server_setup/wtserver_configuration.txt <<EOF
# $CFG_CLOUDTYPE store the passwords
#------------------------------
URL : $url
$CFG_CLOUDTYPE Admin : $CFG_CLOUDADMINUSER
$CFG_CLOUDTYPE Password : $CFG_CLOUDADMINPWD
# Create the apps directory if it doesn't exist Database type : $CFG_CLOUDDBTYPE
mkdir -p $CLOUD_DIR/apps Database host : $CFG_CLOUDDBHOST
Database port : $CFG_CLOUDDBPORT
Database name : $CFG_CLOUDDBNAME
Database user : $CFG_CLOUDDBUSER
Database password : $CFG_CLOUDDBPWD
#------------------------------
EOF
echo -e "[${green}DONE${NC}]"
}
# Install additional Nextcloud apps #---------------------------------------------------------------------
InstallNextcloudApps # Function: InstallNextcloud
# Install and configure Nextcloud
#---------------------------------------------------------------------
InstallNextcloud() {
nextcloud_ver=31.0.0
nextcloud_hash=545584d128e3242337548ac2cdf31e6019b738f4
# Fix directory permissions echo -n -e "$IDENTATION_LVL_0 ${BWhite}Installing Nextcloud${NC}"
chmod 750 $CLOUD_DIR/{apps,config} echo -n -e "$IDENTATION_LVL_1 Installing required packages... "
# Create a symlink to the config.php in STORAGE_ROOT (for upgrades we're restoring the symlink we previously # Install required PHP packages
# put in, and in new installs we're creating a symlink and will create the actual config later). apt_install php8.2 php8.2-fpm php8.2-cli php8.2-sqlite php8.2-gd php8.2-imap php8.2-curl php-pear curl \
ln -sf "$STORAGE_ROOT/nextcloud/config.php" $CLOUD_DIR/config/config.php php8.2-dev memcached php-memcached php8.2-xml php8.2-mbstring php8.2-zip php8.2-apcu \
php8.2-fpm php8.2-mysql php8.2-xsl php8.2-gmp php8.2-bcmath php8.2-cgi php-gettext libxml2-dev \
php8.2-json php8.2-intl php8.2-imagick php8.2-common php8.2-opcache php8.2-readline php8.2
# Make sure permissions are correct or the upgrade step won't run. # Enable APC before Nextcloud tools are run
# $STORAGE_ROOT/owncloud may not yet exist, so use -f to suppress sed -i '1i apc.enabled=1\napc.enable_cli=1' /etc/php/8.2/mods-available/apcu.ini
# that error.
chown -f -R www-data:www-data "$STORAGE_ROOT/nextcloud" $INSTALL_DIR || /bin/true
# If this isn't a new installation, immediately run the upgrade script. # Get current Nextcloud version if config.php exists
# Then check for success (0=ok and 3=no upgrade needed, both are success). if [ -f "$CLOUD_DIR/config.php" ]; then
if [ -e $STORAGE_ROOT/nextcloud/nextcloud.db ]; then CURRENT_NEXTCLOUD_VER=$(php8.2 -r "include(\"$CLOUD_DIR/config.php\"); echo(\$CONFIG['version']);")
sudo -u www-data php $CLOUD_DIR/occ upgrade else
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then CURRENT_NEXTCLOUD_VER=""
echo "Trying NextCloud upgrade again to work around NextCloud upgrade bug..."
sudo -u www-data php $CLOUD_DIR/occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
sudo -u www-data php $CLOUD_DIR/occ maintenance:mode --off
echo "...which seemed to work."
fi fi
# Add missing indices. NextCloud didn't include this in the normal upgrade because it might take some time. # Install or upgrade Nextcloud if necessary
sudo -u www-data php8.2 $CLOUD_DIR/occ db:add-missing-indices if [ ! -d $CLOUD_DIR ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextcloud_ver ]]; then
sudo -u www-data php8.2 $CLOUD_DIR/occ db:add-missing-primary-keys # Stop php-fpm if running. If theyre not running (which happens on a previously failed install), dont bail
systemctl restart php8.2-fpm stop &> /dev/null || /bin/true
# Run conversion to BigInt identifiers, this process may take some time on large tables. # Backup existing Nextcloud installation
sudo -u www-data php8.2 $CLOUD_DIR/occ db:convert-filecache-bigint --no-interaction # Create a backup directory to store the current installation and database to
BACKUP_DIRECTORY=$CLOUD_DIR-backup/`date +"%Y-%m-%d-%T"`
mkdir -p "$BACKUP_DIRECTORY"
if [ -d $CLOUD_DIR/ ]; then
echo "Upgrading Nextcloud --- backing up existing installation, configuration, and database to $BACKUP_DIRECTORY..."
cp -r $CLOUD_DIR "$BACKUP_DIRECTORY/nextcloud-install"
fi
if [ -e "$STORAGE_ROOT/nextcloud/nextcloud.db" ]; then
cp "$STORAGE_ROOT/nextcloud/owncloud.db" "$BACKUP_DIRECTORY"
fi
if [ -e "$STORAGE_ROOT/nextcloud/config.php" ]; then
cp "$STORAGE_ROOT/nextcloud/config.php" "$BACKUP_DIRECTORY"
fi fi
# Configure web server (Apache or Nginx) # Perform version-specific upgrades
case $CFG_WEBSERVER in if [ -n "${CURRENT_NEXTCLOUD_VER}" ]; then
"apache") if [ -e "$CLOUD_DIR/config.php" ]; then
cat >> /etc/apache2/sites-available/nextcloud.conf <<EOF # Remove the read-onlyness of the config, which is needed for migrations, especially for v24
<VirtualHost *:80> sed -i -e '/config_is_read_only/d' "$CLOUD_DIR/config.php"
DocumentRoot "$CLOUD_DIR" fi
ServerName cloud.$CFG_HOSTNAME_DOMAIN
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory $CLOUD_DIR/> if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^27 ]]; then
Options +FollowSymlinks InstallNextcloudVer 28.0.14 8a9edcfd26d318eb7d1cfa44d69796f2d1098a80
AllowOverride All CURRENT_NEXTCLOUD_VER="28.0.14"
fi
<IfModule mod_dav.c> if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^28 ]]; then
Dav off InstallNextcloudVer 29.0.12 6cd53db7a8d730ebd5972081344db41eb2b174a8
</IfModule> CURRENT_NEXTCLOUD_VER="29.0.12"
fi
SetEnv HOME $CLOUD_DIR/> if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^29 ]]; then
SetEnv HTTP_HOME $CLOUD_DIR InstallNextcloudVer 30.0.6 c7171b03f9904a2051e765fe09ab3e95e2e564e6
Satisfy Any CURRENT_NEXTCLOUD_VER="30.0.6"
fi
</Directory> if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^30 ]]; then
InstallNextcloudVer 31.0.0 545584d128e3242337548ac2cdf31e6019b738f4
CURRENT_NEXTCLOUD_VER="31.0.0"
fi
fi
else
InstallNextcloudVer $owncloud_ver $owncloud_hash
fi
</VirtualHost> # Configure Nextcloud permissions
EOF cat >> ./nextcloud_permissions.sh <<EOF
#!/bin/bash
cat >> /etc/apache2/sites-available/nextcloud-le-ssl.conf <<EOF ocpath='$CLOUD_DIR'
<IfModule mod_headers.c> htuser='www-data'
Header always set Strict-Transport-Security "max-age=15768000; preload" htgroup='www-data'
</IfModule> rootuser='root'
EOF
ln -s /etc/apache2/sites-available/nextcloud.conf /etc/apache2/sites-enabled/nextcloud.conf printf "Creating possible missing Directories\n"
a2enmod rewrite headers env dir mime setenvif ssl mkdir -p \$ocpath/data
a2ensite default-ssl mkdir -p \$ocpath/assets
systemctl restart apache2 mkdir -p \$ocpath/updater
;;
"nginx")
cat > /etc/nginx/sites-available/nextcloud.vhost <<EOF;
server {
listen 80;
server_name cloud.$CFG_HOSTNAME_DOMAIN;
return 301 https://\$server_name\$request_uri;
}
server { printf "chmod Files and Directories\n"
# listen 80; find \${ocpath}/ -type f -print0 | xargs -0 chmod 0640
listen 443 ssl http2; find \${ocpath}/ -type d -print0 | xargs -0 chmod 0770
server_name cloud.$CFG_HOSTNAME_DOMAIN;
ssl_protocols TLSv1.2 TLSv1.3; printf "Setting directory ownership\n"
ssl_certificate /home/$SUDO_USER/.acme.sh/cloud.$CFG_HOSTNAME_DOMAIN/cloud.$CFG_HOSTNAME_DOMAIN.cer; chown -R \${rootuser}:\${htgroup} \${ocpath}/
ssl_certificate_key /home/$SUDO_USER/.acme.sh/cloud.$CFG_HOSTNAME_DOMAIN/cloud.$CFG_HOSTNAME_DOMAIN.key; chown -R \${htuser}:\${htgroup} \${ocpath}/apps/
chown -R \${htuser}:\${htgroup} \${ocpath}/assets/
chown -R \${htuser}:\${htgroup} \${ocpath}/config/
chown -R \${htuser}:\${htgroup} \${ocpath}/data/
chown -R \${htuser}:\${htgroup} \${ocpath}/themes/
chown -R \${htuser}:\${htgroup} \${ocpath}/updater/
ssl_session_timeout 1d; chmod +x \${ocpath}/occ
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Add headers to serve security related headers printf "Setting .htaccess permissions\n"
# Before enabling Strict-Transport-Security headers please read into this if [ -f \${ocpath}/.htaccess ]; then
# topic first. chmod 0644 \${ocpath}/.htaccess
add_header Strict-Transport-Security "max-age=15768000;preload" always; chown \${rootuser}:\${htgroup} \${ocpath}/.htaccess
add_header X-Content-Type-Options nosniff; fi
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation if [ -f \${ocpath}/data/.htaccess ]; then
root $CLOUD_DIR/; chmod 0644 \${ocpath}/data/.htaccess
chown \${rootuser}:\${htgroup} \${ocpath}/data/.htaccess
fi
EOF
location = /robots.txt { chmod +x ./nextcloud_permissions.sh
allow all; #./nextcloud_permissions.sh
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app. # Create initial configuration
# Uncomment it if you're planning to use this app. instanceid=oc$(echo $CFG_HOSTNAME_DOMAIN | sha1sum | fold -w 10 | head -n 1)
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav { echo -n "Creating Nextcloud settings and database..."
return 301 \$scheme://\$host/remote.php/dav; CFG_CLOUDDBNAME=nextcloud
} CFG_CLOUDDBUSER=nextcloud
location = /.well-known/caldav { CFG_CLOUDDBPWD=$(dd if=/dev/urandom bs=1 count=64 2>/dev/null | sha256sum | fold -w 40 | head -n 1)
return 301 \$scheme://\$host/remote.php/dav; dbruser=root
} CFG_CLOUDADMINUSER=root
CFG_CLOUDADMINPWD=$(dd if=/dev/urandom bs=1 count=64 2>/dev/null | sha256sum | fold -w 40 | head -n 1)
location ~ /.well-known/acme-challenge {
allow all;
}
# set max upload size case $CFG_CLOUDDBTYPE in
client_max_body_size 512M; "mysql")
fastcgi_buffers 64 4K; if [ $CFG_CLOUDDBHOST == "localhost" ]; then
mariadb -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "CREATE DATABASE $CFG_CLOUDDBNAME" > /dev/null 2>&1
#mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "CREATE DATABASE $CFG_CLOUDDBNAME CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci" > /dev/null 2>&1
mariadb -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "USE $CFG_CLOUDDBNAME" > /dev/null 2>&1
mariadb -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "GRANT ALL PRIVILEGES ON $CFG_CLOUDDBNAME.* TO '$CFG_CLOUDDBUSER'@'localhost' IDENTIFIED BY '$CFG_CLOUDDBPWD'" > /dev/null 2>&1
mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "flush privileges;" > /dev/null 2>&1
else
mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -h $CFG_CLOUDDBHOST -e "CREATE DATABASE $CFG_CLOUDDBNAME" > /dev/null 2>&1
mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -h $CFG_CLOUDDBHOST -e "USE $CFG_CLOUDDBNAME" > /dev/null 2>&1
mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -h $CFG_CLOUDDBHOST -e "GRANT ALL PRIVILEGES ON $CFG_CLOUDDBNAME.* TO '$CFG_CLOUDDBUSER'@'%' IDENTIFIED BY '$CFG_CLOUDDBPWD'" > /dev/null 2>&1
mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "flush privileges;" > /dev/null 2>&1
fi
# Disable gzip to avoid the removal of the ETag header # Enable UTF8mb4 (4-byte support)
gzip off; #databases=$(mysql -u root -p"$CFG_MYSQL_ROOT_PWD" -e "SHOW DATABASES;" | tr -d "| " | grep -v Database)
#for db in $databases; do
# if [[ "$db" != "performance_schema" ]] && [[ "$db" != _* ]] && [[ "$db" != "information_schema" ]];
# then
# echo "Changing to UTF8mb4 on: $db"
# mysql -u root -p"$CFG_MYSQL_ROOT_PWD" -e "ALTER DATABASE $db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
# fi
#done
# Uncomment if your server is build with the ngx_pagespeed module # Repair and set Nextcloud config values
# This module is currently not supported. #mysqlcheck -u root -p"$CFG_MYSQL_ROOT_PWD" --auto-repair --optimize --all-databases
#pagespeed off; #sudo -u www-data "$STORAGE_ROOT"/owncloud/occ config:system:set mysql.utf8mb4 --type boolean --value="true"
#sudo -u www-data "$STORAGE_ROOT"/owncloud/occ maintenance:repair
error_page 403 /core/templates/403.php; sudo -u www-data php8.2 "$CLOUD_DIR"/occ maintenance:install \
error_page 404 /core/templates/404.php; --database "mysql" \
--database-name "$CFG_CLOUDDBNAME" \
--database-user "$CFG_CLOUDDBUSER" \
--database-pass "$CFG_CLOUDDBPWD" \
--database-host="$CFG_CLOUDDBHOST" \
--database-port="3306" \
--admin-user "$CFG_CLOUDADMINUSER" \
--admin-pass "$CFG_CLOUDADMINPWD" \
--data-dir "$STORAGE_ROOT/nextcloud" \
--admin-email "cloud@$CFG_HOSTNAME_DOMAIN" \
--instanceid "$instanceid"
location / { # Set SMTP mail
rewrite ^ /index.php\$uri; #sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpmode --value="smtp"
} # Set logrotate
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set log_rotate_size --value="10485760"
# Added trusted domains
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set trusted_domains 1 --value=$IP_ADDRESS
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set trusted_domains 2 --value=cloud.$CFG_HOSTNAME_DOMAIN
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { sudo -u www-data php "$CLOUD_DIR"/occ config:system:set memcache.local --value '\OC\Memcache\APCu'
deny all; sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_from_address --value 'cloud_administrator'
} TIMEZONE=$(cat /etc/timezone)
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { sudo -u www-data php "$CLOUD_DIR"/occ config:system:set logtimezone --value=$TIMEZONE
deny all; sudo -u www-data php "$CLOUD_DIR"/occ config:system:set logdateformat --value 'Y-m-d H:i:s'
} sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_domain --value=$CFG_HOSTNAME_DOMAIN
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set overwrite.cli.url --value 'https://$CFG_HOSTNAME_DOMAIN/cloud'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set log_type --value 'syslog'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set syslog_tag --value 'Nextcloud'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set system_addressbook_exposed --value 'no'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpmode --value 'sendmail'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpauth --type boolean --value true
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtphost --value '127.0.0.1'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpport --value '587'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpsecure --value ''
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpname --value ''
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtppassword --value ''
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { CONFIG_FILE="$CLOUD_DIR/config/config.php"
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_param PATH_INFO \$fastcgi_path_info;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) { if ! grep -q "'config_is_read_only'" "$CONFIG_FILE"; then
try_files \$uri/ =404; sed -i "/);/i \$CONFIG['config_is_read_only'] = false;" "$CONFIG_FILE"
index index.php; fi
}
# Adding the cache control header for js and css files if ! grep -q "'user_backends'" "$CONFIG_FILE"; then
# Make sure it is BELOW the PHP block sed -i "/);/i \$CONFIG['user_backends'] = array(\n array(\n 'class' => '\\\\OCA\\\\UserExternal\\\\IMAP',\n 'arguments' => array(\n '127.0.0.1', 143, null, null, false, false\n ),\n ),\n);" "$CONFIG_FILE"
location ~* \.(?:css|js)$ { fi
try_files \$uri /index.php\$uri\$is_args\$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { chown www-data.www-data $CLOUD_DIR/config.php
try_files \$uri /index.php\$uri\$is_args\$args;
# Optional: Don't log access to other assets
access_log off;
}
}
EOF
mkdir -p /etc/nginx/sites-enabled # Enable/disable apps. Note that this must be done after the Nextcloud setup.
ln -s /etc/nginx/sites-available/nextcloud.vhost /etc/nginx/sites-enabled/nextcloud.vhost # The firstrunwizard gave Josh all sorts of problems, so disabling that.
;; # user_external is what allows Nextcloud to use IMAP for login. The contacts
esac # and calendar apps are the extensions we really care about here.
} hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:disable firstrunwizard
hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable user_external
hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable contacts
hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable calendar
InstallNextcloudApps() { # When upgrading, run the upgrade script again now that apps are enabled. It seems like
# Admin # the first upgrade at the top won't work because apps may be disabled during upgrade?
# https://apps.nextcloud.com/apps/onlyoffice # Check for success (0=ok, 3=no upgrade needed).
#wget_verify https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v9.6.0/onlyoffice.tar.gz fce197299377535b64097e86458cd9b2a8f98cf0 /tmp/onlyoffice.tgz sudo -u www-data php8.2 $CLOUD_DIR/occ upgrade
#tar xf /tmp/onlyoffice.tgz -C $CLOUD_DIR/apps/ E=$?
#rm /tmp/onlyoffice.tgz if [ $E -ne 0 ] && [ $E -ne 3 ]; then exit 1; fi
# https://apps.nextcloud.com/apps/richdocuments # Disable default apps that are not needed
wget_verify https://github.com/nextcloud-releases/richdocuments/releases/download/v8.6.1/richdocuments-v8.6.1.tar.gz c5db28abb1481f74fd7e80539d322f81a3327dcb /tmp/richdocuments.tgz sudo -u www-data php8.2 $CLOUD_DIR/occ app:disable photos dashboard activity weather_status logreader | (grep -v "No such app enabled" || /bin/true)
tar xf /tmp/richdocuments.tgz -C $CLOUD_DIR/apps/
rm /tmp/richdocuments.tgz
# https://apps.nextcloud.com/apps/drop_account # Install additional apps
wget_verify https://packages.framasoft.org/projects/nextcloud-apps/drop-account/drop_account-2.7.1.tar.gz b14b9011f85ba25ce13ff4cedd1e50e96bcffdec /tmp/drop_account.tgz (sudo -u www-data php8.2 $CLOUD_DIR/occ app:install notes) || true
tar xf /tmp/drop_account.tgz -C $CLOUD_DIR/apps/ hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable notes
rm /tmp/drop_account.tgz
# https://apps.nextcloud.com/apps/files_accesscontrol (sudo -u www-data php8.2 $CLOUD_DIR/occ app:install twofactor_totp) || true
wget_verify https://github.com/nextcloud-releases/files_accesscontrol/releases/download/v2.0.0/files_accesscontrol-v2.0.0.tar.gz 5b8a2c489cb36bed2cd490c1517506612cdfb804 /tmp/files_accesscontrol.tgz hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable twofactor_totp
tar xf /tmp/files_accesscontrol.tgz -C $CLOUD_DIR/apps/
rm /tmp/files_accesscontrol.tgz
# https://apps.nextcloud.com/apps/files_antivirus # Upgrade all apps
wget_verify https://github.com/nextcloud-releases/files_antivirus/releases/download/v6.0.0-beta.1/files_antivirus-v6.0.0-beta.1.tar.gz dc44dc2d9459050cd3a10464830f62b25772c9e1 /tmp/files_antivirus.tgz sudo -u www-data php $CLOUD_DIR/occ app:update --all
tar xf /tmp/files_antivirus.tgz -C $CLOUD_DIR/apps/
rm /tmp/files_antivirus.tgz
# https://apps.nextcloud.com/apps/ransomware_protection echo
#wget_verify https://github.com/nextcloud/ransomware_protection/releases/download/v1.5.1/ransomware_protection-1.5.1.tar.gz 77d05b65a049dfbf29a3a4c7fa70903ef10fdb6e /tmp/ransomware_protection.tgz echo "Nextcloud version:"
#tar xf /tmp/ransomware_protection.tgz -C $CLOUD_DIR/apps/ sudo -u www-data php8.2 "$CLOUD_DIR"/occ status
#rm /tmp/ransomware_protection.tgz sleep 3
echo
;;
"sqlite")
# Setup Nextcloud if the Nextcloud database does not yet exist. Running setup when
# the database does exist wipes the database and user data.
if [ ! -f $STORAGE_ROOT/owncloud/owncloud.db ]; then
# Create user data directory
#mkdir -p $STORAGE_ROOT/owncloud
# Admin apps # Set permissions
# https://apps.nextcloud.com/apps/sociallogin #chown -R www-data.www-data $STORAGE_ROOT/owncloud $STORAGE_ROOT/owncloud
# 'social_login_auto_redirect' => true setting in config.php
wget_verify https://github.com/zorn-v/nextcloud-social-login/releases/download/v5.9.2/release.tar.gz 6d44480bd798e40489c5fea716a1f214c803bf79 /tmp/sociallogin.tgz
tar xf /tmp/sociallogin.tgz -C $CLOUD_DIR/apps/
rm /tmp/sociallogin.tgz
# https://apps.nextcloud.com/apps/external # Execute Nextcloud's setup step, which creates the Nextcloud sqlite database.
wget_verify https://github.com/nextcloud-releases/external/releases/download/v6.0.1/external-v6.0.1.tar.gz d8b5ec2c9911ebf4b8a5a6cb53b1f54336c0a4ec /tmp/external.tgz # It also wipes it if it exists. And it updates config.php with database
tar xf /tmp/external.tgz -C $CLOUD_DIR/apps/ # settings and deletes the autoconfig.php file.
rm /tmp/external.tgz # (cd $STORAGE_ROOT/owncloud; sudo -u www-data php $STORAGE_ROOT/owncloud/index.php;)
fi
# https://apps.nextcloud.com/apps/sharepoint # Migrate users_external data from <0.6.0 to version 3.0.0
wget_verify https://github.com/nextcloud-releases/sharepoint/releases/download/v1.19.0/sharepoint-v1.19.0.tar.gz 108cbeb8a018631d1723a9a2e46411feeb42f60d /tmp/sharepoint.tgz # (see https://github.com/nextcloud/user_external).
tar xf /tmp/sharepoint.tgz -C $CLOUD_DIR/apps/ # This version was probably in use in Mail-in-a-Box v0.41 (February 26, 2019) and earlier.
rm /tmp/sharepoint.tgz # We moved to v0.6.3 in 193763f8. Ignore errors - maybe there are duplicated users with the
# correct backend already.
sqlite3 "$STORAGE_ROOT/owncloud/owncloud.db" "UPDATE oc_users_external SET backend='127.0.0.1';" || /bin/true
;;
esac
# https://apps.nextcloud.com/apps/announcementcenter
wget_verify https://github.com/nextcloud-releases/announcementcenter/releases/download/v7.1.0/announcementcenter-v7.1.0.tar.gz acd361da895a91d3cf71fe3569287dc2e90e0842 /tmp/announcementcenter.tgz
tar xf /tmp/announcementcenter.tgz -C $CLOUD_DIR/apps/
rm /tmp/announcementcenter.tgz
# https://apps.nextcloud.com/apps/impersonate # Set PHP FPM values to support large file uploads
wget_verify https://github.com/nextcloud-releases/impersonate/releases/download/v2.0.0/impersonate-v2.0.0.tar.gz a67366f5de79be2dc6f71ee0ce5cf027555e90f9 /tmp/impersonate.tgz # (semicolon is the comment character in this file, hashes produce deprecation warnings)
tar xf /tmp/impersonate.tgz -C $CLOUD_DIR/apps/ #sed -i "s/upload_max_filesize =.*/upload_max_filesize = 16G/g" /etc/php/8.2/fpm/php.ini
rm /tmp/impersonate.tgz sed -i "s/upload_max_filesize =.*/upload_max_filesize = 1G/g" /etc/php/8.2/fpm/php.ini
#sed -i "s/post_max_size =.*/post_max_size = 16G/g" /etc/php/8.2/fpm/php.ini
sed -i "s/post_max_size =.*/post_max_size = 1G/g" /etc/php/8.2/fpm/php.ini
sed -i "s/output_buffering =.*/output_buffering = 16384/g" /etc/php/8.2/fpm/php.ini
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/8.2/fpm/php.ini
sed -i "s/max_execution_time =.*/max_execution_time = 600/g" /etc/php/8.2/fpm/php.ini
sed -i "s/short_open_tag =.*/short_open_tag = On/g" /etc/php/8.2/fpm/php.ini
# https://apps.nextcloud.com/apps/ocdownloader #management/editconf.py /etc/php/8.2/fpm/php.ini -c ';' \
#wget_verify https://github.com/e-alfred/ocdownloader/releases/download/1.6.0-Alpha2/ocdownloader_1.6.0alpha2 59625f5ec936ab1c26744f222718124848944d9d /tmp/ocdownloader.tgz # upload_max_filesize=16G \
#tar xf /tmp/ocdownloader.tgz -C $CLOUD_DIR/apps/ # post_max_size=16G \
#rm /tmp/ocdownloader.tgz # output_buffering=16384 \
# memory_limit=512M \
# max_execution_time=600 \
# short_open_tag=On
# https://apps.nextcloud.com/apps/files_retention # Set Nextcloud recommended opcache settings
wget_verify https://github.com/nextcloud-releases/files_retention/releases/download/v2.0.0/files_retention-v2.0.0.tar.gz 8a99fbd808d9e561230ec706981f68a1f9649597 /tmp/files_retention.tgz #if grep -q opcache.enable=0 /etc/php/7.3/mods-available/apcu.ini; then
tar xf /tmp/files_retention.tgz -C $CLOUD_DIR/apps/ # sed -i "s/;opcache.enable=.*/opcache.enable=1/g" /etc/php/7.3/fpm/php.ini
rm /tmp/files_retention.tgz #fi
sed -i "s/;opcache.enable.*/opcache.enable=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
sed -i "s/;opcache.enable_cli.*/opcache.enable_cli=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
sed -i "s/;opcache.interned_strings_buffer.*/opcache.interned_strings_buffer=16/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
sed -i "s/max_accelerated_files=.*/max_accelerated_files=10000/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
sed -i "s/opcache.memory_consumption=.*/opcache.memory_consumption=128/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
sed -i "s/opcache.revalidate_freq=.*/opcache.revalidate_freq=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
# https://apps.nextcloud.com/apps/files_automatedtagging #management/editconf.py /etc/php/8.2/cli/conf.d/10-opcache.ini -c ';' \
wget_verify https://github.com/nextcloud-releases/files_automatedtagging/releases/download/v2.0.0/files_automatedtagging-v2.0.0.tar.gz a532f0d6f81770029027fb6372fd8c30bb0eb064 /tmp/files_automatedtagging.tgz # opcache.enable=1 \
tar xf /tmp/files_automatedtagging.tgz -C $CLOUD_DIR/apps/ # opcache.enable_cli=1 \
rm /tmp/files_automatedtagging.tgz # opcache.interned_strings_buffer=16 \
# opcache.max_accelerated_files=10000 \
# opcache.memory_consumption=128 \
# opcache.save_comments=1 \
# opcache.revalidate_freq=1
# https://apps.nextcloud.com/apps/groupfolders # Configure the path environment for php-fpm
wget_verify https://github.com/nextcloud-releases/groupfolders/releases/download/v19.0.3/groupfolders-v19.0.3.tar.gz 08ac7404b17886589fe258e29d55a4213804aef1 /tmp/groupfolders.tgz sed -i '/env\[PATH/s/;//g' /etc/php/8.2/fpm/pool.d/www.conf
tar xf /tmp/groupfolders.tgz -C $CLOUD_DIR/apps/
rm /tmp/groupfolders.tgz
# https://apps.nextcloud.com/apps/checksum # If apc is explicitly disabled we need to enable it
wget_verify https://github.com/westberliner/checksum/releases/download/v1.2.5/checksum.tar.gz 808f28d315f1aa30543090dceeded22f8b951fa1 /tmp/checksum.tgz #if grep -q apc.enabled=0 /etc/php/8.2/mods-available/apcu.ini; then
tar xf /tmp/checksum.tgz -C $CLOUD_DIR/apps/ #if grep -q apc.enabled=1 /etc/php/8.2/mods-available/apcu.ini; then
rm /tmp/checksum.tgz # echo "apc.enabled=1" >> /etc/php/8.2/mods-available/apcu.ini
#fi
# https://apps.nextcloud.com/apps/fulltextsearch # Set up a general cron job for Nextcloud.
wget_verify https://github.com/nextcloud-releases/fulltextsearch/releases/download/31.0.0/fulltextsearch-31.0.0.tar.gz 0858ae675775c642efb8874b074f1158a7d239a3 /tmp/fulltextsearch.tgz # Also add another job for Calendar updates, per advice in the Nextcloud docs
tar xf /tmp/fulltextsearch.tgz -C $CLOUD_DIR/apps/ # https://docs.nextcloud.com/server/24/admin_manual/groupware/calendar.html#background-jobs
rm /tmp/fulltextsearch.tgz cat > /etc/cron.d/cron-nextcloud << EOF;
#!/bin/bash
# Wolftronics server setup script
*/5 * * * * root sudo -u www-data php8.2 -f $CLOUD_DIR/cron.php
*/5 * * * * root sudo -u www-data php8.2 -f $CLOUD_DIR/occ dav:send-event-reminders
EOF
chmod +x /etc/cron.d/cron-nextcloud
# https://apps.nextcloud.com/apps/quota_warning # We also need to change the sending mode from background-job to occ
wget_verify https://github.com/nextcloud-releases/quota_warning/releases/download/v1.21.0/quota_warning-v1.21.0.tar.gz a973fc59753dd124e9dd7ab763863650e90873ca /tmp/quota_warning.tgz # Or else the reminders will just be sent as soon as possible when the background jobs run
tar xf /tmp/quota_warning.tgz -C $CLOUD_DIR/apps/ hide_output sudo -u www-data php8.2 -f $CLOUD_DIR/occ config:app:set dav sendEventRemindersMode --value occ
rm /tmp/quota_warning.tgz
# https://apps.nextcloud.com/apps/user_usage_report # Run the maintenance command
wget_verify https://github.com/nextcloud-releases/user_usage_report/releases/download/v2.0.0/user_usage_report-v2.0.0.tar.gz 1437f10a2d6cd8da7650054896e0ce57ab566cfb /tmp/user_usage_report.tgz hide_output sudo -u www-data php8.2 $CLOUD_DIR/occ maintenance:repair --include-expensive
tar xf /tmp/user_usage_report.tgz -C $CLOUD_DIR/apps/
rm /tmp/user_usage_report.tgz
# https://apps.nextcloud.com/apps/unsplash # Set the config to read-only
#wget_verify https://github.com/jancborchardt/unsplash/releases/download/v1.1.3/unsplash-1.1.3.tar.gz e4f8c62067cbf657fbff80f744b9991e55448520 /tmp/unsplash.tgz sed -i'' "s/'config_is_read_only'\s*=>\s*false/'config_is_read_only' => true/" "$STORAGE_ROOT/owncloud/config.php"
#tar xf /tmp/unsplash.tgz -C $CLOUD_DIR/apps/
#rm /tmp/unsplash.tgz
# https://apps.nextcloud.com/apps/twofactor_admin # Create nextcloud log in /var/log
#wget_verify https://github.com/ChristophWurst/twofactor_admin/releases/download/v0.2.0/twofactor_admin.tar.gz c669e1c0c0323702d6a44d404f00a543cbb5d941 /tmp/twofactor_admin.tgz hide_output install -m 644 conf/rsyslog/20-nextcloud.conf /etc/rsyslog.d/
#tar xf /tmp/twofactor_admin.tgz -C $CLOUD_DIR/apps/
#rm /tmp/twofactor_admin.tgz
# https://apps.nextcloud.com/apps/contacts # There's nothing much of interest that a user could do as an admin for Nextcloud,
wget_verify https://github.com/nextcloud-releases/contacts/releases/download/v7.0.1/contacts-v7.0.1.tar.gz 9e4ae15e80e6df6444f62491eecf73ae63b12ab1 /tmp/contacts.tgz # and there's a lot they could mess up, so we don't make any users admins of Nextcloud.
tar xf /tmp/contacts.tgz -C $CLOUD_DIR/apps/ # But if we wanted to, we would do this:
rm /tmp/contacts.tgz # ```
# for user in $(management/cli.py user admins); do
# sqlite3 $STORAGE_ROOT/owncloud/owncloud.db "INSERT OR IGNORE INTO oc_group_user VALUES ('admin', '$user')"
# done
# ```
# https://apps.nextcloud.com/apps/calendar # Enable PHP modules and restart PHP.
wget_verify https://github.com/nextcloud-releases/calendar/releases/download/v5.1.2/calendar-v5.1.2.tar.gz 4f5c310ebd1f65c66a4a5d9e70ea4701698d79ea /tmp/calendar.tgz restart_service php8.2-fpm
tar xf /tmp/calendar.tgz -C $CLOUD_DIR/apps/
rm /tmp/calendar.tgz
# https://apps.nextcloud.com/apps/event_update_notification #echo -n "Configuring Redis Cache for nextCloud..."
wget_verify https://github.com/nextcloud-releases/event_update_notification/releases/download/v2.6.1/event_update_notification-v2.6.1.tar.gz e1360a65c28df9670cf963830a9e836c8fb5016b /tmp/event_update_notification.tgz #hide_output add-apt-repository -y ppa:chris-lea/redis-server
tar xf /tmp/event_update_notification.tgz -C $CLOUD_DIR/apps/ #hide_output apt-get update
rm /tmp/event_update_notification.tgz #apt_get_quiet upgrade
#apt_install redis-server
#systemctl restart apache2
#systemctl restart nginx
#phpenmod redis
#hide_output systemctl start redis-server
#hide_output systemctl enable redis-server
#apt_install php-redis
# https://apps.nextcloud.com/apps/notes #cat >> $STORAGE_ROOT/owncloud/config/config.php <<EOF
wget_verify https://github.com/nextcloud-releases/notes/releases/download/v4.11.0/notes-v4.11.0.tar.gz 7f8f42387e05c9a2ecfc4c490861ebebcbaec264 /tmp/notes.tgz #'memcache.distributed' => '\OC\Memcache\Redis',
tar xf /tmp/notes.tgz -C $CLOUD_DIR/apps/ #'memcache.local' => '\OC\Memcache\Redis',
rm /tmp/notes.tgz #'memcache.locking' => '\OC\Memcache\Redis',
#'redis' => array(
# 'host' => 'localhost',
# 'port' => 6379,
# ),
#EOF
}
# https://apps.nextcloud.com/apps/tasks #---------------------------------------------------------------------
wget_verify https://github.com/nextcloud/tasks/releases/download/v0.16.1/tasks.tar.gz 69069c4bf0de8faf61a3d7b758d087e87cbeba27 /tmp/tasks.tgz # Function: InstallNextcloudVer
tar xf /tmp/tasks.tgz -C $CLOUD_DIR/apps/ # Install a specific version of Nextcloud
rm /tmp/tasks.tgz #---------------------------------------------------------------------
InstallNextcloudVer() {
version=$1
hash=$2
# https://apps.nextcloud.com/apps/deck echo -n -e "$IDENTATION_LVL_1 Installing Nextcloud $version"
wget_verify https://github.com/nextcloud-releases/deck/releases/download/v1.15.0/deck-v1.15.0.tar.gz 92b15aa14f157045455d47dad2a3993141500f4e /tmp/deck.tgz
tar xf /tmp/deck.tgz -C $CLOUD_DIR/apps/
rm /tmp/deck.tgz
# GPS apps # Remove the current Nextcloud installation
# https://apps.nextcloud.com/apps/phonetrack rm -rf $CLOUD_DIR
wget_verify https://github.com/julien-nc/phonetrack/releases/download/v0.8.2/phonetrack-0.8.2.tar.gz 4f088acd122249e24cae05abdebcf0e3c72bdd9d /tmp/phonetrack.tgz
tar xf /tmp/phonetrack.tgz -C $CLOUD_DIR/apps/
rm /tmp/phonetrack.tgz
# https://apps.nextcloud.com/apps/gpxpod # Download and verify the Nextcloud package
wget_verify https://github.com/julien-nc/gpxpod/releases/download/v7.0.4/gpxpod-7.0.4.tar.gz 09d1bceab95bfb088ee28c61b82601e551e40a48 /tmp/gpxpod.tgz wget_verify https://download.nextcloud.com/server/releases/nextcloud-$version.zip $hash /tmp/nextcloud.zip
tar xf /tmp/gpxpod.tgz -C $CLOUD_DIR/apps/
rm /tmp/gpxpod.tgz
# Password apps # Extract Nextcloud
# https://apps.nextcloud.com/apps/passman unzip -q /tmp/nextcloud.zip -d $INSTALL_DIR
wget_verify https://releases.passman.cc/passman_2.4.11.tar.gz f7e55bc38958702007b655a95898f617c1c0eab6 /tmp/passman.tgz mv $INSTALL_DIR/nextcloud $CLOUD_DIR
tar xf /tmp/passman.tgz -C $CLOUD_DIR/apps/ rm -f /tmp/nextcloud.zip
rm /tmp/passman.tgz
# https://apps.nextcloud.com/apps/keeweb # Empty the skeleton dir to save some space for each new user
wget_verify https://github.com/jhass/nextcloud-keeweb/releases/download/v0.6.20/keeweb-0.6.20.tar.gz 7980ab730d262e54e8e61ea3cfcd4ebde3846862 /tmp/keeweb.tgz rm -rf $CLOUD_DIR/core/skeleton/*
tar xf /tmp/keeweb.tgz -C $CLOUD_DIR/apps/
rm /tmp/keeweb.tgz
# https://apps.nextcloud.com/apps/passwords # Create the apps directory if it doesn't exist
wget_verify https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2025.2.0/passwords.tar.gz 244c9efb6bf55fb922d06a448da5c9a20b43cd89 /tmp/passwords.tgz mkdir -p $CLOUD_DIR/apps
tar xf /tmp/keeweb.tgz -C $CLOUD_DIR/apps/
rm /tmp/passwords.tgz
# Social sharing apps # Install additional Nextcloud apps
# https://apps.nextcloud.com/apps/socialsharing_email InstallNextcloudApps
wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_email-v3.3.0.tar.gz b00832ac733662cf3883648406fa73da464ada4d /tmp/socialsharing_email.tgz
tar xf /tmp/socialsharing_email.tgz -C $CLOUD_DIR/apps/
rm /tmp/socialsharing_email.tgz
# https://apps.nextcloud.com/apps/socialsharing_facebook # Fix directory permissions
wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_facebook-v3.3.0.tar.gz dae509b53edb9e1a58a61b090b21e5deada5891c /tmp/socialsharing_facebook.tgz chmod 750 $CLOUD_DIR/{apps,config}
tar xf /tmp/socialsharing_facebook.tgz -C $CLOUD_DIR/apps/
rm /tmp/socialsharing_facebook.tgz
# https://apps.nextcloud.com/apps/socialsharing_twitter # Create a symlink to the config.php in STORAGE_ROOT (for upgrades we're restoring the symlink we previously
wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_twitter-v3.3.0.tar.gz 0f357ab59e9148df28d9a12d0626818873c2575c /tmp/socialsharing_twitter.tgz # put in, and in new installs we're creating a symlink and will create the actual config later).
tar xf /tmp/socialsharing_twitter.tgz -C $CLOUD_DIR/apps/ ln -sf "$STORAGE_ROOT/nextcloud/config.php" $CLOUD_DIR/config/config.php
rm /tmp/socialsharing_twitter.tgz
# https://apps.nextcloud.com/apps/socialsharing_diaspora # Make sure permissions are correct or the upgrade step won't run.
wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_diaspora-v3.3.0.tar.gz cb366d346681daf95bd94dd105a4fab3bb601e9b /tmp/socialsharing_googleplus.tgz # $STORAGE_ROOT/owncloud may not yet exist, so use -f to suppress
tar xf /tmp/socialsharing_googleplus.tgz -C $CLOUD_DIR/apps/ # that error.
rm /tmp/socialsharing_googleplus.tgz chown -f -R www-data:www-data "$STORAGE_ROOT/nextcloud" $INSTALL_DIR || /bin/true
# https://apps.nextcloud.com/apps/socialsharing_bluesky # If this isn't a new installation, immediately run the upgrade script.
wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_bluesky-v3.3.0.tar.gz b4037e8cb26e658e3351a6d97310edc2120965b2 /tmp/socialsharing_bluesky.tgz # Then check for success (0=ok and 3=no upgrade needed, both are success).
tar xf /tmp/socialsharing_bluesky.tgz -C $CLOUD_DIR/apps/ if [ -e $STORAGE_ROOT/nextcloud/nextcloud.db ]; then
rm /tmp/socialsharing_bluesky.tgz sudo -u www-data php $CLOUD_DIR/occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
echo "Trying NextCloud upgrade again to work around NextCloud upgrade bug..."
sudo -u www-data php $CLOUD_DIR/occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
exit 1
fi
sudo -u www-data php $CLOUD_DIR/occ maintenance:mode --off
echo "...which seemed to work."
fi
# https://apps.nextcloud.com/apps/socialsharing_telegram # Add missing indices. NextCloud didn't include this in the normal upgrade because it might take some time.
wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_telegram-v3.3.0.tar.gz b4ec7393cb98943fbffc1c57d834cff72c9afd8f /tmp/socialsharing_telegram.tgz sudo -u www-data php8.2 $CLOUD_DIR/occ db:add-missing-indices
tar xf /tmp/socialsharing_telegram.tgz -C $CLOUD_DIR/apps/ sudo -u www-data php8.2 $CLOUD_DIR/occ db:add-missing-primary-keys
rm /tmp/socialsharing_telegram.tgz
# https://apps.nextcloud.com/apps/socialsharing_whatsapp # Run conversion to BigInt identifiers, this process may take some time on large tables.
wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_whatsapp-v3.3.0.tar.gz b5e922c76dd9409ca8954b2855c22f3775b28d35 /tmp/socialsharing_whatsapp.tgz sudo -u www-data php8.2 $CLOUD_DIR/occ db:convert-filecache-bigint --no-interaction
tar xf /tmp/socialsharing_whatsapp.tgz -C $CLOUD_DIR/apps/ fi
rm /tmp/socialsharing_whatsapp.tgz
# Bookmarks, Mail apps # Configure web server (Apache or Nginx)
# https://apps.nextcloud.com/apps/bookmarks case $CFG_WEBSERVER in
wget_spec_verify https://github.com/nextcloud/bookmarks/releases/download/v15.1.0/bookmarks-15.1.0.tar.gz 776e0c9a9679762d481428dc1a8928b9b7b3510c /tmp/bookmarks.tgz "apache")
tar xf /tmp/bookmarks.tgz -C $CLOUD_DIR/apps/ cat >> /etc/apache2/sites-available/nextcloud.conf <<EOF
rm /tmp/bookmarks.tgz <VirtualHost *:80>
DocumentRoot "$CLOUD_DIR"
ServerName cloud.$CFG_HOSTNAME_DOMAIN
# https://apps.nextcloud.com/apps/mail ErrorLog ${APACHE_LOG_DIR}/error.log
wget_verify https://github.com/nextcloud-releases/mail/releases/download/v4.2.2/mail-stable4.2.tar.gz 2f93388a1d4d367316326fa5bdb7bb0e086e2c80 /tmp/mail.tgz CustomLog ${APACHE_LOG_DIR}/access.log combined
tar xf /tmp/mail.tgz -C $CLOUD_DIR/apps/
rm /tmp/mail.tgz
# Video call <Directory $CLOUD_DIR/>
# https://apps.nextcloud.com/apps/spreed Options +FollowSymlinks
wget_verify https://github.com/nextcloud-releases/spreed/releases/download/v21.0.0/spreed-v21.0.0.tar.gz 51ef52d47b9bee281a63f12aa755f97a2c650f12 /tmp/spreed.tgz AllowOverride All
tar xf /tmp/spreed.tgz -C $CLOUD_DIR/apps/
rm /tmp/spreed.tgz
}
#--------------------------------------------------------------------- <IfModule mod_dav.c>
# Function: InstallNextcloud Dav off
# Install and configure Nextcloud </IfModule>
#---------------------------------------------------------------------
InstallNextcloud() {
nextcloud_ver=31.0.0
nextcloud_hash=545584d128e3242337548ac2cdf31e6019b738f4
echo -n -e "$IDENTATION_LVL_0 ${BWhite}Installing Nextcloud${NC}" SetEnv HOME $CLOUD_DIR/>
echo -n -e "$IDENTATION_LVL_1 Installing required packages... " SetEnv HTTP_HOME $CLOUD_DIR
Satisfy Any
# Install required PHP packages </Directory>
apt_install php8.2 php8.2-fpm php8.2-cli php8.2-sqlite php8.2-gd php8.2-imap php8.2-curl php-pear curl \
php8.2-dev memcached php-memcached php8.2-xml php8.2-mbstring php8.2-zip php8.2-apcu \
php8.2-fpm php8.2-mysql php8.2-xsl php8.2-gmp php8.2-bcmath php8.2-cgi php-gettext libxml2-dev \
php8.2-json php8.2-intl php8.2-imagick php8.2-common php8.2-opcache php8.2-readline php8.2
# Enable APC before Nextcloud tools are run </VirtualHost>
sed -i '1i apc.enabled=1\napc.enable_cli=1' /etc/php/8.2/mods-available/apcu.ini EOF
# Get current Nextcloud version if config.php exists cat >> /etc/apache2/sites-available/nextcloud-le-ssl.conf <<EOF
if [ -f "$CLOUD_DIR/config.php" ]; then <IfModule mod_headers.c>
CURRENT_NEXTCLOUD_VER=$(php8.2 -r "include(\"$CLOUD_DIR/config.php\"); echo(\$CONFIG['version']);") Header always set Strict-Transport-Security "max-age=15768000; preload"
else </IfModule>
CURRENT_NEXTCLOUD_VER="" EOF
fi
# Install or upgrade Nextcloud if necessary ln -s /etc/apache2/sites-available/nextcloud.conf /etc/apache2/sites-enabled/nextcloud.conf
if [ ! -d $CLOUD_DIR ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextcloud_ver ]]; then a2enmod rewrite headers env dir mime setenvif ssl
# Stop php-fpm if running. If theyre not running (which happens on a previously failed install), dont bail a2ensite default-ssl
systemctl restart php8.2-fpm stop &> /dev/null || /bin/true systemctl restart apache2
;;
"nginx")
cat > /etc/nginx/sites-available/nextcloud.vhost <<EOF;
server {
listen 80;
server_name cloud.$CFG_HOSTNAME_DOMAIN;
return 301 https://\$server_name\$request_uri;
}
# Backup existing Nextcloud installation server {
# Create a backup directory to store the current installation and database to # listen 80;
BACKUP_DIRECTORY=$CLOUD_DIR-backup/`date +"%Y-%m-%d-%T"` listen 443 ssl http2;
mkdir -p "$BACKUP_DIRECTORY" server_name cloud.$CFG_HOSTNAME_DOMAIN;
if [ -d $CLOUD_DIR/ ]; then
echo "Upgrading Nextcloud --- backing up existing installation, configuration, and database to $BACKUP_DIRECTORY..."
cp -r $CLOUD_DIR "$BACKUP_DIRECTORY/nextcloud-install"
fi
if [ -e "$STORAGE_ROOT/nextcloud/nextcloud.db" ]; then
cp "$STORAGE_ROOT/nextcloud/owncloud.db" "$BACKUP_DIRECTORY"
fi
if [ -e "$STORAGE_ROOT/nextcloud/config.php" ]; then
cp "$STORAGE_ROOT/nextcloud/config.php" "$BACKUP_DIRECTORY"
fi
# Perform version-specific upgrades ssl_protocols TLSv1.2 TLSv1.3;
if [ -n "${CURRENT_NEXTCLOUD_VER}" ]; then ssl_certificate /home/$SUDO_USER/.acme.sh/cloud.$CFG_HOSTNAME_DOMAIN/cloud.$CFG_HOSTNAME_DOMAIN.cer;
if [ -e "$CLOUD_DIR/config.php" ]; then ssl_certificate_key /home/$SUDO_USER/.acme.sh/cloud.$CFG_HOSTNAME_DOMAIN/cloud.$CFG_HOSTNAME_DOMAIN.key;
# Remove the read-onlyness of the config, which is needed for migrations, especially for v24
sed -i -e '/config_is_read_only/d' "$CLOUD_DIR/config.php"
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^27 ]]; then ssl_session_timeout 1d;
InstallNextcloudVer 28.0.14 8a9edcfd26d318eb7d1cfa44d69796f2d1098a80 ssl_session_cache shared:SSL:10m;
CURRENT_NEXTCLOUD_VER="28.0.14" ssl_session_tickets off;
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^28 ]]; then # Add headers to serve security related headers
InstallNextcloudVer 29.0.12 6cd53db7a8d730ebd5972081344db41eb2b174a8 # Before enabling Strict-Transport-Security headers please read into this
CURRENT_NEXTCLOUD_VER="29.0.12" # topic first.
fi add_header Strict-Transport-Security "max-age=15768000;preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^29 ]]; then # Path to the root of your installation
InstallNextcloudVer 30.0.6 c7171b03f9904a2051e765fe09ab3e95e2e564e6 root $CLOUD_DIR/;
CURRENT_NEXTCLOUD_VER="30.0.6"
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^30 ]]; then location = /robots.txt {
InstallNextcloudVer 31.0.0 545584d128e3242337548ac2cdf31e6019b738f4 allow all;
CURRENT_NEXTCLOUD_VER="31.0.0" log_not_found off;
fi access_log off;
fi }
else
InstallNextcloudVer $owncloud_ver $owncloud_hash
fi
# Configure Nextcloud permissions # The following 2 rules are only needed for the user_webfinger app.
cat >> ./nextcloud_permissions.sh <<EOF # Uncomment it if you're planning to use this app.
#!/bin/bash #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
ocpath='$CLOUD_DIR' location = /.well-known/carddav {
htuser='www-data' return 301 \$scheme://\$host/remote.php/dav;
htgroup='www-data' }
rootuser='root' location = /.well-known/caldav {
return 301 \$scheme://\$host/remote.php/dav;
}
printf "Creating possible missing Directories\n" location ~ /.well-known/acme-challenge {
mkdir -p \$ocpath/data allow all;
mkdir -p \$ocpath/assets }
mkdir -p \$ocpath/updater
printf "chmod Files and Directories\n" # set max upload size
find \${ocpath}/ -type f -print0 | xargs -0 chmod 0640 client_max_body_size 512M;
find \${ocpath}/ -type d -print0 | xargs -0 chmod 0770 fastcgi_buffers 64 4K;
printf "Setting directory ownership\n" # Disable gzip to avoid the removal of the ETag header
chown -R \${rootuser}:\${htgroup} \${ocpath}/ gzip off;
chown -R \${htuser}:\${htgroup} \${ocpath}/apps/
chown -R \${htuser}:\${htgroup} \${ocpath}/assets/ # Uncomment if your server is build with the ngx_pagespeed module
chown -R \${htuser}:\${htgroup} \${ocpath}/config/ # This module is currently not supported.
chown -R \${htuser}:\${htgroup} \${ocpath}/data/ #pagespeed off;
chown -R \${htuser}:\${htgroup} \${ocpath}/themes/
chown -R \${htuser}:\${htgroup} \${ocpath}/updater/
chmod +x \${ocpath}/occ error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
printf "Setting .htaccess permissions\n" location / {
if [ -f \${ocpath}/.htaccess ]; then rewrite ^ /index.php\$uri;
chmod 0644 \${ocpath}/.htaccess }
chown \${rootuser}:\${htgroup} \${ocpath}/.htaccess
fi
if [ -f \${ocpath}/data/.htaccess ]; then location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
chmod 0644 \${ocpath}/data/.htaccess deny all;
chown \${rootuser}:\${htgroup} \${ocpath}/data/.htaccess }
fi location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
EOF deny all;
}
chmod +x ./nextcloud_permissions.sh location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
#./nextcloud_permissions.sh include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_param PATH_INFO \$fastcgi_path_info;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
# Create initial configuration location ~ ^/(?:updater|ocs-provider)(?:$|/) {
instanceid=oc$(echo $CFG_HOSTNAME_DOMAIN | sha1sum | fold -w 10 | head -n 1) try_files \$uri/ =404;
index index.php;
}
echo -n "Creating Nextcloud settings and database..." # Adding the cache control header for js and css files
CFG_CLOUDDBNAME=nextcloud # Make sure it is BELOW the PHP block
CFG_CLOUDDBUSER=nextcloud location ~* \.(?:css|js)$ {
CFG_CLOUDDBPWD=$(dd if=/dev/urandom bs=1 count=64 2>/dev/null | sha256sum | fold -w 40 | head -n 1) try_files \$uri /index.php\$uri\$is_args\$args;
dbruser=root add_header Cache-Control "public, max-age=7200";
CFG_CLOUDADMINUSER=root # Add headers to serve security related headers (It is intended to
CFG_CLOUDADMINPWD=$(dd if=/dev/urandom bs=1 count=64 2>/dev/null | sha256sum | fold -w 40 | head -n 1) # have those duplicated to the ones above)
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
case $CFG_CLOUDDBTYPE in location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
"mysql") try_files \$uri /index.php\$uri\$is_args\$args;
if [ $CFG_CLOUDDBHOST == "localhost" ]; then # Optional: Don't log access to other assets
mariadb -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "CREATE DATABASE $CFG_CLOUDDBNAME" > /dev/null 2>&1 access_log off;
#mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "CREATE DATABASE $CFG_CLOUDDBNAME CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci" > /dev/null 2>&1 }
mariadb -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "USE $CFG_CLOUDDBNAME" > /dev/null 2>&1 }
mariadb -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "GRANT ALL PRIVILEGES ON $CFG_CLOUDDBNAME.* TO '$CFG_CLOUDDBUSER'@'localhost' IDENTIFIED BY '$CFG_CLOUDDBPWD'" > /dev/null 2>&1 EOF
mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "flush privileges;" > /dev/null 2>&1
else
mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -h $CFG_CLOUDDBHOST -e "CREATE DATABASE $CFG_CLOUDDBNAME" > /dev/null 2>&1
mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -h $CFG_CLOUDDBHOST -e "USE $CFG_CLOUDDBNAME" > /dev/null 2>&1
mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -h $CFG_CLOUDDBHOST -e "GRANT ALL PRIVILEGES ON $CFG_CLOUDDBNAME.* TO '$CFG_CLOUDDBUSER'@'%' IDENTIFIED BY '$CFG_CLOUDDBPWD'" > /dev/null 2>&1
mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "flush privileges;" > /dev/null 2>&1
fi
# Enable UTF8mb4 (4-byte support) mkdir -p /etc/nginx/sites-enabled
#databases=$(mysql -u root -p"$CFG_MYSQL_ROOT_PWD" -e "SHOW DATABASES;" | tr -d "| " | grep -v Database) ln -s /etc/nginx/sites-available/nextcloud.vhost /etc/nginx/sites-enabled/nextcloud.vhost
#for db in $databases; do ;;
# if [[ "$db" != "performance_schema" ]] && [[ "$db" != _* ]] && [[ "$db" != "information_schema" ]]; esac
# then }
# echo "Changing to UTF8mb4 on: $db"
# mysql -u root -p"$CFG_MYSQL_ROOT_PWD" -e "ALTER DATABASE $db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
# fi
#done
# Repair and set Nextcloud config values InstallNextcloudApps() {
#mysqlcheck -u root -p"$CFG_MYSQL_ROOT_PWD" --auto-repair --optimize --all-databases # Admin
#sudo -u www-data "$STORAGE_ROOT"/owncloud/occ config:system:set mysql.utf8mb4 --type boolean --value="true" # https://apps.nextcloud.com/apps/onlyoffice
#sudo -u www-data "$STORAGE_ROOT"/owncloud/occ maintenance:repair #wget_verify https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v9.6.0/onlyoffice.tar.gz fce197299377535b64097e86458cd9b2a8f98cf0 /tmp/onlyoffice.tgz
#tar xf /tmp/onlyoffice.tgz -C $CLOUD_DIR/apps/
#rm /tmp/onlyoffice.tgz
sudo -u www-data php8.2 "$CLOUD_DIR"/occ maintenance:install \ # https://apps.nextcloud.com/apps/richdocuments
--database "mysql" \ wget_verify https://github.com/nextcloud-releases/richdocuments/releases/download/v8.6.1/richdocuments-v8.6.1.tar.gz c5db28abb1481f74fd7e80539d322f81a3327dcb /tmp/richdocuments.tgz
--database-name "$CFG_CLOUDDBNAME" \ tar xf /tmp/richdocuments.tgz -C $CLOUD_DIR/apps/
--database-user "$CFG_CLOUDDBUSER" \ rm /tmp/richdocuments.tgz
--database-pass "$CFG_CLOUDDBPWD" \
--database-host="$CFG_CLOUDDBHOST" \
--database-port="3306" \
--admin-user "$CFG_CLOUDADMINUSER" \
--admin-pass "$CFG_CLOUDADMINPWD" \
--data-dir "$STORAGE_ROOT/nextcloud" \
--admin-email "cloud@$CFG_HOSTNAME_DOMAIN" \
--instanceid "$instanceid"
# Set SMTP mail # https://apps.nextcloud.com/apps/drop_account
#sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpmode --value="smtp" wget_verify https://packages.framasoft.org/projects/nextcloud-apps/drop-account/drop_account-2.7.1.tar.gz b14b9011f85ba25ce13ff4cedd1e50e96bcffdec /tmp/drop_account.tgz
# Set logrotate tar xf /tmp/drop_account.tgz -C $CLOUD_DIR/apps/
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set log_rotate_size --value="10485760" rm /tmp/drop_account.tgz
# Added trusted domains
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set trusted_domains 1 --value=$IP_ADDRESS
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set trusted_domains 2 --value=cloud.$CFG_HOSTNAME_DOMAIN
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set memcache.local --value '\OC\Memcache\APCu' # https://apps.nextcloud.com/apps/files_accesscontrol
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_from_address --value 'cloud_administrator' wget_verify https://github.com/nextcloud-releases/files_accesscontrol/releases/download/v2.0.0/files_accesscontrol-v2.0.0.tar.gz 5b8a2c489cb36bed2cd490c1517506612cdfb804 /tmp/files_accesscontrol.tgz
TIMEZONE=$(cat /etc/timezone) tar xf /tmp/files_accesscontrol.tgz -C $CLOUD_DIR/apps/
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set logtimezone --value=$TIMEZONE rm /tmp/files_accesscontrol.tgz
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set logdateformat --value 'Y-m-d H:i:s'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_domain --value=$CFG_HOSTNAME_DOMAIN
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set overwrite.cli.url --value 'https://$CFG_HOSTNAME_DOMAIN/cloud'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set log_type --value 'syslog'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set syslog_tag --value 'Nextcloud'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set system_addressbook_exposed --value 'no'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpmode --value 'sendmail'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpauth --type boolean --value true
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtphost --value '127.0.0.1'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpport --value '587'
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpsecure --value ''
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpname --value ''
sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtppassword --value ''
CONFIG_FILE="$CLOUD_DIR/config/config.php" # https://apps.nextcloud.com/apps/files_antivirus
wget_verify https://github.com/nextcloud-releases/files_antivirus/releases/download/v6.0.0-beta.1/files_antivirus-v6.0.0-beta.1.tar.gz dc44dc2d9459050cd3a10464830f62b25772c9e1 /tmp/files_antivirus.tgz
tar xf /tmp/files_antivirus.tgz -C $CLOUD_DIR/apps/
rm /tmp/files_antivirus.tgz
if ! grep -q "'config_is_read_only'" "$CONFIG_FILE"; then # https://apps.nextcloud.com/apps/ransomware_protection
sed -i "/);/i \$CONFIG['config_is_read_only'] = false;" "$CONFIG_FILE" #wget_verify https://github.com/nextcloud/ransomware_protection/releases/download/v1.5.1/ransomware_protection-1.5.1.tar.gz 77d05b65a049dfbf29a3a4c7fa70903ef10fdb6e /tmp/ransomware_protection.tgz
fi #tar xf /tmp/ransomware_protection.tgz -C $CLOUD_DIR/apps/
#rm /tmp/ransomware_protection.tgz
if ! grep -q "'user_backends'" "$CONFIG_FILE"; then # Admin apps
sed -i "/);/i \$CONFIG['user_backends'] = array(\n array(\n 'class' => '\\\\OCA\\\\UserExternal\\\\IMAP',\n 'arguments' => array(\n '127.0.0.1', 143, null, null, false, false\n ),\n ),\n);" "$CONFIG_FILE" # https://apps.nextcloud.com/apps/sociallogin
fi # 'social_login_auto_redirect' => true setting in config.php
wget_verify https://github.com/zorn-v/nextcloud-social-login/releases/download/v5.9.2/release.tar.gz 6d44480bd798e40489c5fea716a1f214c803bf79 /tmp/sociallogin.tgz
tar xf /tmp/sociallogin.tgz -C $CLOUD_DIR/apps/
rm /tmp/sociallogin.tgz
chown www-data.www-data $CLOUD_DIR/config.php # https://apps.nextcloud.com/apps/external
wget_verify https://github.com/nextcloud-releases/external/releases/download/v6.0.1/external-v6.0.1.tar.gz d8b5ec2c9911ebf4b8a5a6cb53b1f54336c0a4ec /tmp/external.tgz
tar xf /tmp/external.tgz -C $CLOUD_DIR/apps/
rm /tmp/external.tgz
# Enable/disable apps. Note that this must be done after the Nextcloud setup. # https://apps.nextcloud.com/apps/sharepoint
# The firstrunwizard gave Josh all sorts of problems, so disabling that. wget_verify https://github.com/nextcloud-releases/sharepoint/releases/download/v1.19.0/sharepoint-v1.19.0.tar.gz 108cbeb8a018631d1723a9a2e46411feeb42f60d /tmp/sharepoint.tgz
# user_external is what allows Nextcloud to use IMAP for login. The contacts tar xf /tmp/sharepoint.tgz -C $CLOUD_DIR/apps/
# and calendar apps are the extensions we really care about here. rm /tmp/sharepoint.tgz
hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:disable firstrunwizard
hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable user_external
hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable contacts
hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable calendar
# When upgrading, run the upgrade script again now that apps are enabled. It seems like # https://apps.nextcloud.com/apps/announcementcenter
# the first upgrade at the top won't work because apps may be disabled during upgrade? wget_verify https://github.com/nextcloud-releases/announcementcenter/releases/download/v7.1.0/announcementcenter-v7.1.0.tar.gz acd361da895a91d3cf71fe3569287dc2e90e0842 /tmp/announcementcenter.tgz
# Check for success (0=ok, 3=no upgrade needed). tar xf /tmp/announcementcenter.tgz -C $CLOUD_DIR/apps/
sudo -u www-data php8.2 $CLOUD_DIR/occ upgrade rm /tmp/announcementcenter.tgz
E=$?
if [ $E -ne 0 ] && [ $E -ne 3 ]; then exit 1; fi
# Disable default apps that are not needed # https://apps.nextcloud.com/apps/impersonate
sudo -u www-data php8.2 $CLOUD_DIR/occ app:disable photos dashboard activity weather_status logreader | (grep -v "No such app enabled" || /bin/true) wget_verify https://github.com/nextcloud-releases/impersonate/releases/download/v2.0.0/impersonate-v2.0.0.tar.gz a67366f5de79be2dc6f71ee0ce5cf027555e90f9 /tmp/impersonate.tgz
tar xf /tmp/impersonate.tgz -C $CLOUD_DIR/apps/
rm /tmp/impersonate.tgz
# Install additional apps # https://apps.nextcloud.com/apps/ocdownloader
(sudo -u www-data php8.2 $CLOUD_DIR/occ app:install notes) || true #wget_verify https://github.com/e-alfred/ocdownloader/releases/download/1.6.0-Alpha2/ocdownloader_1.6.0alpha2 59625f5ec936ab1c26744f222718124848944d9d /tmp/ocdownloader.tgz
hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable notes #tar xf /tmp/ocdownloader.tgz -C $CLOUD_DIR/apps/
#rm /tmp/ocdownloader.tgz
(sudo -u www-data php8.2 $CLOUD_DIR/occ app:install twofactor_totp) || true # https://apps.nextcloud.com/apps/files_retention
hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable twofactor_totp wget_verify https://github.com/nextcloud-releases/files_retention/releases/download/v2.0.0/files_retention-v2.0.0.tar.gz 8a99fbd808d9e561230ec706981f68a1f9649597 /tmp/files_retention.tgz
tar xf /tmp/files_retention.tgz -C $CLOUD_DIR/apps/
rm /tmp/files_retention.tgz
# Upgrade all apps # https://apps.nextcloud.com/apps/files_automatedtagging
sudo -u www-data php $CLOUD_DIR/occ app:update --all wget_verify https://github.com/nextcloud-releases/files_automatedtagging/releases/download/v2.0.0/files_automatedtagging-v2.0.0.tar.gz a532f0d6f81770029027fb6372fd8c30bb0eb064 /tmp/files_automatedtagging.tgz
tar xf /tmp/files_automatedtagging.tgz -C $CLOUD_DIR/apps/
rm /tmp/files_automatedtagging.tgz
echo # https://apps.nextcloud.com/apps/groupfolders
echo "Nextcloud version:" wget_verify https://github.com/nextcloud-releases/groupfolders/releases/download/v19.0.3/groupfolders-v19.0.3.tar.gz 08ac7404b17886589fe258e29d55a4213804aef1 /tmp/groupfolders.tgz
sudo -u www-data php8.2 "$CLOUD_DIR"/occ status tar xf /tmp/groupfolders.tgz -C $CLOUD_DIR/apps/
sleep 3 rm /tmp/groupfolders.tgz
echo
;; # https://apps.nextcloud.com/apps/checksum
"sqlite") wget_verify https://github.com/westberliner/checksum/releases/download/v1.2.5/checksum.tar.gz 808f28d315f1aa30543090dceeded22f8b951fa1 /tmp/checksum.tgz
# Setup Nextcloud if the Nextcloud database does not yet exist. Running setup when tar xf /tmp/checksum.tgz -C $CLOUD_DIR/apps/
# the database does exist wipes the database and user data. rm /tmp/checksum.tgz
if [ ! -f $STORAGE_ROOT/owncloud/owncloud.db ]; then
# Create user data directory # https://apps.nextcloud.com/apps/fulltextsearch
#mkdir -p $STORAGE_ROOT/owncloud wget_verify https://github.com/nextcloud-releases/fulltextsearch/releases/download/31.0.0/fulltextsearch-31.0.0.tar.gz 0858ae675775c642efb8874b074f1158a7d239a3 /tmp/fulltextsearch.tgz
tar xf /tmp/fulltextsearch.tgz -C $CLOUD_DIR/apps/
rm /tmp/fulltextsearch.tgz
# Set permissions # https://apps.nextcloud.com/apps/quota_warning
#chown -R www-data.www-data $STORAGE_ROOT/owncloud $STORAGE_ROOT/owncloud wget_verify https://github.com/nextcloud-releases/quota_warning/releases/download/v1.21.0/quota_warning-v1.21.0.tar.gz a973fc59753dd124e9dd7ab763863650e90873ca /tmp/quota_warning.tgz
tar xf /tmp/quota_warning.tgz -C $CLOUD_DIR/apps/
rm /tmp/quota_warning.tgz
# Execute Nextcloud's setup step, which creates the Nextcloud sqlite database. # https://apps.nextcloud.com/apps/user_usage_report
# It also wipes it if it exists. And it updates config.php with database wget_verify https://github.com/nextcloud-releases/user_usage_report/releases/download/v2.0.0/user_usage_report-v2.0.0.tar.gz 1437f10a2d6cd8da7650054896e0ce57ab566cfb /tmp/user_usage_report.tgz
# settings and deletes the autoconfig.php file. tar xf /tmp/user_usage_report.tgz -C $CLOUD_DIR/apps/
# (cd $STORAGE_ROOT/owncloud; sudo -u www-data php $STORAGE_ROOT/owncloud/index.php;) rm /tmp/user_usage_report.tgz
fi
# Migrate users_external data from <0.6.0 to version 3.0.0 # https://apps.nextcloud.com/apps/unsplash
# (see https://github.com/nextcloud/user_external). #wget_verify https://github.com/jancborchardt/unsplash/releases/download/v1.1.3/unsplash-1.1.3.tar.gz e4f8c62067cbf657fbff80f744b9991e55448520 /tmp/unsplash.tgz
# This version was probably in use in Mail-in-a-Box v0.41 (February 26, 2019) and earlier. #tar xf /tmp/unsplash.tgz -C $CLOUD_DIR/apps/
# We moved to v0.6.3 in 193763f8. Ignore errors - maybe there are duplicated users with the #rm /tmp/unsplash.tgz
# correct backend already.
sqlite3 "$STORAGE_ROOT/owncloud/owncloud.db" "UPDATE oc_users_external SET backend='127.0.0.1';" || /bin/true
;;
esac
# https://apps.nextcloud.com/apps/twofactor_admin
#wget_verify https://github.com/ChristophWurst/twofactor_admin/releases/download/v0.2.0/twofactor_admin.tar.gz c669e1c0c0323702d6a44d404f00a543cbb5d941 /tmp/twofactor_admin.tgz
#tar xf /tmp/twofactor_admin.tgz -C $CLOUD_DIR/apps/
#rm /tmp/twofactor_admin.tgz
# Set PHP FPM values to support large file uploads # https://apps.nextcloud.com/apps/contacts
# (semicolon is the comment character in this file, hashes produce deprecation warnings) wget_verify https://github.com/nextcloud-releases/contacts/releases/download/v7.0.1/contacts-v7.0.1.tar.gz 9e4ae15e80e6df6444f62491eecf73ae63b12ab1 /tmp/contacts.tgz
#sed -i "s/upload_max_filesize =.*/upload_max_filesize = 16G/g" /etc/php/8.2/fpm/php.ini tar xf /tmp/contacts.tgz -C $CLOUD_DIR/apps/
sed -i "s/upload_max_filesize =.*/upload_max_filesize = 1G/g" /etc/php/8.2/fpm/php.ini rm /tmp/contacts.tgz
#sed -i "s/post_max_size =.*/post_max_size = 16G/g" /etc/php/8.2/fpm/php.ini
sed -i "s/post_max_size =.*/post_max_size = 1G/g" /etc/php/8.2/fpm/php.ini
sed -i "s/output_buffering =.*/output_buffering = 16384/g" /etc/php/8.2/fpm/php.ini
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/8.2/fpm/php.ini
sed -i "s/max_execution_time =.*/max_execution_time = 600/g" /etc/php/8.2/fpm/php.ini
sed -i "s/short_open_tag =.*/short_open_tag = On/g" /etc/php/8.2/fpm/php.ini
#management/editconf.py /etc/php/8.2/fpm/php.ini -c ';' \ # https://apps.nextcloud.com/apps/calendar
# upload_max_filesize=16G \ wget_verify https://github.com/nextcloud-releases/calendar/releases/download/v5.1.2/calendar-v5.1.2.tar.gz 4f5c310ebd1f65c66a4a5d9e70ea4701698d79ea /tmp/calendar.tgz
# post_max_size=16G \ tar xf /tmp/calendar.tgz -C $CLOUD_DIR/apps/
# output_buffering=16384 \ rm /tmp/calendar.tgz
# memory_limit=512M \
# max_execution_time=600 \
# short_open_tag=On
# Set Nextcloud recommended opcache settings # https://apps.nextcloud.com/apps/event_update_notification
#if grep -q opcache.enable=0 /etc/php/7.3/mods-available/apcu.ini; then wget_verify https://github.com/nextcloud-releases/event_update_notification/releases/download/v2.6.1/event_update_notification-v2.6.1.tar.gz e1360a65c28df9670cf963830a9e836c8fb5016b /tmp/event_update_notification.tgz
# sed -i "s/;opcache.enable=.*/opcache.enable=1/g" /etc/php/7.3/fpm/php.ini tar xf /tmp/event_update_notification.tgz -C $CLOUD_DIR/apps/
#fi rm /tmp/event_update_notification.tgz
sed -i "s/;opcache.enable.*/opcache.enable=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
sed -i "s/;opcache.enable_cli.*/opcache.enable_cli=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
sed -i "s/;opcache.interned_strings_buffer.*/opcache.interned_strings_buffer=16/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
sed -i "s/max_accelerated_files=.*/max_accelerated_files=10000/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
sed -i "s/opcache.memory_consumption=.*/opcache.memory_consumption=128/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
sed -i "s/opcache.revalidate_freq=.*/opcache.revalidate_freq=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
#management/editconf.py /etc/php/8.2/cli/conf.d/10-opcache.ini -c ';' \ # https://apps.nextcloud.com/apps/notes
# opcache.enable=1 \ wget_verify https://github.com/nextcloud-releases/notes/releases/download/v4.11.0/notes-v4.11.0.tar.gz 7f8f42387e05c9a2ecfc4c490861ebebcbaec264 /tmp/notes.tgz
# opcache.enable_cli=1 \ tar xf /tmp/notes.tgz -C $CLOUD_DIR/apps/
# opcache.interned_strings_buffer=16 \ rm /tmp/notes.tgz
# opcache.max_accelerated_files=10000 \
# opcache.memory_consumption=128 \
# opcache.save_comments=1 \
# opcache.revalidate_freq=1
# Configure the path environment for php-fpm # https://apps.nextcloud.com/apps/tasks
sed -i '/env\[PATH/s/;//g' /etc/php/8.2/fpm/pool.d/www.conf wget_verify https://github.com/nextcloud/tasks/releases/download/v0.16.1/tasks.tar.gz 69069c4bf0de8faf61a3d7b758d087e87cbeba27 /tmp/tasks.tgz
tar xf /tmp/tasks.tgz -C $CLOUD_DIR/apps/
rm /tmp/tasks.tgz
# If apc is explicitly disabled we need to enable it # https://apps.nextcloud.com/apps/deck
#if grep -q apc.enabled=0 /etc/php/8.2/mods-available/apcu.ini; then wget_verify https://github.com/nextcloud-releases/deck/releases/download/v1.15.0/deck-v1.15.0.tar.gz 92b15aa14f157045455d47dad2a3993141500f4e /tmp/deck.tgz
#if grep -q apc.enabled=1 /etc/php/8.2/mods-available/apcu.ini; then tar xf /tmp/deck.tgz -C $CLOUD_DIR/apps/
# echo "apc.enabled=1" >> /etc/php/8.2/mods-available/apcu.ini rm /tmp/deck.tgz
#fi
# Set up a general cron job for Nextcloud. # GPS apps
# Also add another job for Calendar updates, per advice in the Nextcloud docs # https://apps.nextcloud.com/apps/phonetrack
# https://docs.nextcloud.com/server/24/admin_manual/groupware/calendar.html#background-jobs wget_verify https://github.com/julien-nc/phonetrack/releases/download/v0.8.2/phonetrack-0.8.2.tar.gz 4f088acd122249e24cae05abdebcf0e3c72bdd9d /tmp/phonetrack.tgz
cat > /etc/cron.d/cron-nextcloud << EOF; tar xf /tmp/phonetrack.tgz -C $CLOUD_DIR/apps/
#!/bin/bash rm /tmp/phonetrack.tgz
# Wolftronics server setup script
*/5 * * * * root sudo -u www-data php8.2 -f $CLOUD_DIR/cron.php
*/5 * * * * root sudo -u www-data php8.2 -f $CLOUD_DIR/occ dav:send-event-reminders
EOF
chmod +x /etc/cron.d/cron-nextcloud
# We also need to change the sending mode from background-job to occ # https://apps.nextcloud.com/apps/gpxpod
# Or else the reminders will just be sent as soon as possible when the background jobs run wget_verify https://github.com/julien-nc/gpxpod/releases/download/v7.0.4/gpxpod-7.0.4.tar.gz 09d1bceab95bfb088ee28c61b82601e551e40a48 /tmp/gpxpod.tgz
hide_output sudo -u www-data php8.2 -f $CLOUD_DIR/occ config:app:set dav sendEventRemindersMode --value occ tar xf /tmp/gpxpod.tgz -C $CLOUD_DIR/apps/
rm /tmp/gpxpod.tgz
# Run the maintenance command # Password apps
hide_output sudo -u www-data php8.2 $CLOUD_DIR/occ maintenance:repair --include-expensive # https://apps.nextcloud.com/apps/passman
wget_verify https://releases.passman.cc/passman_2.4.11.tar.gz f7e55bc38958702007b655a95898f617c1c0eab6 /tmp/passman.tgz
tar xf /tmp/passman.tgz -C $CLOUD_DIR/apps/
rm /tmp/passman.tgz
# Set the config to read-only # https://apps.nextcloud.com/apps/keeweb
sed -i'' "s/'config_is_read_only'\s*=>\s*false/'config_is_read_only' => true/" "$STORAGE_ROOT/owncloud/config.php" wget_verify https://github.com/jhass/nextcloud-keeweb/releases/download/v0.6.20/keeweb-0.6.20.tar.gz 7980ab730d262e54e8e61ea3cfcd4ebde3846862 /tmp/keeweb.tgz
tar xf /tmp/keeweb.tgz -C $CLOUD_DIR/apps/
rm /tmp/keeweb.tgz
# Create nextcloud log in /var/log # https://apps.nextcloud.com/apps/passwords
hide_output install -m 644 conf/rsyslog/20-nextcloud.conf /etc/rsyslog.d/ wget_verify https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2025.2.0/passwords.tar.gz 244c9efb6bf55fb922d06a448da5c9a20b43cd89 /tmp/passwords.tgz
tar xf /tmp/keeweb.tgz -C $CLOUD_DIR/apps/
rm /tmp/passwords.tgz
# There's nothing much of interest that a user could do as an admin for Nextcloud, # Social sharing apps
# and there's a lot they could mess up, so we don't make any users admins of Nextcloud. # https://apps.nextcloud.com/apps/socialsharing_email
# But if we wanted to, we would do this: wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_email-v3.3.0.tar.gz b00832ac733662cf3883648406fa73da464ada4d /tmp/socialsharing_email.tgz
# ``` tar xf /tmp/socialsharing_email.tgz -C $CLOUD_DIR/apps/
# for user in $(management/cli.py user admins); do rm /tmp/socialsharing_email.tgz
# sqlite3 $STORAGE_ROOT/owncloud/owncloud.db "INSERT OR IGNORE INTO oc_group_user VALUES ('admin', '$user')"
# done
# ```
# Enable PHP modules and restart PHP. # https://apps.nextcloud.com/apps/socialsharing_facebook
restart_service php8.2-fpm wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_facebook-v3.3.0.tar.gz dae509b53edb9e1a58a61b090b21e5deada5891c /tmp/socialsharing_facebook.tgz
tar xf /tmp/socialsharing_facebook.tgz -C $CLOUD_DIR/apps/
rm /tmp/socialsharing_facebook.tgz
#echo -n "Configuring Redis Cache for nextCloud..." # https://apps.nextcloud.com/apps/socialsharing_twitter
#hide_output add-apt-repository -y ppa:chris-lea/redis-server wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_twitter-v3.3.0.tar.gz 0f357ab59e9148df28d9a12d0626818873c2575c /tmp/socialsharing_twitter.tgz
#hide_output apt-get update tar xf /tmp/socialsharing_twitter.tgz -C $CLOUD_DIR/apps/
#apt_get_quiet upgrade rm /tmp/socialsharing_twitter.tgz
#apt_install redis-server
#systemctl restart apache2
#systemctl restart nginx
#phpenmod redis
#hide_output systemctl start redis-server
#hide_output systemctl enable redis-server
#apt_install php-redis
#cat >> $STORAGE_ROOT/owncloud/config/config.php <<EOF # https://apps.nextcloud.com/apps/socialsharing_diaspora
#'memcache.distributed' => '\OC\Memcache\Redis', wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_diaspora-v3.3.0.tar.gz cb366d346681daf95bd94dd105a4fab3bb601e9b /tmp/socialsharing_googleplus.tgz
#'memcache.local' => '\OC\Memcache\Redis', tar xf /tmp/socialsharing_googleplus.tgz -C $CLOUD_DIR/apps/
#'memcache.locking' => '\OC\Memcache\Redis', rm /tmp/socialsharing_googleplus.tgz
#'redis' => array(
# 'host' => 'localhost',
# 'port' => 6379,
# ),
#EOF
}
#--------------------------------------------------------------------- # https://apps.nextcloud.com/apps/socialsharing_bluesky
# Function: InstallCloud wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_bluesky-v3.3.0.tar.gz b4037e8cb26e658e3351a6d97310edc2120965b2 /tmp/socialsharing_bluesky.tgz
# Install and configure Nextcloud or Seafile based on configuration tar xf /tmp/socialsharing_bluesky.tgz -C $CLOUD_DIR/apps/
#--------------------------------------------------------------------- rm /tmp/socialsharing_bluesky.tgz
InstallCloud() {
STORAGE_ROOT="/var/www"
case $CFG_CLOUDTYPE in # https://apps.nextcloud.com/apps/socialsharing_telegram
"nextcloud") wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_telegram-v3.3.0.tar.gz b4ec7393cb98943fbffc1c57d834cff72c9afd8f /tmp/socialsharing_telegram.tgz
INSTALL_DIR=/usr/local/lib/nextcloud tar xf /tmp/socialsharing_telegram.tgz -C $CLOUD_DIR/apps/
CLOUD_DIR=$INSTALL_DIR/cloud rm /tmp/socialsharing_telegram.tgz
InstallNextcloud
;;
"seafile")
echo -e "Not implemented!!!"
;;
esac
# Generate SSL certificate # https://apps.nextcloud.com/apps/socialsharing_whatsapp
systemctl stop nginx wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_whatsapp-v3.3.0.tar.gz b5e922c76dd9409ca8954b2855c22f3775b28d35 /tmp/socialsharing_whatsapp.tgz
if [ "$CFG_SSL_NEW" == "yes" ]; then tar xf /tmp/socialsharing_whatsapp.tgz -C $CLOUD_DIR/apps/
sh /root/.acme.sh/acme.sh --issue --standalone -d cloud.$CFG_HOSTNAME_DOMAIN --force >> $PROGRAMS_INSTALL_LOG_FILES 2>&1 rm /tmp/socialsharing_whatsapp.tgz
else
#cp -av /home/administrator/wtlinux_server_setup/acme_ssl/arbajnok/cloud.$CFG_HOSTNAME_DOMAIN ~/.acme.sh/
cp -av /home/$SUDO_USER/wtlinux_server_setup/acme_ssl/$CFG_HOSTNAME_DOMAIN/cloud.$CFG_HOSTNAME_DOMAIN /root/.acme.sh/ >> $PROGRAMS_INSTALL_LOG_FILES 2>&1
fi
systemctl restart nginx # Bookmarks, Mail apps
# https://apps.nextcloud.com/apps/bookmarks
wget_spec_verify https://github.com/nextcloud/bookmarks/releases/download/v15.1.0/bookmarks-15.1.0.tar.gz 776e0c9a9679762d481428dc1a8928b9b7b3510c /tmp/bookmarks.tgz
tar xf /tmp/bookmarks.tgz -C $CLOUD_DIR/apps/
rm /tmp/bookmarks.tgz
# Save configuration details # https://apps.nextcloud.com/apps/mail
cat >> /home/$SUDO_USER/wtlinux_server_setup/wtserver_configuration.txt <<EOF wget_verify https://github.com/nextcloud-releases/mail/releases/download/v4.2.2/mail-stable4.2.tar.gz 2f93388a1d4d367316326fa5bdb7bb0e086e2c80 /tmp/mail.tgz
# $CFG_CLOUDTYPE store the passwords tar xf /tmp/mail.tgz -C $CLOUD_DIR/apps/
#------------------------------ rm /tmp/mail.tgz
URL : $url
$CFG_CLOUDTYPE Admin : $CFG_CLOUDADMINUSER
$CFG_CLOUDTYPE Password : $CFG_CLOUDADMINPWD
Database type : $CFG_CLOUDDBTYPE # Video call
Database host : $CFG_CLOUDDBHOST # https://apps.nextcloud.com/apps/spreed
Database port : $CFG_CLOUDDBPORT wget_verify https://github.com/nextcloud-releases/spreed/releases/download/v21.0.0/spreed-v21.0.0.tar.gz 51ef52d47b9bee281a63f12aa755f97a2c650f12 /tmp/spreed.tgz
Database name : $CFG_CLOUDDBNAME tar xf /tmp/spreed.tgz -C $CLOUD_DIR/apps/
Database user : $CFG_CLOUDDBUSER rm /tmp/spreed.tgz
Database password : $CFG_CLOUDDBPWD
#------------------------------
EOF
echo -e "[${green}DONE${NC}]"
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment