diff options
author | Einer von Vielen <tomwie@users.sourceforge.net> | 2016-01-10 18:25:36 +0100 |
---|---|---|
committer | Einer von Vielen <tomwie@users.sourceforge.net> | 2016-01-10 18:25:36 +0100 |
commit | d4645ec609463986b87d83a17b63852258f5c1f8 (patch) | |
tree | 299a411889a851280156d04103ee0b482a9d5f7f /.homeinstall | |
parent | 51f34b6b07809f3ecea0e9f37764c5c077967366 (diff) | |
download | volse-hubzilla-d4645ec609463986b87d83a17b63852258f5c1f8.tar.gz volse-hubzilla-d4645ec609463986b87d83a17b63852258f5c1f8.tar.bz2 volse-hubzilla-d4645ec609463986b87d83a17b63852258f5c1f8.zip |
Added files for installation script
Diffstat (limited to '.homeinstall')
-rw-r--r-- | .homeinstall/README.md | 155 | ||||
-rw-r--r-- | .homeinstall/hubzilla-config.txt | 175 | ||||
-rwxr-xr-x | .homeinstall/hubzilla-setup.sh | 788 |
3 files changed, 1118 insertions, 0 deletions
diff --git a/.homeinstall/README.md b/.homeinstall/README.md new file mode 100644 index 000000000..62c860cd5 --- /dev/null +++ b/.homeinstall/README.md @@ -0,0 +1,155 @@ +# Hubzilla at Home next to your Router + +Run hubzilla-setup.sh for an unattended installation of hubzilla. + +The script is known to work with Debian stable (Jessie). + +# Step-by-Step Overwiew + +## Preconditions + +Hardware + ++ Internet connection and router at home ++ Mini-pc connected to your router ++ USB drive for backups + +Software + ++ Fresh installation of Debian on your mini-pc ++ Router with open ports 80 and 443 for your Debian + +## The basic steps + ++ Register your own domain (for example at selfHOST) or a free subdomain (for example at freeDNS) ++ Clone hubzilla to /var/www/html ++ Copy hubzilla-config.txt and hubzilla-setup.sh to your Debian (future hub) ++ Edit hubzilla-config.txt. Enter your values there: db pass, domain, values for dyn DNS ++ Run hubzilla-setup.sh as root ... wait, wait, wait until the script is finised ++ Open your domain with a browser and step throught the initial configuration of hubzilla. + +# Step-by-Step in Detail + +## Preparations Hardware + +### Mini-PC + +### Recommended: USB Drive for Backups + +The installation will create a daily backup. + +If the backup process does not find an external device than the backup goes to +the internal disk. + +The USB drive must be compatible with an encrpyted filesystem LUKS + ext4. + +## Preparations Software + +### Install Debian Linux on the Mini-PC + +Download the stable Debian at https://www.debian.org/ + +Create bootable USB drive with Debian on it. You could use the programm +unetbootin, https://en.wikipedia.org/wiki/UNetbootin + +Switch of your mini pc, plug in your USB drive and start the mini pc from the +stick. Install Debian. Follow the instructions of the installation. + +### Configure your Router + +Open the ports 80 and 443 on your router for your Debian + +## Preparations Dynamic IP Address + +Your Hubzilla must be reachable by a domain that you can type in your browser + + cooldomain.org + +You can use subdomains as well + + my.cooldomain.org + +There are two way to get a domain + +- buy a domain (recommended) or +- register a free subdomain + +### Method 1: Get yourself an own Domain (recommended) + +### Method 2 Register a (free) Subdomain + +Register a free subdomain for example at + +- freeDNS +- selfHOST + +WATCH THIS: A free subdomain is not the prefered way to get a domain name. Why? + +Let's encrpyt issues a limited number of certificates each +day. Possibly other users of this domain will try to issue a certificate +at the same day as you do. So make sure you choose a domain with as less subdomains as +possible. + +## Install Hubzilla on your Debian + +Login to your debian +(Provided your username is "you" and the name of the mini pc is "debian". You +could take the IP address instead of "debian") + + ssh -X you@debian + +Change to root user + + su -l + +Install git + + apt-get install git + +Make the directory for apache and change diretory to it + + mkdir /var/www + cd /var/www/ + +Clone hubzilla from git ("git pull" will update it later) + + git clone https://github.com/redmatrix/hubzilla html + +Change to the install script + + cd html/.homeinstall/ + +Change the file "hubzilla-config.txt". Enter your values there. + + nano hubzilla-config.txt + +Run the script + + ./hubzilla-setup.sh + +Wait... The script should not finish with an error message. + +In a webbrowser open your domain. +Expected: A test page of hubzilla is shown. All checks there shoulg be +successfull. Go on... +Expected: A page for the Hubzilla server configuration shows up. + +Leave db server name "127.0.0.1" and port "0" untouched. + +Enter + +- DB user name = hubzilla +- DB pass word = This is the password you entered in "hubzilla-config.txt" +- DB name = hubzilla + +Leave db type "MySQL" untouched. + +Follow the instructions in the next pages. + +# The Script explained + +This chapter shows you + +- What the script does exactly +- Explanations on technical details. May be this will encourage you to play with bash scripts? + diff --git a/.homeinstall/hubzilla-config.txt b/.homeinstall/hubzilla-config.txt new file mode 100644 index 000000000..23d188945 --- /dev/null +++ b/.homeinstall/hubzilla-config.txt @@ -0,0 +1,175 @@ +############################################### +### MANDATORY - database password ############# +# +# Please give your database password +# Example: db_pass=pass_word_with_no_blanks_in_it +# Example: db_pass="this password has blanks in it" +db_pass= + +############################################### +### MANDATORY - let's encrypt ################# +# +# Hubilla does not allow ecrypted communication, httpS. +# +# Please give the domain name of your hub +# +# Example: my.cooldomain.org +# Example: cooldomain.org +# +# Email is optional +# +# +le_domain= +le_email= + +############################################### +### OPTIONAL - selfHOST - dynamic IP address ## +# +# 1. Register a domain at selfhost.de +# - choose offer "DOMAIN dynamisch" 1,50€/mon at 08.01.2016 +# 2. Get your configuration for dynamic IP update +# - Log in at selfhost.de +# - go to "DynDNS Accounte" +# - klick "Details" of your (freshly) registered domain +# - You will find the configuration there +# - Benutzername (user name) > use this for "selfhost_user=" +# - Passwort (pass word) > use this for "selfhost_pass=" +# +# +selfhost_user= +selfhost_pass= + +############################################### +### OPTIONAL - FreeDNS - dynamic IP address ### +# +# Please give the alpha-numeric-key of freedns +# +# Get a free subdomain from freedns and use it for your dynamic ip address +# Documentation under http://www.techjawab.com/2013/06/setup-dynamic-dns-dyndns-for-free-on.html +# +# - Register for a Free domain at http://freedns.afraid.org/signup/ +# - WATCH THIS: Make sure you choose a domain with as less subdomains as +# possible. Why? Let's encrpyt issues a limited count of certificates each +# day. Possible other users of this domain will try to issue a certificate +# at the same day. +# - Logon to FreeDNS (where you just registered) +# - Goto http://freedns.afraid.org/dynamic/ +# - Right click on "Direct Link" and copy the URL and paste it somewhere. +# - You should notice a large and unique alpha-numeric key in the URL +# +# http://freedns.afraid.org/dynamic/update.php?alpha-numeric-key +# +# Provided your url from freedns is +# +# http://freedns.afraid.org/dynamic/update.php?U1Z6aGt2R0NzMFNPNWRjbWxxZGpsd093OjE1Mzg5NDE5 +# +# Then you have to provide +# +# freedns_key=U1Z6aGt2R0NzMFNPNWRjbWxxZGpsd093OjE1Mzg5NDE5 +# +# +#freedns_key= + + +############################################### +### OPTIONAL - Backup to external device ###### +# +# The script can use an external device for the daily backup. +# The file system of the device (USB stick for example) must be compatible +# with encrypted LUKS + ext4 +# +# You should test to mount the device befor you run the script +# (hubzilla-setup.sh). +# How to find your (pluged-in) devices? +# +# fdisk -l +# +# Provided your device was listed as is /dev/sdb1. You could check with: +# +# blkid | grep /dev/sdb1 +# +# Try to decrypt +# (You might install cryptsetup befor using apt-get install. +# +# apt-get install cryptsetup +# cryptsetup luksOpen /dev/sdb1 cryptobackup +# +# Try to mount +# You might create the directory /media/hubzilla_backup it it does not exist +# using mkdir. +# +# mkdir /media/hubzilla_backup +# mount /dev/mapper/cryptobackup /media/hubzilla_backup +# +# Unmounting device goes like this +# +# umount /media/hubzilla_backup +# cryptsetup luksClose cryptobackup +# +# To check if still mounted +# +# lsof /media/hubzilla_backup +# +# If you leave the following parameters +# - "backup_device_name" and +# - "backup_device_pass" +# empty the script will create daily backups on the internal disk (which could +# save you as well). +# +# Example: backup_device_name=/dev/sdc1 +# +backup_device_name= +backup_device_pass= + + +############################################### +### OPTIONAL - Owncloud - deprecated ########## +# +# To install owncloud: owncloud=y +# Leave empty if you don't want to install owncloud +# +#owncloud= + + + +############################################### +### OPTIONAL - do not mess with things below ## +# (...if you are not certain) +# +# Usally you are done here +# All what comes below is OPTIONAL +# +############################################### +# +# Database for huzilla +hubzilla_db_name=hubzilla +hubzilla_db_user=hubzilla +hubzilla_db_pass=$db_pass +# +# +# Password for package mysql-server +# Example: mysqlpass=aberhallo +# Example: mysqlpass="aber hallo has blanks in it" +# +mysqlpass=$db_pass + +# Password for package phpmyadmin +# Example: phpmyadminpass=aberhallo +# Example: phpmyadminpass="aber hallo has blanks in it" +phpmyadminpass=$db_pass + +# TODO Prepare hubzilla for programmers +# - install eclipse and plugins +# - install xdebug to debug the php with eclipse +# - weaken permissions on /var/www/html +# - manual steps after this script +# * in eclipse: install plugins for php git hub +# * in eclipse: configure firefox (chrome,...) as browser to run with the php debuger +# * in eclipse: switch php debugger from zend to xdebug +# * in eclipse: add local hubzilla github repository +# +# Wich user will use eclipse? +# Leave this empty if you do not want to prepare hubzilla for debugging +# +#developer_name= + diff --git a/.homeinstall/hubzilla-setup.sh b/.homeinstall/hubzilla-setup.sh new file mode 100755 index 000000000..5e8cd69c8 --- /dev/null +++ b/.homeinstall/hubzilla-setup.sh @@ -0,0 +1,788 @@ +#!/bin/bash +# +# How to use +# ---------- +# +# This file automates the installation of hubzilla under Debian Linux +# +# 1) Edit the file "hubzilla-config.txt" +# Follow the instuctions there +# +# 2) Switch to user "root" by typing "su -" +# +# 3) Run with "./hubzilla-setup.sh" +# If this fails check if you can execute the script. +# - To make it executable type "chmod +x hubzilla-setup.sh" +# - or run "bash hubzilla-setup.sh" +# +# +# What does this script do basically? +# ----------------------------------- +# +# This file automates the installation of hubzilla under Debian Linux +# - install +# * apache webserer, +# * php, +# * mysql - the database for hubzilla, +# * phpmyadmin, +# * git to download and update hubzilla itself +# - download hubzilla core and addons +# - configure cron +# * "poller.php" for regular background prozesses of hubzilla +# * to_do "apt-get update" and "apt-get dist-upgrade" to keep linux +# up-to-date +# * to_do backup hubzillas database and files (rsnapshot) +# - configure dynamic ip with cron +# - to_do letsencrypt +# - to_do redirection to https +# +# +# Discussion +# ---------- +# +# Security - password is the same for mysql-server, phpmyadmin and hubzilla db +# - The script runs into installation errors for phpmyadmin if it uses +# different passwords. For the sake of simplicity one singel password. +# +# Security - suhosin for PHP +# - The script does not install suhosin. +# - Is the security package suhosin usefull or not usefull? +# +# Hubzilla - email verification +# - The script switches off email verification off in all htconfig.tpl. +# Example: /var/www/html/view/en/htconfig.tpl +# - Is this a silly idea or not? +# +# +# Remove Hubzilla (for a fresh start using the script) +# ---------------------------------------------------- +# +# You could use /var/www/hubzilla-remove.sh +# that is created by hubzilla-setup.sh. +# +# The script will remove (almost everything) what was installed by the script. +# After the removal you could run the script again to have a fresh install +# of all applications including hubzilla and its database. +# +# How to restore from backup +# -------------------------- +# +# Daily backup +# - - - - - - +# +# The installation +# - writes a script /var/www/hubzilla-daily.sh +# - creates a daily cron that runs the hubzilla-daily.sh +# +# hubzilla-daily.sh makes a (daily) backup of all relevant files +# - /var/lib/mysql/ > hubzilla database +# - /var/www/html/ > hubzilla from github +# - /var/www/letsencrypt/ > certificates +# +# hubzilla-daily.sh writes the backup +# - either to an external disk compatible to LUKS+ext4 (see hubzilla-config.txt) +# - or to /var/cache/rsnapshot in case the external disk is not plugged in +# +# Restore backup +# - - - - - - - +# +# This was not tested yet. +# Bacically you can copy the files from the backup to the server. +# +# Credits +# ------- +# +# The srcipt is based on Thomas Willinghams script "debian-setup.sh" +# which he used to install the red#matrix. +# +# The script uses another script from https://github.com/lukas2511/letsencrypt.sh +# +# The documentation of bash is here +# https://www.gnu.org/software/bash/manual/bash.html +# +function check_sanity { + # Do some sanity checking. + print_info "Sanity check..." + if [ $(/usr/bin/id -u) != "0" ] + then + die 'Must be run by root user' + fi + + if [ -f /etc/lsb-release ] + then + die "Distribution is not supported" + fi + if [ ! -f /etc/debian_version ] + then + die "Ubuntu is not supported" + fi +} + +function die { + echo "ERROR: $1" > /dev/null 1>&2 + exit 1 +} + + +function update_upgrade { + print_info "updated and upgrade..." + # Run through the apt-get update/upgrade first. This should be done before + # we try to install any package + apt-get -q -y update && apt-get -q -y dist-upgrade + print_info "updated and upgraded linux" +} + +function check_install { + if [ -z "`which "$1" 2>/dev/null`" ] + then + # export DEBIAN_FRONTEND=noninteractive ... answers from the package + # configuration database + # - q ... without progress information + # - y ... answer interactive questions with "yes" + # DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install $2 + DEBIAN_FRONTEND=noninteractive apt-get -q -y install $2 + print_info "installed $2 installed for $1" + else + print_warn "$2 already installed" + fi +} + +function nocheck_install { + # export DEBIAN_FRONTEND=noninteractive ... answers from the package configuration database + # - q ... without progress information + # - y ... answer interactive questions with "yes" + # DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install $2 + # DEBIAN_FRONTEND=noninteractive apt-get --install-suggests -q -y install $1 + DEBIAN_FRONTEND=noninteractive apt-get -q -y install $1 + print_info "installed $1" +} + + +function print_info { + echo -n -e '\e[1;34m' + echo -n $1 + echo -e '\e[0m' +} + +function print_warn { + echo -n -e '\e[1;31m' + echo -n $1 + echo -e '\e[0m' +} + +function install_apache { + print_info "installing apache..." + nocheck_install "apache2 apache2-utils" +} + +function install_php { + # openssl and mbstring are included in libapache2-mod-php5 + # to_to: php5-suhosin + print_info "installing php..." + nocheck_install "libapache2-mod-php5 php5 php-pear php5-xcache php5-curl php5-mcrypt php5-gd" + php5enmod mcrypt +} + +function install_mysql { + # http://www.microhowto.info/howto/perform_an_unattended_installation_of_a_debian_package.html + # + # To determine the required package name, key and type you can perform + # a trial installation then search the configuration database. + # + # debconf-get-selections | grep mysql-server + # + # The command debconf-get-selections is provided by the package + # debconf-utils, which you may need to install. + # + # apt-get install debconf-utils + # + # If you want to supply an answer to a configuration question but do not + # want to be prompted for it then this can be arranged by preseeding the + # DebConf database with the required information. + # + # echo mysql-server-5.5 mysql-server/root_password password xyzzy | debconf-set-selections + # echo mysql-server-5.5 mysql-server/root_password_again password xyzzy | debconf-set-selections + # + print_info "installing mysql..." + if [ -z "$mysqlpass" ] + then + die "mysqlpass not set in $configfile" + fi + echo mysql-server-5.5 mysql-server/root_password password $mysqlpass | debconf-set-selections + echo mysql-server-5.5 mysql-server/root_password_again password $mysqlpass | debconf-set-selections + nocheck_install "php5-mysql mysql-server mysql-client" + php5enmod mcrypt +} + +function install_phpmyadmin { + print_info "installing phpmyadmin..." + if [ -z "$phpmyadminpass" ] + then + die "phpmyadminpass not set in $configfile" + fi + echo phpmyadmin phpmyadmin/setup-password password $phpmyadminpass | debconf-set-selections + echo phpmyadmin phpmyadmin/mysql/app-pass password $phpmyadminpass | debconf-set-selections + echo phpmyadmin phpmyadmin/app-password-confirm password $phpmyadminpass | debconf-set-selections + echo phpmyadmin phpmyadmin/mysql/admin-pass password $phpmyadminpass | debconf-set-selections + echo phpmyadmin phpmyadmin/password-confirm password $phpmyadminpass | debconf-set-selections + echo phpmyadmin phpmyadmin/reconfigure-webserver multiselect apache2 | debconf-set-selections + nocheck_install "phpmyadmin" + + # It seems to be not neccessary to check rewrite.load because it comes + # with the installation. To be sure you could check this manually by: + # + # nano /etc/apache2/mods-available/rewrite.load + # + # You should find the content: + # + # LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so + + a2enmod rewrite + if [ ! -f /etc/apache2/apache2.conf ] + then + die "could not find file /etc/apache2/apache2.conf" + fi + sed -i \ + "s/AllowOverride None/AllowOverride all/" \ + /etc/apache2/apache2.conf + if [ -z "`grep 'Include /etc/phpmyadmin/apache.conf' /etc/apache2/apache2.conf`" ] + then + echo "Include /etc/phpmyadmin/apache.conf" >> /etc/apache2/apache2.conf + fi + service apache2 restart +} + +function create_hubzilla_db { + print_info "creating hubzilla database..." + if [ -z "$hubzilla_db_name" ] + then + die "hubzilla_db_name not set in $configfile" + fi + if [ -z "$hubzilla_db_user" ] + then + die "hubzilla_db_user not set in $configfile" + fi + if [ -z "$hubzilla_db_pass" ] + then + die "hubzilla_db_pass not set in $configfile" + fi + Q1="CREATE DATABASE IF NOT EXISTS $hubzilla_db_name;" + Q2="GRANT USAGE ON *.* TO $hubzilla_db_user@localhost IDENTIFIED BY '$hubzilla_db_pass';" + Q3="GRANT ALL PRIVILEGES ON $hubzilla_db_name.* to $hubzilla_db_user@localhost identified by '$hubzilla_db_pass';" + Q4="FLUSH PRIVILEGES;" + SQL="${Q1}${Q2}${Q3}${Q4}" + mysql -uroot -p$phpmyadminpass -e "$SQL" +} + +function run_freedns { + print_info "run freedns (dynamic IP)..." + if [ -z "$freedns_key" ] + then + print_info "freedns was not started because 'freedns_key' is empty in $configfile" + else + if [ -n "$selfhost_user" ] + then + die "You can not use freeDNS AND selfHOST for dynamic IP updates ('freedns_key' AND 'selfhost_user' set in $configfile)" + fi + wget --no-check-certificate -O - https://freedns.afraid.org/dynamic/update.php?$freedns_key + fi +} + +function install_run_selfhost { + print_info "install and start selfhost (dynamic IP)..." + if [ -z "$selfhost_user" ] + then + print_info "selfHOST was not started because 'selfhost_user' is empty in $configfile" + else + if [ -n "$freedns_key" ] + then + die "You can not use freeDNS AND selfHOST for dynamic IP updates ('freedns_key' AND 'selfhost_user' set in $configfile)" + fi + if [ -z "$selfhost_pass" ] + then + die "selfHOST was not started because 'selfhost_pass' is empty in $configfile" + fi + if [ ! -d $selfhostdir ] + then + mkdir $selfhostdir + fi + # the old way + # https://carol.selfhost.de/update?username=123456&password=supersafe + # + # the prefered way + wget --output-document=$selfhostdir/$selfhostscript http://jonaspasche.de/selfhost-updater + echo "router" > $selfhostdir/device + echo "$selfhost_user" > $selfhostdir/user + echo "$selfhost_pass" > $selfhostdir/pass + bash $selfhostdir/$selfhostscript update + fi +} + +function ping_domain { + print_info "ping domain $domain..." + # Is the domain resolved? Try to ping 6 times à 10 seconds + COUNTER=0 + for i in {1..6} + do + print_info "loop $i for ping -c 1 $domain ..." + if ping -c 4 -W 1 $le_domain + then + print_info "$le_domain resolved" + break + else + if [ $i -gt 5 ] + then + die "Failed to: ping -c 1 $domain not resolved" + fi + fi + sleep 10 + done + sleep 5 +} + +function configure_cron_freedns { + print_info "configure cron for freedns..." + if [ -z "$freedns_key" ] + then + print_info "freedns is not configured because freedns_key is empty in $configfile" + else + # Use cron for dynamich ip update + # - at reboot + # - every 30 minutes + if [ -z "`grep 'freedns.afraid.org' /etc/crontab`" ] + then + echo "@reboot root https://freedns.afraid.org/dynamic/update.php?$freedns_key > /dev/null 2>&1" >> /etc/crontab + echo "*/30 * * * * root wget --no-check-certificate -O - https://freedns.afraid.org/dynamic/update.php?$freedns_key > /dev/null 2>&1" >> /etc/crontab + else + print_info "cron for freedns was configured already" + fi + fi +} + +function configure_cron_selfhost { + print_info "configure cron for selfhost..." + if [ -z "$selfhost_user" ] + then + print_info "freedns is not configured because freedns_key is empty in $configfile" + else + # Use cron for dynamich ip update + # - at reboot + # - every 30 minutes + if [ -z "`grep 'selfhost-updater.sh' /etc/crontab`" ] + then + echo "@reboot root bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab + echo "*/5 * * * * root /bin/bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab + else + print_info "cron for selfhost was configured already" + fi + fi +} + +function install_git { + print_info "installing git..." + nocheck_install "git" +} + +function install_letsencrypt { + print_info "installing let's encrypt ..." + # check if user gave domain + if [ -z "$le_domain" ] + then + die "Failed to install let's encrypt: 'le_domain' is empty in $configfile" + fi + # configure apache + apache_le_conf=/etc/apache2/sites-available/le-default.conf + if [ -f $apache_le_conf ] + then + print_info "$apache_le_conf exist already" + else + cat > $apache_le_conf <<END +# letsencrypt default Apache configuration +Alias /.well-known/acme-challenge /var/www/letsencrypt + +<Directory /var/www/letsencrypt> + Options FollowSymLinks + Allow from all +</Directory> +END + a2ensite le-default.conf + service apache2 restart + fi + # download the shell script + if [ -d $le_dir ] + then + print_info "letsenrypt exists already (nothing downloaded > no certificate created and registered)" + return 0 + fi + git clone https://github.com/lukas2511/letsencrypt.sh $le_dir + cd $le_dir + # create config file for letsencrypt.sh + echo "WELLKNOWN=$le_dir" > $le_dir/config.sh + if [ -n "$le_email" ] + then + echo "CONTACT_EMAIL=$le_email" >> $le_dir/config.sh + fi + # create domain file for letsencrypt.sh + # WATCH THIS: + # - It did not work wit "sub.domain.org www.sub.domain.org". + # - So just use "sub.domain.org" only! + echo "$le_domain" > $le_dir/domains.txt + # test apache config for letsencrpyt + url_http=http://$le_domain/.well-known/acme-challenge/domains.txt + wget_output=$(wget -nv --spider --max-redirect 0 $url_http) + if [ $? -ne 0 ] + then + die "Failed to load $url_http" + fi + # run letsencrypt.sh + # + ./letsencrypt.sh --cron +} + +function configure_apache_for_https { + print_info "configuring apache to use httpS ..." + # letsencrypt.sh + # + # "${BASEDIR}/certs/${domain}/privkey.pem" + # "${BASEDIR}/certs/${domain}/cert.pem" + # "${BASEDIR}/certs/${domain}/fullchain.pem" + # + SSLCertificateFile=${le_dir}/certs/${le_domain}/cert.pem + SSLCertificateKeyFile=${le_dir}/certs/${le_domain}/privkey.pem + SSLCertificateChainFile=${le_dir}/certs/${le_domain}/fullchain.pem + if [ ! -f $SSLCertificateFile ] + then + print_warn "Failed to configure apache for httpS: Missing certificate file $SSLCertificateFile" + return 0 + fi + # make sure that the ssl mode is enabled + print_info "...configuring apache to use httpS - a2enmod ssl ..." + a2enmod ssl + # modify apach' ssl conf file + if grep -i "ServerName" $sslconf + then + print_info "seems that apache was already configered to use httpS with $sslconf" + else + sed -i "s/ServerAdmin.*$/ServerAdmin webmaster@localhost\\n ServerName ${le_domain}/" $sslconf + fi + sed -i s#/etc/ssl/certs/ssl-cert-snakeoil.pem#$SSLCertificateFile# $sslconf + sed -i s#/etc/ssl/private/ssl-cert-snakeoil.key#$SSLCertificateKeyFile# $sslconf + sed -i s#/etc/apache2/ssl.crt/server-ca.crt#$SSLCertificateChainFile# $sslconf + sed -i s/#SSLCertificateChainFile/SSLCertificateChainFile/ $sslconf + # apply changes + a2ensite default-ssl.conf + service apache2 restart +} + +function check_https { + print_info "checking httpS > testing ..." + url_https=https://$le_domain + wget_output=$(wget -nv --spider --max-redirect 0 $url_https) + if [ $? -ne 0 ] + then + print_warn "check not ok" + else + print_info "check ok" + fi +} + +function install_hubzilla { + print_info "installing hubzilla..." + # rm -R /var/www/html/ # for "stand alone" usage + cd /var/www/ + # git clone https://github.com/redmatrix/hubzilla html # for "stand alone" usage + cd html/ + git clone https://github.com/redmatrix/hubzilla-addons addon + mkdir -p "store/[data]/smarty3" + chmod -R 777 store + touch .htconfig.php + chmod ou+w .htconfig.php + cd .. + chown -R www-data:www-data html + chown root:www-data /var/www/html/ + chown root:www-data /var/www/html/.htaccess + chmod 0644 /var/www/html/.htaccess + # try to switch off email registration + sed -i "s/verify_email.*1/verify_email'] = 0/" /var/www/html/view/*/ht* + if [ -n "`grep -r 'verify_email.*1' /var/www/html/view/`" ] + then + print_warn "Hubzillas registration prozess might have email verification switched on." + fi + print_info "installed hubzilla" +} + +function rewrite_to_https { + print_info "configuring apache to redirect http to httpS ..." + htaccessfile=/var/www/html/.htaccess + if grep -i "https" $htaccessfile + then + print_info "...configuring apache to redirect http to httpS was already done in $htaccessfile" + else + sed -i "s#QSA]#QSA]\\n RewriteCond %{SERVER_PORT} !^443$\\n RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]#" $htaccessfile + fi + service apache2 restart +} + + +function install_owncloud { + if [ -z "$owncloud" ] + then + print_info "Do not install owncloud" + return 0 + fi + if [ -f /etc/apt/sources.list.d/owncloud.list ] + then + print_info "owncloud is already installed and is left untouched" + return 0 + fi + print_info "installing owncloud..." + # add the repository key to apt + wget -nv https://download.owncloud.org/download/repositories/stable/Debian_8.0/Release.key -O Release.key + apt-key add - < Release.key + # add the repository and install from there + sh -c "echo 'deb http://download.owncloud.org/download/repositories/stable/Debian_8.0/ /' >> /etc/apt/sources.list.d/owncloud.list" + apt-get update + nocheck_install "owncloud" + chown -R www-data:www-data /var/www/owncloud/ + # set strong permissions + ocpath='/var/www/owncloud' + htuser='www-data' + htgroup='www-data' + rootuser='root' # On QNAP this is admin + find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640 + find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750 + chown -R ${rootuser}:${htgroup} ${ocpath}/ + chown -R ${htuser}:${htgroup} ${ocpath}/apps/ + chown -R ${htuser}:${htgroup} ${ocpath}/config/ + chown -R ${htuser}:${htgroup} ${ocpath}/data/ + chown -R ${htuser}:${htgroup} ${ocpath}/themes/ + chown ${rootuser}:${htgroup} ${ocpath}/.htaccess + chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess + chmod 0644 ${ocpath}/.htaccess + chmod 0644 ${ocpath}/data/.htaccess +} + +# This will allways overwrite both config files +# - internal disk +# - external disk (LUKS + ext4) +# of rsnapshot for hubzilla +function install_rsnapshot { + print_info "installing rsnapshot..." + nocheck_install "rsnapshot" + # internal disk + cp -f /etc/rsnapshot.conf $snapshotconfig + sed -i "/hourly/s/retain/#retain/" $snapshotconfig + sed -i "/monthly/s/#retain/retain/" $snapshotconfig + sed -i "s/^cmd_cp/#cmd_cp/" $snapshotconfig + sed -i "s/^backup/#backup/" $snapshotconfig + if [ -z "`grep 'letsencrypt' $snapshotconfig`" ] + then + echo "backup /var/lib/mysql/ localhost/" >> $snapshotconfig + echo "backup /var/www/html/ localhost/" >> $snapshotconfig + echo "backup /var/www/letsencrypt/ localhost/" >> $snapshotconfig + fi + # external disk + if [ -n "$backup_device_name" ] && [ -n "$backup_device_pass" ] + then + cp -f /etc/rsnapshot.conf $snapshotconfig_external_device + sed -i "s#snapshot_root.*#snapshot_root $backup_mount_point#" $snapshotconfig_external_device + sed -i "/hourly/s/retain/#retain/" $snapshotconfig_external_device + sed -i "/monthly/s/#retain/retain/" $snapshotconfig_external_device + sed -i "s/^cmd_cp/#cmd_cp/" $snapshotconfig_external_device + sed -i "s/^backup/#backup/" $snapshotconfig_external_device + if [ -z "`grep 'letsencrypt' $snapshotconfig_external_device`" ] + then + echo "backup /var/lib/mysql/ localhost/" >> $snapshotconfig_external_device + echo "backup /var/www/html/ localhost/" >> $snapshotconfig_external_device + echo "backup /var/www/letsencrypt/ localhost/" >> $snapshotconfig_external_device + fi + else + print_info "No backup configuration (rsnapshot) for external device configured. Reason: backup_device_name and/or backup_device_pass not given in $configfile" + fi +} + +function install_cryptosetup { + print_info "installing cryptsetup..." + nocheck_install "cryptsetup" +} + +function configure_cron_daily { + print_info "configuring cron..." + # every 10 min for poller.php + if [ -z "`grep 'poller.php' /etc/crontab`" ] + then + echo "*/10 * * * * www-data cd /var/www/html; php include/poller.php >> /dev/null 2>&1" >> /etc/crontab + fi + # Run external script daily at 05:30 + # - stop apache and mysql-server + # - backup hubzilla + # - update hubzilla core and addon + # - update and upgrade linux + # - reboot + cat > /var/www/$hubzilladaily <<END +#!/bin/sh +# +echo " " +echo "+++ \$(date) +++" +echo " " +# renew certificat if over 30 days old +echo "\$(date) - renew certificat if 30 days old..." +bash /var/www/letsencrypt/letsencrypt.sh --cron +# +# stop hubzilla +echo "\$(date) - stoping apaache and mysql..." +service apache2 stop +/etc/init.d/mysql stop # to avoid inconsistancies +# +# backup +echo "\$(date) - try to mount external device for backup..." +backup_device_name=$backup_device_name +backup_device_pass=$backup_device_pass +backup_mount_point=$backup_mount_point +device_mounted=0 +if [ -n "$backup_device_name" ] && [ -n "$backup_device_pass" ] +then + if blkid | grep $backup_device_name + then + echo "decrypting backup device..." + echo "$backup_device_pass" | cryptsetup luksOpen $backup_device_name cryptobackup + if [ ! -d $backup_mount_point ] + then + mkdir $backup_mount_point + fi + echo "mounting backup device..." + if mount /dev/mapper/cryptobackup $backup_mount_point + then + device_mounted=1 + echo "device $backup_device_name is now mounted. Starting backup..." + rsnapshot -c $snapshotconfig_external_device daily + rsnapshot -c $snapshotconfig_external_device weekly + rsnapshot -c $snapshotconfig_external_device monthly + echo "\$(date) - disk sizes..." + df -h + echo "\$(date) - db size..." + du -h $backup_mount_point | grep mysql/hubzilla + echo "unmounting backup device..." + umount $backup_mount_point + else + echo "failed to mount device $backup_device_name" + fi + echo "closing decrypted backup device..." + cryptsetup luksClose cryptobackup + fi +fi +if [ \$device_mounted == 0 ] +then + echo "device could not be mounted $backup_device_name. Using internal disk for backup..." + rsnapshot -c $snapshotconfig daily + rsnapshot -c $snapshotconfig weekly + rsnapshot -c $snapshotconfig monthly +fi +# +echo "\$(date) - db size..." +du -h /var/cache/rsnapshot/ | grep mysql/hubzilla +# +# update +echo "\$(date) - updating letsencrypt.sh..." +git -C /var/www/letsencrypt/ pull +echo "\$(date) - updating hubhilla core..." +git -C /var/www/html/ pull +echo "\$(date) - updating hubhilla addons..." +git -C /var/www/html/addon/ pull +chown -R www-data:www-data /var/www/html/ # make all accessable for the webserver +chown root:www-data /var/www/html/.htaccess +chmod 0644 /var/www/html/.htaccess # www-data can read but not write it +echo "\$(date) - updating linux..." +apt-get -q -y update && apt-get -q -y dist-upgrade # update linux and upgrade +echo "\$(date) - Backup hubzilla and update linux finished. Rebooting..." +# +reboot +END + if [ -z "`grep 'hubzilla-daily.sh' /etc/crontab`" ] + then + echo "30 05 * * * root /bin/bash /var/www/$hubzilladaily >> /var/www/html/hubzilla-daily.log 2>&1" >> /etc/crontab + echo "0 0 1 * * root rm /var/www/html/hubzilla-daily.log" >> /etc/crontab + fi + + # This is active after either "reboot" or "/etc/init.d/cron reload" + print_info "configured cron for updates/upgrades" +} + +function write_uninstall_script { + print_info "writing uninstall script..." + + cat > /var/www/hubzilla-remove.sh <<END +#!/bin/sh +# +# This script removes Hubzilla. +# You might do this for a fresh start using the script. +# The script will remove (almost everything) what was installed by the script, +# all applications including hubzilla and its database. +# +# Backup the certificates of letsencrypt (you never know) +cp -a /var/www/letsencrypt/ ~/backup_le_certificats +# +# Removal +apt-get remove apache2 apache2-utils libapache2-mod-php5 php5 php-pear php5-xcache php5-curl php5-mcrypt php5-gd php5-mysql mysql-server mysql-client phpmyadmin +apt-get purge apache2 apache2-utils libapache2-mod-php5 php5 php-pear php5-xcache php5-curl php5-mcrypt php5-gd php5-mysql mysql-server mysql-client phpmyadmin +apt-get autoremove +apt-get clean +rm /etc/rsnapshot_hubzilla.conf +rm /etc/rsnapshot_hubzilla_external_device.conf +rm -R /etc/apache2/ +rm -R /var/lib/mysql/ +rm -R /var/www +rm -R /etc/selfhost/ +# uncomment the next line if you want to remove the backups +# rm -R /var/cache/rsnapshot +nano /etc/crontab # remove entries there manually +END + chmod -x /var/www/hubzilla-remove.sh +} + +######################################################################## +# START OF PROGRAM +######################################################################## +export PATH=/bin:/usr/bin:/sbin:/usr/sbin + +check_sanity + +# Read config file edited by user +configfile=hubzilla-config.txt +source $configfile +selfhostdir=/etc/selfhost +selfhostscript=selfhost-updater.sh +hubzilladaily=hubzilla-daily.sh +snapshotconfig=/etc/rsnapshot_hubzilla.conf +snapshotconfig_external_device=/etc/rsnapshot_hubzilla_external_device.conf +backup_mount_point=/media/hubzilla_backup +le_dir=/var/www/letsencrypt +sslconf=/etc/apache2/sites-available/default-ssl.conf + +#set -x # activate debugging from here + +update_upgrade +install_apache +install_php +install_mysql +install_phpmyadmin +create_hubzilla_db +run_freedns +install_run_selfhost +ping_domain +configure_cron_freedns +configure_cron_selfhost +install_git +install_letsencrypt +configure_apache_for_https +check_https +install_hubzilla +rewrite_to_https +# install_owncloud # deprecated +install_rsnapshot +configure_cron_daily +install_cryptosetup +write_uninstall_script + +#set +x # stop debugging from here + |