aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitlab-ci.yml95
-rw-r--r--.homeinstall/README.md186
-rw-r--r--.homeinstall/hubzilla-config.txt.template11
-rw-r--r--[-rwxr-xr-x].homeinstall/hubzilla-setup.sh291
-rw-r--r--Zotlabs/Module/Wfinger.php2
-rw-r--r--include/event.php7
6 files changed, 179 insertions, 413 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 43c65f365..40e219551 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,6 +1,6 @@
# Select image from https://hub.docker.com/_/php/
#image: php:7.2
-# Use a prepared Hubzilla image to optimise pipeline run
+# Use a prepared Hubzilla image to optimise pipeline duration
image: registry.gitlab.com/dawnbreak/hubzilla/core:php7.2
@@ -32,55 +32,28 @@ variables:
before_script:
+# pecl and composer do not work with PHP production restrictions (from Hubzilla Docker image)
+- if [ -f /usr/local/etc/php/conf.d/z_prod.ini ]; then mv /usr/local/etc/php/conf.d/z_prod.ini /usr/local/etc/php/conf.d/z_prod.ini.off; fi
# Install & enable Xdebug for code coverage reports
- pecl install xdebug
- docker-php-ext-enable xdebug
# Install composer
- curl -sS https://getcomposer.org/installer | php
# Install dev libraries from composer
-- php composer.phar install --no-progress
+- php ./composer.phar install --no-progress
-# test PHP7 with MySQL 5.7
-php7.2_mysql 1/2:
+# hidden job definition with template for MySQL/MariaDB
+.job_template_mysql: &job_definition_mysql
stage: test
- services:
- - mysql:5.7
- script:
- - echo "USE $MYSQL_DATABASE; $(cat ./install/schema_mysql.sql)" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
- - echo "SHOW DATABASES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
- - echo "USE $MYSQL_DATABASE; SHOW TABLES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
- - vendor/bin/phpunit --configuration tests/phpunit.xml --coverage-text
-
-
-# test PHP7 with MySQL latest (8)
-php7.2_mysql 2/2:
- stage: test
- services:
- - name: mysql:latest
- command: ["--default-authentication-plugin=mysql_native_password"]
script:
- echo "USE $MYSQL_DATABASE; $(cat ./install/schema_mysql.sql)" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
- echo "SHOW DATABASES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
- echo "USE $MYSQL_DATABASE; SHOW TABLES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
- vendor/bin/phpunit --configuration tests/phpunit.xml --coverage-text
-
-# test PHP7 with MariaDB latest (10.3)
-php7.2_mariadb:
- stage: test
- services:
- - name: mariadb:latest
- alias: mysql
- script:
- - echo "USE $MYSQL_DATABASE; $(cat ./install/schema_mysql.sql)" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
- - echo "SHOW DATABASES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
- - echo "USE $MYSQL_DATABASE; SHOW TABLES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
- - vendor/bin/phpunit --configuration tests/phpunit.xml --coverage-text
-
-
-# test PHP7 with PostgreSQL latest
-php7.2_postgres:
+# hidden job definition with template for PostgreSQL
+.job_template_postgres: &job_definition_postgres
stage: test
services:
- postgres:latest
@@ -95,7 +68,10 @@ php7.2_postgres:
#- psql -h "postgres" -U "$POSTGRES_USER" -d "$POSTGRES_DB" -c "\dt;"
# Run the actual tests
- vendor/bin/phpunit --configuration tests/phpunit-pgsql.xml --testdox
- artifacts:
+
+# hidden job definition with artifacts config template
+.artifacts_template:
+ artifacts: &artifacts_template
expire_in: 1 week
# Gitlab should show the results, but has problems parsing PHPUnit's junit file.
reports:
@@ -106,7 +82,52 @@ php7.2_postgres:
- tests/results/
-# Generate Doxygen API Documentation and deploy it at GitLab pages
+# PHP7.2 with MySQL 5.7
+php7.2_mysql5.7:
+ <<: *job_definition_mysql
+ services:
+ - mysql:5.7
+
+
+# PHP7.2 with MySQL 8 (latest)
+php7.2_mysql8:
+ <<: *job_definition_mysql
+ services:
+ - name: mysql:8
+ command: ["--default-authentication-plugin=mysql_native_password"]
+
+
+# PHP7.2 with MariaDB 10.2
+php7.2_mariadb10.2:
+ <<: *job_definition_mysql
+ services:
+ - name: mariadb:10.2
+ alias: mysql
+
+
+# PHP7.3 with MariaDB 10.3 (latest)
+php7.3_mariadb10.3:
+ <<: *job_definition_mysql
+ image: registry.gitlab.com/dawnbreak/hubzilla/core:php7.3
+ services:
+ - name: mariadb:10.3
+ alias: mysql
+
+
+# PHP7.2 with PostgreSQL latest (11)
+php7.2_postgres11:
+ <<: *job_definition_postgres
+ artifacts: *artifacts_template
+
+
+# PHP7.3 with PostgreSQL latest (11)
+php7.3_postgres11:
+ <<: *job_definition_postgres
+ image: registry.gitlab.com/dawnbreak/hubzilla/core:php7.3
+ artifacts: *artifacts_template
+
+
+# Generate Doxygen API Documentation and deploy it as GitLab pages
pages:
stage: deploy
cache: {}
diff --git a/.homeinstall/README.md b/.homeinstall/README.md
index d63931a84..45e1ba0e6 100644
--- a/.homeinstall/README.md
+++ b/.homeinstall/README.md
@@ -1,16 +1,43 @@
# Hubzilla at Home next to your Router
-Run hubzilla-setup.sh for an unattended installation of hubzilla.
+This readme will show you how to install and run Hubzilla or Zap at home.
+
+The installation is done by a script.
+
+What the script will do for you...
+
++ install everything required by Zap/Hubzilla, basically a web server (Apache), PHP, a database (MySQL), certbot,...
++ create a database
++ run certbot to have everything for a secure connection (httpS)
++ create a script for daily maintenance
+ - backup to external disk (certificates, database, /var/www/)
+ - renew certfificate (letsencrypt)
+ - update of Zap/Hubzilla
+ - update of Debian
+ - restart
++ create cron jobs for
+ - DynDNS (selfHOST.de or freedns.afraid.org) every 5 minutes
+ - Master.php for Zap/Hubzilla every 10 minutes
+ - daily maintenance script every day at 05:30
The script is known to work without adjustments with
+ Hardware
- - Mini-PC with Debian-9.5-amd64, or
- - Rapberry 3 with Raspbian, Debian-9.5
+ - Mini-PC with Debian 9 (stretch), or
+ - Rapberry 3 with Raspbian, Debian 9
+ DynDNS
- selfHOST.de
- freedns.afraid.org
+The script can install both [Hubzilla](https://zotlabs.org/page/hubzilla/hubzilla-project) and [Zap](https://zotlabs.com/zap/). Make sure to use the correct GIT repositories.
+
++ Hubzilla
+ - core: git clone https://framagit.org/hubzilla/core.git html (in this readme)
+ - addons: util/add_addon_repo https://framagit.org/hubzilla/addons.git hzaddons (in hubzilla-setup.sh)
++ Zap
+ - core: git clone https://framagit.org/zot/zap.git html (in this readme)
+ - addons: util/add_addon_repo https://framagit.org/zot/zap-addons.git zaddons (in hubzilla-setup.sh)
+
## Disclaimers
- This script does work with Debian 9 only.
@@ -29,7 +56,7 @@ Hardware
Software
+ Fresh installation of Debian 9 (Stretch)
-+ Router with open ports 80 and 443 for your Hub
++ Router with open ports 80 and 443 for your web server
## The basic steps (quick overview)
@@ -44,10 +71,9 @@ Software
- nano hubzilla-config.txt
- Read the comments carefully
- Enter your values: db pass, domain, values for dyn DNS
- - Make sure your external drive (for backups) is mounted
+ - Prepare your external disk for backups
- hubzilla-setup.sh as root
- ... wait, wait, wait until the script is finised
- - reboot
+ Open your domain with a browser and step throught the initial configuration of hubzilla.
## Troubleshooting
@@ -66,57 +92,27 @@ In Admin settings of hubzilla or via terminal
# Step-by-Step in Detail
-## Preparations Hardware
-
-### Mini-PC
-
-### Recommended: USB Drive for Backups
-
-The installation will create a daily backup written to an external drive.
-
-The USB drive must be compatible with the filesystems
-
-- ext4 (if you do not want to encrypt the USB)
-- LUKS + ext4 (if you want to encrypt the USB)
-
-The backup includes
-
-- Hubzilla DB
-- Hubzilla installation /var/www/html
-- Certificates for letsencrypt
-
## Preparations Software
-### Install Debian Linux on the Mini-PC
-
-Download the stable Debian at https://www.debian.org/
-(Debian 8 is no longer supported.)
+## Install Debian 9
-Create bootable USB drive with Debian on it.You could use
+Provided you use a Raspberry Pi 3...
-- unetbootin, https://en.wikipedia.org/wiki/UNetbootin
-- or simply the linux command "dd"
+Download the OS Raspbian from https://www.raspberrypi.org/downloads/raspbian/
-Example for command dd...
+Follow the installation instruction there.
- su -
- dd if=2018-10-09-raspbian-stretch.img of=/dev/mmcblk0
+## Configure your Router
-Do not forget to unmount the SD card before and check if unmounted like in this example...
+Your web has to be visible in the internet.
- su -
- umount /dev/mmcblk0*
- df -h
+Open the ports 80 and 443 on your router for your Debian. Make sure your web server is marked as "exposed host".
+## Preparations Dynamic IP Address
-Switch off your mini pc, plug in your USB drive and start the mini pc from the
-stick. Install Debian. Follow the instructions of the installation.
-
-### Configure your Router
-
-Open the ports 80 and 443 on your router for your Debian
+Follow the instructions in .homeinstall/hubzilla-config.txt.
-## Preparations Dynamic IP Address
+In short...
Your Hubzilla must be reachable by a domain that you can type in your browser
@@ -132,105 +128,15 @@ There are two ways to get a domain...
...for example buy at selfHOST.de
-The cost are around 10,- € once and 1,50 € per month (2017).
+The cost is 1,50 € per month (2019).
### Method 2: Register a free subdomain
...for example register at freedns.afraid.org
-Follow the instructions in .homeinstall/hubzilla-config.txt.
-
-
-## Install Hubzilla on your Debian
-
-Login to your debian
-(Provided your username is "you" and the name of the mini pc is "debian". You
-could take the IP address instead of "debian")
-
- ssh -X you@debian
-
-Change to root user
-
- su -l
-
-Install git
-
- apt-get install git
-
-Make the directory for apache and change diretory to it
-
- mkdir /var/www
- cd /var/www/
-
-Clone hubzilla from git ("git pull" will update it later)
-
- git clone https://framagit.org/hubzilla/core.git html
-
-Change to the install script
-
- cd html/.homeinstall/
-
-Copy the template file
-
- cp hubzilla-config.txt.template hubzilla-config.txt
-
-Modify the file "hubzilla-config.txt". Read the instructions there carefully and enter your values.
-
- nano hubzilla-config.txt
-
-Make sure your external drive (for backups) is plugged in and can be mounted as configured in "hubzilla-config.txt". Otherwise the daily backups will not work.
-
-Run the script
-
- ./hubzilla-setup.sh
-
-Wait... The script should not finish with an error message.
-
-In a webbrowser open your domain.
-Expected: A test page of hubzilla is shown. All checks there should be
-successfull. Go on...
-Expected: A page for the Hubzilla server configuration shows up.
-
-Leave db server name "127.0.0.1" and port "0" untouched.
-
-Enter
-
-- DB user name = hubzilla
-- DB pass word = This is the password you entered in "hubzilla-config.txt"
-- DB name = hubzilla
-
-Leave db type "MySQL" untouched.
-
-Follow the instructions in the next pages.
-
-Recommended: Set path to imagemagick
-
-- in admin settings of hubzilla or
-- via terminal
-
- util/config system.imagick_convert_path /usr/bin/convert
-
-After the daily script was executed at 05:30 (am)
-
-- look at /var/www/html/hubzilla-daily.log
-- check your backup on the external drive
-- optionally view the daily log under yourdomain.org/admin/logs/
- - set the logfile to var/www/html/hubzilla-daily.log
-
-
-## Install Hubzilla in a Virtual Machine for Test Purposes
-
-Modify the file "hubzilla-config.txt".
-
- nano hubzilla-config.txt
-
-There use
-
- le_domain=localhost
-
-## Note for the Rasperry
+## Note on Rasperry
-The script was tested with an Raspberry 3 under Raspian (Debian 9.5, 2018-10-09-raspbian-stretch.img).
+The script was tested with an Raspberry 3 under Raspian, Debian 9.
It is recommended to run the Raspi without graphical frontend (X-Server). Use...
@@ -240,7 +146,7 @@ to boot the Rapsi to the client console.
DO NOT FORGET TO CHANGE THE DEFAULT PASSWORD FOR USER PI!
-If the validation of the mail address fails for the very first registered user...
+On a Raspian Stretch (Debian 9) the validation of the mail address fails for the very first user.
This used to happen on some *bsd distros but there was some work to fix that a year ago (2017).
So if your system isn't registered in DNS or DNS isn't active do
diff --git a/.homeinstall/hubzilla-config.txt.template b/.homeinstall/hubzilla-config.txt.template
index e42da0e4e..f0bf6121c 100644
--- a/.homeinstall/hubzilla-config.txt.template
+++ b/.homeinstall/hubzilla-config.txt.template
@@ -2,8 +2,8 @@
### MANDATORY - database password #############
#
# Please give your database password
+# It is better to not use blanks inside the password.
# Example: db_pass=pass_word_with_no_blanks_in_it
-# Example: db_pass="this password has blanks in it"
db_pass=
###############################################
@@ -18,9 +18,12 @@ db_pass=
# Example: my.cooldomain.org
# Example: cooldomain.org
#
-# Example: localhost (test installation without certificates for httpS)
+# You might use "localhost" for a LOCAL TEST installation.
+# This is usefull if you want to debug the server inside a VM.
#
-# Email is optional
+# Example: localhost
+#
+# Email is optional if you use "localhost".
#
#
le_domain=
@@ -30,7 +33,7 @@ le_email=
### OPTIONAL - selfHOST - dynamic IP address ##
#
# 1. Register a domain at selfhost.de
-# - choose offer "DOMAIN dynamisch" 1,50€/mon at 08.01.2016
+# - choose offer "DOMAIN dynamisch" 1,50€/mon at 04/2019
# 2. Get your configuration for dynamic IP update
# - Log in at selfhost.de
# - go to "DynDNS Accounte"
diff --git a/.homeinstall/hubzilla-setup.sh b/.homeinstall/hubzilla-setup.sh
index 1f3ad5db5..023ef7afc 100755..100644
--- a/.homeinstall/hubzilla-setup.sh
+++ b/.homeinstall/hubzilla-setup.sh
@@ -3,7 +3,10 @@
# How to use
# ----------
#
-# This file automates the installation of hubzilla under Debian Linux
+# This file automates the installation of
+# - hubzilla: https://zotlabs.org/page/hubzilla/hubzilla-project and
+# - zap: https://zotlabs.com/zap/
+# under Debian Linux
#
# 1) Copy the file "hubzilla-config.txt.template" to "hubzilla-config.txt"
# Follow the instuctions there
@@ -25,16 +28,14 @@
# * php,
# * mysql - the database for hubzilla,
# * phpmyadmin,
-# * git to download and update hubzilla itself
+# * git to download and update hubzilla addon
# - download hubzilla core and addons
# - configure cron
-# * "poller.php" for regular background prozesses of hubzilla
-# * to_do "apt-get update" and "apt-get dist-upgrade" to keep linux
-# up-to-date
-# * to_do backup hubzillas database and files (rsnapshot)
-# - configure dynamic ip with cron
-# - to_do letsencrypt
-# - to_do redirection to https
+# * "Master.php" for regular background prozesses of hubzilla
+# * "apt-get update" and "apt-get dist-upgrade" and "apt-get autoremove" to keep linux up-to-date
+# * run command to keep the IP up-to-date > DynDNS provided by selfHOST.de or freedns.afraid.org
+# * backup hubzillas database and files (rsync)
+# - letsencrypt
#
#
# Discussion
@@ -43,26 +44,11 @@
# Security - password is the same for mysql-server, phpmyadmin and hubzilla db
# - The script runs into installation errors for phpmyadmin if it uses
# different passwords. For the sake of simplicity one singel password.
-#
-# Security - suhosin for PHP
-# - The script does not install suhosin.
-# - Is the security package suhosin usefull or not usefull?
#
# Hubzilla - email verification
# - The script switches off email verification off in all htconfig.tpl.
# Example: /var/www/html/view/en/htconfig.tpl
# - Is this a silly idea or not?
-#
-#
-# Remove Hubzilla (for a fresh start using the script)
-# ----------------------------------------------------
-#
-# You could use /var/www/hubzilla-remove.sh
-# that is created by hubzilla-setup.sh.
-#
-# The script will remove (almost everything) what was installed by the script.
-# After the removal you could run the script again to have a fresh install
-# of all applications including hubzilla and its database.
#
# How to restore from backup
# --------------------------
@@ -76,18 +62,10 @@
#
# hubzilla-daily.sh makes a (daily) backup of all relevant files
# - /var/lib/mysql/ > hubzilla database
-# - /var/www/html/ > hubzilla from github
-# - /var/www/letsencrypt/ > certificates
-#
-# hubzilla-daily.sh writes the backup
-# - either to an external disk compatible to LUKS+ext4 (see hubzilla-config.txt)
-# - or to /var/cache/rsnapshot in case the external disk is not plugged in
+# - /var/www/ > hubzilla/zap from github
+# - /etc/letsencrypt/ > certificates
#
-# Restore backup
-# - - - - - - -
-#
-# This was not tested yet.
-# Bacically you can copy the files from the backup to the server.
+# hubzilla-daily.sh writes the backup to an external disk compatible to LUKS+ext4 (see hubzilla-config.txt)
#
# Credits
# -------
@@ -136,11 +114,11 @@ function check_config {
# backup is important and should be checked
if [ -n "$backup_device_name" ]
then
- if [ ! -d "$backup_mount_point" ]
- then
- mkdir "$backup_mount_point"
- fi
- device_mounted=0
+ if [ ! -d "$backup_mount_point" ]
+ then
+ mkdir "$backup_mount_point"
+ fi
+ device_mounted=0
if fdisk -l | grep -i "$backup_device_name.*linux"
then
print_info "ok - filesystem of external device is linux"
@@ -264,7 +242,7 @@ function install_sendmail {
function install_php {
# openssl and mbstring are included in libapache2-mod-php
print_info "installing php..."
- nocheck_install "libapache2-mod-php php php-pear php-curl php-mcrypt php-gd"
+ nocheck_install "libapache2-mod-php php php-pear php-curl php-mcrypt php-gd php-mysqli php-mbstring php-xml"
sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.0/apache2/php.ini
sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.0/apache2/php.ini
}
@@ -449,11 +427,11 @@ function configure_cron_selfhost {
print_info "configure cron for selfhost..."
if [ -z "$selfhost_user" ]
then
- print_info "freedns is not configured because freedns_key is empty in $configfile"
+ print_info "selfhost is not configured because selfhost_key is empty in $configfile"
else
# Use cron for dynamich ip update
# - at reboot
- # - every 30 minutes
+ # - every 5 minutes
if [ -z "`grep 'selfhost-updater.sh' /etc/crontab`" ]
then
echo "@reboot root bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab
@@ -471,89 +449,24 @@ function install_letsencrypt {
then
die "Failed to install let's encrypt: 'le_domain' is empty in $configfile"
fi
- # configure apache
- apache_le_conf=/etc/apache2/sites-available/le-default.conf
- if [ -f $apache_le_conf ]
- then
- print_info "$apache_le_conf exist already"
- else
- cat > $apache_le_conf <<END
-# letsencrypt default Apache configuration
-Alias /.well-known/acme-challenge /var/www/letsencrypt
-
-<Directory /var/www/letsencrypt>
- Options FollowSymLinks
- Allow from all
-</Directory>
-END
- a2ensite le-default.conf
- service apache2 restart
- fi
- # download the shell script
- if [ -d $le_dir ]
- then
- print_info "letsenrypt exists already (nothing downloaded > no certificate created and registered)"
- return 0
- fi
- git clone https://github.com/lukas2511/dehydrated $le_dir
- cd $le_dir
- # create config file for letsencrypt.sh
- echo "WELLKNOWN=$le_dir" > $le_dir/config.sh
- if [ -n "$le_email" ]
- then
- echo "CONTACT_EMAIL=$le_email" >> $le_dir/config.sh
- fi
- # create domain file for letsencrypt.sh
- # WATCH THIS:
- # - It did not work wit "sub.domain.org www.sub.domain.org".
- # - So just use "sub.domain.org" only!
- echo "$le_domain" > $le_dir/domains.txt
- # test apache config for letsencrpyt
- url_http=http://$le_domain/.well-known/acme-challenge/domains.txt
- wget_output=$(wget -nv --spider --max-redirect 0 $url_http)
- if [ $? -ne 0 ]
- then
- die "Failed to load $url_http"
- fi
- # accept terms of service of letsencrypt
- ./dehydrated --register --accept-terms
- # run script dehydrated
- #
- ./dehydrated --cron --config $le_dir/config.sh
-}
-
-function configure_apache_for_https {
- print_info "configuring apache to use httpS ..."
- # letsencrypt.sh
- #
- # "${BASEDIR}/certs/${domain}/privkey.pem"
- # "${BASEDIR}/certs/${domain}/cert.pem"
- # "${BASEDIR}/certs/${domain}/fullchain.pem"
- #
- SSLCertificateFile=${le_dir}/certs/${le_domain}/cert.pem
- SSLCertificateKeyFile=${le_dir}/certs/${le_domain}/privkey.pem
- SSLCertificateChainFile=${le_dir}/certs/${le_domain}/fullchain.pem
- if [ ! -f $SSLCertificateFile ]
+ # check if user gave mail address
+ if [ -z "$le_email" ]
then
- print_warn "Failed to configure apache for httpS: Missing certificate file $SSLCertificateFile"
- return 0
+ die "Failed to install let's encrypt: 'le_domain' is empty in $configfile"
fi
- # make sure that the ssl mode is enabled
- print_info "...configuring apache to use httpS - a2enmod ssl ..."
- a2enmod ssl
- # modify apach' ssl conf file
- if grep -i "ServerName" $sslconf
+ nocheck_install "apt-transport-https"
+ # add backports to your sources.list
+ backports_list=/etc/apt/sources.list.d/backports.list
+ if [ -f $backports_list ]
then
- print_info "seems that apache was already configered to use httpS with $sslconf"
+ print_info "$backports_list exist already"
else
- sed -i "s/ServerAdmin.*$/ServerAdmin webmaster@localhost\\n ServerName ${le_domain}/" $sslconf
- fi
- sed -i s#/etc/ssl/certs/ssl-cert-snakeoil.pem#$SSLCertificateFile# $sslconf
- sed -i s#/etc/ssl/private/ssl-cert-snakeoil.key#$SSLCertificateKeyFile# $sslconf
- sed -i s#/etc/apache2/ssl.crt/server-ca.crt#$SSLCertificateChainFile# $sslconf
- sed -i s/#SSLCertificateChainFile/SSLCertificateChainFile/ $sslconf
- # apply changes
- a2ensite default-ssl.conf
+ echo "deb https://deb.debian.org/debian stretch-backports main" > $backports_list
+ fi
+ apt-get -y update
+ DEBIAN_FRONTEND=noninteractive apt-get -q -y -t stretch-backports install certbot python-certbot-apache
+ print_info "run certbot ..."
+ certbot --apache -w /var/www/html -d $le_domain -m $le_email --agree-tos --non-interactive --redirect --hsts --uir
service apache2 restart
}
@@ -572,7 +485,10 @@ function check_https {
function install_hubzilla {
print_info "installing hubzilla addons..."
cd /var/www/html/
- util/add_addon_repo https://framagit.org/hubzilla/addons.git hzaddons
+ # if you install Hubzilla
+ util/add_addon_repo https://framagit.org/hubzilla/addons hzaddons
+ # if you install ZAP
+ #util/add_addon_repo https://framagit.org/zot/zap-addons.git zaddons
mkdir -p "store/[data]/smarty3"
chmod -R 777 store
touch .htconfig.php
@@ -582,7 +498,7 @@ function install_hubzilla {
chown root:www-data /var/www/html/
chown root:www-data /var/www/html/.htaccess
chmod 0644 /var/www/html/.htaccess
- # try to switch off email registration
+ print_info "try to switch off email registration..."
sed -i "s/verify_email.*1/verify_email'] = 0/" /var/www/html/view/*/ht*
if [ -n "`grep -r 'verify_email.*1' /var/www/html/view/`" ]
then
@@ -591,49 +507,9 @@ function install_hubzilla {
print_info "installed hubzilla"
}
-function rewrite_to_https {
- print_info "configuring apache to redirect http to httpS ..."
- htaccessfile=/var/www/html/.htaccess
- if grep -i "https" $htaccessfile
- then
- print_info "...configuring apache to redirect http to httpS was already done in $htaccessfile"
- else
- sed -i "s#QSA]#QSA]\\n RewriteCond %{SERVER_PORT} !^443$\\n RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]#" $htaccessfile
- fi
- service apache2 restart
-}
-
-# This will allways overwrite both config files
-# - internal disk
-# - external disk (LUKS + ext4)
-# of rsnapshot for hubzilla
-function install_rsnapshot {
- print_info "installing rsnapshot..."
- nocheck_install "rsnapshot"
- # internal disk
- cp -f /etc/rsnapshot.conf $snapshotconfig
- sed -i "s/^cmd_cp/#cmd_cp/" $snapshotconfig
- sed -i "s/^backup/#backup/" $snapshotconfig
- echo "backup /var/lib/mysql/ localhost/" >> $snapshotconfig
- echo "backup /var/www/html/ localhost/" >> $snapshotconfig
- echo "backup /var/www/letsencrypt/ localhost/" >> $snapshotconfig
- # external disk
- if [ -n "$backup_device_name" ]
- then
- cp -f /etc/rsnapshot.conf $snapshotconfig_external_device
- sed -i "s#snapshot_root.*#snapshot_root $backup_mount_point#" $snapshotconfig_external_device
- sed -i "/alpha/s/6/30/" $snapshotconfig_external_device
- sed -i "s/^cmd_cp/#cmd_cp/" $snapshotconfig_external_device
- sed -i "s/^backup/#backup/" $snapshotconfig_external_device
- if [ -z "`grep 'letsencrypt' $snapshotconfig_external_device`" ]
- then
- echo "backup /var/lib/mysql/ localhost/" >> $snapshotconfig_external_device
- echo "backup /var/www/html/ localhost/" >> $snapshotconfig_external_device
- echo "backup /var/www/letsencrypt/ localhost/" >> $snapshotconfig_external_device
- fi
- else
- print_info "No backup configuration (rsnapshot) for external device configured. Reason: backup_device_name and/or backup_device_pass not given in $configfile"
- fi
+function install_rsync {
+ print_info "installing rsync..."
+ nocheck_install "rsync"
}
function install_cryptosetup {
@@ -644,28 +520,28 @@ function install_cryptosetup {
function configure_cron_daily {
print_info "configuring cron..."
# every 10 min for poller.php
- if [ -z "`grep 'poller.php' /etc/crontab`" ]
+ if [ -z "`grep 'Master.php' /etc/crontab`" ]
then
echo "*/10 * * * * www-data cd /var/www/html; php Zotlabs/Daemon/Master.php Cron >> /dev/null 2>&1" >> /etc/crontab
fi
# Run external script daily at 05:30
# - stop apache and mysql-server
- # - backup hubzilla
+ # - renew the certificate of letsencrypt
+ # - backup db, files (/var/www/html), certificates if letsencrypt
# - update hubzilla core and addon
# - update and upgrade linux
- # - reboot
+ # - reboot is done by "shutdown -h now" because "reboot" hangs sometimes depending on the system
echo "#!/bin/sh" > /var/www/$hubzilladaily
echo "#" >> /var/www/$hubzilladaily
echo "echo \" \"" >> /var/www/$hubzilladaily
echo "echo \"+++ \$(date) +++\"" >> /var/www/$hubzilladaily
echo "echo \" \"" >> /var/www/$hubzilladaily
echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$hubzilladaily
-echo "bash $le_dir/dehydrated --cron --config $le_dir/config.sh" >> /var/www/$hubzilladaily
+echo "certbot renew --noninteractive" >> /var/www/$hubzilladaily
echo "#" >> /var/www/$hubzilladaily
-echo "# stop hubzilla" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - stoping apache and mysql...\"" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - stopping apache and mysql...\"" >> /var/www/$hubzilladaily
echo "service apache2 stop" >> /var/www/$hubzilladaily
-echo "/etc/init.d/mysql stop # to avoid inconsistancies" >> /var/www/$hubzilladaily
+echo "/etc/init.d/mysql stop # to avoid inconsistencies" >> /var/www/$hubzilladaily
echo "#" >> /var/www/$hubzilladaily
echo "# backup" >> /var/www/$hubzilladaily
echo "echo \"\$(date) - try to mount external device for backup...\"" >> /var/www/$hubzilladaily
@@ -696,11 +572,13 @@ echo " if mount $backup_device_name $backup_mount_point" >> /var/www/$hub
echo " then" >> /var/www/$hubzilladaily
echo " device_mounted=1" >> /var/www/$hubzilladaily
echo " echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$hubzilladaily
-echo " rsnapshot -c $snapshotconfig_external_device alpha" >> /var/www/$hubzilladaily
-echo " echo \"\$(date) - disk sizes...\"" >> /var/www/$hubzilladaily
-echo " df -h" >> /var/www/$hubzilladaily
-echo " echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily
-echo " du -h $backup_mount_point | grep mysql/hubzilla" >> /var/www/$hubzilladaily
+echo " rsync -a --delete /var/lib/mysql/ /media/hubzilla_backup/mysql" >> /var/www/$hubzilladaily
+echo " rsync -a --delete /var/www/ /media/hubzilla_backup/www" >> /var/www/$hubzilladaily
+echo " rsync -a --delete /etc/letsencrypt/ /media/hubzilla_backup/letsencrypt" >> /var/www/$hubzilladaily
+echo " echo \"\$(date) - disk sizes...\"" >> /var/www/$hubzilladaily
+echo " df -h" >> /var/www/$hubzilladaily
+echo " echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily
+echo " du -h $backup_mount_point | grep mysql/hubzilla" >> /var/www/$hubzilladaily
echo " echo \"unmounting backup device...\"" >> /var/www/$hubzilladaily
echo " umount $backup_mount_point" >> /var/www/$hubzilladaily
echo " else" >> /var/www/$hubzilladaily
@@ -722,18 +600,16 @@ echo "echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily
echo "du -h /var/lib/mysql/ | grep mysql/hubzilla" >> /var/www/$hubzilladaily
echo "#" >> /var/www/$hubzilladaily
echo "# update" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - updating dehydrated...\"" >> /var/www/$hubzilladaily
-echo "git -C /var/www/letsencrypt/ pull" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - updating hubhilla core...\"" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - updating core and addons...\"" >> /var/www/$hubzilladaily
echo "(cd /var/www/html/ ; util/udall)" >> /var/www/$hubzilladaily
echo "chown -R www-data:www-data /var/www/html/ # make all accessable for the webserver" >> /var/www/$hubzilladaily
echo "chown root:www-data /var/www/html/.htaccess" >> /var/www/$hubzilladaily
echo "chmod 0644 /var/www/html/.htaccess # www-data can read but not write it" >> /var/www/$hubzilladaily
echo "echo \"\$(date) - updating linux...\"" >> /var/www/$hubzilladaily
echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - Backup hubzilla and update linux finished. Rebooting...\"" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - Backup and update finished. Rebooting...\"" >> /var/www/$hubzilladaily
echo "#" >> /var/www/$hubzilladaily
-echo "reboot" >> /var/www/$hubzilladaily
+echo "shutdown -r now" >> /var/www/$hubzilladaily
if [ -z "`grep 'hubzilla-daily.sh' /etc/crontab`" ]
then
@@ -745,38 +621,6 @@ echo "reboot" >> /var/www/$hubzilladaily
print_info "configured cron for updates/upgrades"
}
-function write_uninstall_script {
- print_info "writing uninstall script..."
-
- cat > /var/www/hubzilla-remove.sh <<END
-#!/bin/sh
-#
-# This script removes Hubzilla.
-# You might do this for a fresh start using the script.
-# The script will remove (almost everything) what was installed by the script,
-# all applications including hubzilla and its database.
-#
-# Backup the certificates of letsencrypt (you never know)
-cp -a /var/www/letsencrypt/ ~/backup_le_certificats
-#
-# Removal
-apt-get remove apache2 apache2-utils libapache2-mod-php5 php5 php-pear php5-xcache php5-curl php5-mcrypt php5-gd php5-mysql mysql-server mysql-client phpmyadmin
-apt-get purge apache2 apache2-utils libapache2-mod-php5 php5 php-pear php5-xcache php5-curl php5-mcrypt php5-gd php5-mysql mysql-server mysql-client phpmyadmin
-apt-get autoremove
-apt-get clean
-rm /etc/rsnapshot_hubzilla.conf
-rm /etc/rsnapshot_hubzilla_external_device.conf
-rm -R /etc/apache2/
-rm -R /var/lib/mysql/
-rm -R /var/www
-rm -R /etc/selfhost/
-# uncomment the next line if you want to remove the backups
-# rm -R /var/cache/rsnapshot
-nano /etc/crontab # remove entries there manually
-END
- chmod -x /var/www/hubzilla-remove.sh
-}
-
########################################################################
# START OF PROGRAM
########################################################################
@@ -792,11 +636,7 @@ selfhostdir=/etc/selfhost
selfhostscript=selfhost-updater.sh
hubzilladaily=hubzilla-daily.sh
plugins_update=.homeinstall/plugins_update.sh
-snapshotconfig=/etc/rsnapshot_hubzilla.conf
-snapshotconfig_external_device=/etc/rsnapshot_hubzilla_external_device.conf
backup_mount_point=/media/hubzilla_backup
-le_dir=/var/www/letsencrypt
-sslconf=/etc/apache2/sites-available/default-ssl.conf
#set -x # activate debugging from here
@@ -820,7 +660,6 @@ configure_cron_selfhost
if [ "$le_domain" != "localhost" ]
then
install_letsencrypt
- configure_apache_for_https
check_https
else
print_info "is localhost - skipped installation of letsencrypt and configuration of apache for https"
@@ -828,20 +667,12 @@ fi
install_hubzilla
-if [ "$le_domain" != "localhost" ]
-then
- rewrite_to_https
- install_rsnapshot
-else
- print_info "is localhost - skipped rewrite to https and installation of rsnapshot"
-fi
-
configure_cron_daily
if [ "$le_domain" != "localhost" ]
then
+ install_rsync
install_cryptosetup
- write_uninstall_script
else
print_info "is localhost - skipped installation of cryptosetup"
fi
diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php
index 03275abbc..a19bdbedc 100644
--- a/Zotlabs/Module/Wfinger.php
+++ b/Zotlabs/Module/Wfinger.php
@@ -128,7 +128,7 @@ class Wfinger extends \Zotlabs\Web\Controller {
'http://webfinger.net/ns/name' => $r[0]['channel_name'],
'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'],
'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'],
- 'http://purl.org/zot/federation' => 'zot'
+ 'http://purl.org/zot/federation' => 'zot,zot6'
];
foreach($aliases as $alias)
diff --git a/include/event.php b/include/event.php
index fdb9e1415..77118c329 100644
--- a/include/event.php
+++ b/include/event.php
@@ -4,8 +4,11 @@
* @brief Event related functions.
*/
+
use Sabre\VObject;
+use Zotlabs\Lib\Activity;
+
use Ramsey\Uuid\Uuid;
use Ramsey\Uuid\Exception\UnsatisfiedDependencyException;
@@ -65,7 +68,7 @@ function format_event_html($ev) {
}
function format_event_obj($jobject) {
- $event = array();
+ $event = [];
$object = json_decode($jobject,true);
@@ -1046,6 +1049,7 @@ function event_store_item($arr, $event) {
'location' => $arr['location'],
'adjust' => $arr['adjust'],
'content' => format_event_bbcode($arr),
+ 'attachment' => Activity::encode_attachment($r[0]),
'author' => array(
'name' => $r[0]['xchan_name'],
'address' => $r[0]['xchan_addr'],
@@ -1200,6 +1204,7 @@ function event_store_item($arr, $event) {
'location' => $arr['location'],
'adjust' => $arr['adjust'],
'content' => format_event_bbcode($arr),
+ 'attachment' => Activity::encode_attachment($item_arr),
'author' => array(
'name' => $x[0]['xchan_name'],
'address' => $x[0]['xchan_addr'],