aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.homeinstall/README.md46
-rwxr-xr-x.homeinstall/hubzilla-setup.sh648
-rw-r--r--.homeinstall/nginx-zotserver.conf.template144
-rw-r--r--.homeinstall/zotserver-config.txt.template (renamed from .homeinstall/hubzilla-config.txt.template)29
-rwxr-xr-x.homeinstall/zotserver-setup.sh793
5 files changed, 982 insertions, 678 deletions
diff --git a/.homeinstall/README.md b/.homeinstall/README.md
index df1d14ef8..e2c345969 100644
--- a/.homeinstall/README.md
+++ b/.homeinstall/README.md
@@ -1,9 +1,10 @@
+
# How to use
## Disclaimers
- This script does work with Debian 10 only.
-- This script has to be used on a fresh debian install only (it does not take account for a possibly already installed and configured webserver or sql implementation).
+- This script has to be used on a fresh debian install only (it does not take account for a possibly already installed and configured webserver or sql implementation). You may use it to install several hub/instances on the same server, though.
## Preconditions
@@ -15,9 +16,11 @@ Hardware
Software
-+ Fresh installation of Debian 10 (Stretch)
++ Fresh installation of Debian 10 (Buster)
+ Router with open ports 80 and 443 for your web server
-+ Some form of email server or email gateway such that PHP mail() works.
+
+You can of course run the script on a VPS or any distant server as long as the above sotfware requirements are satisfied.
+
## How to run the script
@@ -26,29 +29,29 @@ Software
- apt-get install git
- mkdir -p /var/www
- cd /var/www
- - git clone https://framagit.org/hubzilla/core.git html
+ - git clone https://framagit.org/hubzilla/core.git html (you can replace "html" with any folder name you like, which you'll have to do if you plan to have more than one hub/instance running on your server)
- cd html/.homeinstall
- - cp hubzilla-config.txt.template hubzilla-config.txt
- - nano hubzilla-config.txt
+ - cp zotserver-config.txt.template zotserver-config.txt
+ - nano zotserver-config.txt
- Read the comments carefully
- Enter your values: db pass, domain, values for dyn DNS
- Prepare your external disk for backups
- - hubzilla-setup.sh as root
- - ... wait, wait, wait until the script is finised
-+ Open your domain with a browser and step throught the initial configuration of hubzilla.
+ - ./zotserver-setup.sh as root
+ - ... wait, wait, wait until the script is finished
++ Open your domain with a browser and step throught the initial configuration of your hub/instance.
## Optional - Set path to imagemagick
-In Admin settings of hubzilla or via terminal
+In Admin settings of your hub/instance or via terminal
- cd /var/www/html
+ cd /var/www/html (or the custom path you chose)
util/config system.imagick_convert_path /usr/bin/convert
## Optional - Switch verification of email on/off
-Do this just befor you register the user and you have no working PHP mail().
+Do this just before you register the first user.
-In Admin settings of hubzilla or via terminal
+In Admin settings of your hub/instance or via terminal
cd /var/www/html
@@ -62,18 +65,18 @@ Switch the verification on/off (1/0)
## What the script will do for you...
-+ install everything required by Hubzilla, basically a web server (Apache), PHP, a database (MySQL), certbot,...
++ install everything required by your hub/instance, basically a web server (Apache or Nginx), PHP, a database (MySQL), certbot,...
+ create a database
+ run certbot to have everything for a secure connection (httpS)
+ create a script for daily maintenance
- backup to external disk (certificates, database, /var/www/)
- renew certfificate (letsencrypt)
- - update of Hubzilla
+ - update of your hub/instance (git)
- update of Debian
- restart
+ create cron jobs for
- DynDNS (selfHOST.de or freedns.afraid.org) every 5 minutes
- - Master.php for Zap/Hubzilla every 10 minutes
+ - Run.php for your hub/instance every 10 minutes
- daily maintenance script every day at 05:30
The script is known to work without adjustments with
@@ -86,7 +89,7 @@ The script is known to work without adjustments with
- selfHOST.de
- freedns.afraid.org
-The script can install both [Hubzilla](https://zotlabs.org/page/hubzilla/hubzilla-project) and [Zap](https://zotlabs.com/zap/). Make sure to use the correct GIT repositories.
+The script can install [Hubzilla](https://zotlabs.org/page/hubzilla/hubzilla-project), [Zap](https://zotlabs.com/zap/) and [Mistpark 2020, aka "Misty"](https://zotlabs.com/misty/). Make sure to use the correct GIT repositories.
# Step-by-Step - some Details
@@ -101,11 +104,11 @@ Open the ports 80 and 443 on your router for your Debian. Make sure your web ser
## Preparations Dynamic IP Address
-Follow the instructions in .homeinstall/hubzilla-config.txt.
+Follow the instructions in .homeinstall/zotserver-config.txt.
In short...
-Your Hubzilla must be reachable by a domain that you can type in your browser
+Your Hubzilla server must be reachable by a domain that you can type in your browser
cooldomain.org
@@ -127,8 +130,6 @@ The cost is 1,50 € per month (2019).
## Note on Rasperry
-The script was tested with an Raspberry 3 under Raspian, Debian 10.
-
It is recommended to run the Raspi without graphical frontend (X-Server). Use...
sudo raspi-config
@@ -139,5 +140,4 @@ DO NOT FORGET TO CHANGE THE DEFAULT PASSWORD FOR USER PI!
## Reminder for Different Web Wervers
-For those of you who feel adventurous enough to use a different web server (Nginx, Lighttpd...), don't forget that this script will install Apache and that you can only have one web server listening to ports 80 & 443. Also, don't forget to tweak /var/www/hubzilla-daily.sh accordingly.
-
+For those of you who feel adventurous enough to use a different web server (i.e. Lighttpd...), don't forget that this script will install Apache or Nginx and that you can only have one web server listening to ports 80 & 443. Also, don't forget to tweak your daily shell script in /var/www/ accordingly.
diff --git a/.homeinstall/hubzilla-setup.sh b/.homeinstall/hubzilla-setup.sh
deleted file mode 100755
index 063cfcea4..000000000
--- a/.homeinstall/hubzilla-setup.sh
+++ /dev/null
@@ -1,648 +0,0 @@
-#!/bin/bash
-#
-# How to use
-# ----------
-#
-# This file automates the installation of
-# - hubzilla: https://zotlabs.org/page/hubzilla/hubzilla-project and
-# - zap: https://zotlabs.com/zap/
-# under Debian Linux
-#
-# 1) Copy the file "hubzilla-config.txt.template" to "hubzilla-config.txt"
-# Follow the instuctions there
-#
-# 2) Switch to user "root" by typing "su -"
-#
-# 3) Run with "./hubzilla-setup.sh"
-# If this fails check if you can execute the script.
-# - To make it executable type "chmod +x hubzilla-setup.sh"
-# - or run "bash hubzilla-setup.sh"
-#
-#
-# What does this script do basically?
-# -----------------------------------
-#
-# This file automates the installation of hubzilla under Debian Linux
-# - install
-# * apache webserer,
-# * php,
-# * mariadb - the database for hubzilla,
-# * adminer,
-# * git to download and update addons
-# - configure cron
-# * "Master.php" for regular background prozesses of hubzilla
-# * "apt-get update" and "apt-get dist-upgrade" and "apt-get autoremove" to keep linux up-to-date
-# * run command to keep the IP up-to-date > DynDNS provided by selfHOST.de or freedns.afraid.org
-# * backup hubzillas database and files (rsync)
-# - run letsencrypt to create, register and use a certifacte for https
-#
-#
-# Discussion
-# ----------
-#
-# Security - password is the same for mysql-server, phpmyadmin and hubzilla db
-# - The script runs into installation errors for phpmyadmin if it uses
-# different passwords. For the sake of simplicity one singel password.
-#
-# How to restore from backup
-# --------------------------
-#
-# Daily backup
-# - - - - - -
-#
-# The installation
-# - writes a script /var/www/hubzilla-daily.sh
-# - creates a daily cron that runs the hubzilla-daily.sh
-#
-# hubzilla-daily.sh makes a (daily) backup of all relevant files
-# - /var/lib/mysql/ > database
-# - /var/www/ > hubzilla/zap from github
-# - /etc/letsencrypt/ > certificates
-#
-# hubzilla-daily.sh writes the backup to an external disk compatible to LUKS+ext4 (see hubzilla-config.txt)
-#
-# Credits
-# -------
-#
-# The script is based on Thomas Willinghams script "debian-setup.sh"
-# which he used to install the red#matrix.
-#
-# The documentation for bash is here
-# https://www.gnu.org/software/bash/manual/bash.html
-#
-function check_sanity {
- # Do some sanity checking.
- print_info "Sanity check..."
- if [ $(/usr/bin/id -u) != "0" ]
- then
- die 'Must be run by root user'
- fi
-
- if [ -f /etc/lsb-release ]
- then
- die "Distribution is not supported"
- fi
- if [ ! -f /etc/debian_version ]
- then
- die "Debian is supported only"
- fi
- if ! grep -q 'Linux 10' /etc/issue
- then
- die "Linux 10 (buster) is supported only"x
- fi
-}
-
-function check_config {
- print_info "config check..."
- # Check for required parameters
- if [ -z "$db_pass" ]
- then
- die "db_pass not set in $configfile"
- fi
- if [ -z "$le_domain" ]
- then
- die "le_domain not set in $configfile"
- fi
- # backup is important and should be checked
- if [ -n "$backup_device_name" ]
- then
- if [ ! -d "$backup_mount_point" ]
- then
- mkdir "$backup_mount_point"
- fi
- device_mounted=0
- if fdisk -l | grep -i "$backup_device_name.*linux"
- then
- print_info "ok - filesystem of external device is linux"
- if [ -n "$backup_device_pass" ]
- then
- echo "$backup_device_pass" | cryptsetup luksOpen $backup_device_name cryptobackup
- if mount /dev/mapper/cryptobackup /media/hubzilla_backup
- then
- device_mounted=1
- print_info "ok - could encrypt and mount external backup device"
- umount /media/hubzilla_backup
- else
- print_warn "backup to external device will fail because encryption failed"
- fi
- cryptsetup luksClose cryptobackup
- else
- if mount $backup_device_name /media/hubzilla_backup
- then
- device_mounted=1
- print_info "ok - could mount external backup device"
- umount /media/hubzilla_backup
- else
- print_warn "backup to external device will fail because mount failed"
- fi
- fi
- else
- print_warn "backup to external device will fail because filesystem is either not linux or 'backup_device_name' is not correct in $configfile"
- fi
- if [ $device_mounted == 0 ]
- then
- die "backup device not ready"
- fi
- fi
-}
-
-function die {
- echo "ERROR: $1" > /dev/null 1>&2
- exit 1
-}
-
-
-function update_upgrade {
- print_info "updated and upgrade..."
- # Run through the apt-get update/upgrade first. This should be done before
- # we try to install any package
- apt-get -q -y update && apt-get -q -y dist-upgrade
- print_info "updated and upgraded linux"
-}
-
-function check_install {
- if [ -z "`which "$1" 2>/dev/null`" ]
- then
- # export DEBIAN_FRONTEND=noninteractive ... answers from the package
- # configuration database
- # - q ... without progress information
- # - y ... answer interactive questions with "yes"
- # DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install $2
- DEBIAN_FRONTEND=noninteractive apt-get -q -y install $2
- print_info "installed $2 installed for $1"
- else
- print_warn "$2 already installed"
- fi
-}
-
-function nocheck_install {
- # export DEBIAN_FRONTEND=noninteractive ... answers from the package configuration database
- # - q ... without progress information
- # - y ... answer interactive questions with "yes"
- # DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install $2
- # DEBIAN_FRONTEND=noninteractive apt-get --install-suggests -q -y install $1
- DEBIAN_FRONTEND=noninteractive apt-get -q -y install $1
- print_info "installed $1"
-}
-
-
-function print_info {
- echo -n -e '\e[1;34m'
- echo -n $1
- echo -e '\e[0m'
-}
-
-function print_warn {
- echo -n -e '\e[1;31m'
- echo -n $1
- echo -e '\e[0m'
-}
-
-function stop_hubzilla {
- print_info "stopping apache webserver..."
- systemctl stop apache2
- print_info "stopping mysql db..."
- systemctl stop mariadb
-}
-
-function install_apache {
- print_info "installing apache..."
- nocheck_install "apache2 apache2-utils"
- a2enmod rewrite
- systemctl restart apache2
-}
-
-function install_imagemagick {
- print_info "installing imagemagick..."
- nocheck_install "imagemagick"
-}
-
-function install_curl {
- print_info "installing curl..."
- nocheck_install "curl"
-}
-
-function install_wget {
- print_info "installing wget..."
- nocheck_install "wget"
-}
-
-function install_sendmail {
- print_info "installing sendmail..."
- nocheck_install "sendmail sendmail-bin"
-}
-
-function install_php {
- # openssl and mbstring are included in libapache2-mod-php
- print_info "installing php..."
- nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mbstring php-xml php-zip"
- sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/apache2/php.ini
- sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/apache2/php.ini
-}
-
-function install_mysql {
- print_info "installing mysql..."
- if [ -z "$mysqlpass" ]
- then
- die "mysqlpass not set in $configfile"
- fi
- if type mysql ; then
- echo "Yes, mysql is installed"
- else
- echo "mariadb-server"
- nocheck_install "mariadb-server"
- systemctl status mariadb
- systemctl start mariadb
- mysql --user=root <<_EOF_
-UPDATE mysql.user SET Password=PASSWORD('${db_root_password}') WHERE User='root';
-DELETE FROM mysql.user WHERE User='';
-DROP DATABASE IF EXISTS test;
-DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
-FLUSH PRIVILEGES;
-_EOF_
- fi
-}
-
-function install_adminer {
- print_info "installing adminer..."
- nocheck_install "adminer"
- if [ ! -f /etc/adminer/adminer.conf ]
- then
- echo "Alias /adminer /usr/share/adminer/adminer" > /etc/adminer/adminer.conf
- ln -s /etc/adminer/adminer.conf /etc/apache2/conf-available/adminer.conf
- else
- print_info "file /etc/adminer/adminer.conf exists already"
- fi
-
- a2enmod rewrite
-
- if [ ! -f /etc/apache2/apache2.conf ]
- then
- die "could not find file /etc/apache2/apache2.conf"
- fi
- sed -i \
- "s/AllowOverride None/AllowOverride all/" \
- /etc/apache2/apache2.conf
-
- a2enconf adminer
- systemctl restart mariadb
- systemctl reload apache2
-}
-
-function create_hubzilla_db {
- print_info "creating hubzilla database..."
- if [ -z "$hubzilla_db_name" ]
- then
- die "hubzilla_db_name not set in $configfile"
- fi
- if [ -z "$hubzilla_db_user" ]
- then
- die "hubzilla_db_user not set in $configfile"
- fi
- if [ -z "$hubzilla_db_pass" ]
- then
- die "hubzilla_db_pass not set in $configfile"
- fi
- systemctl restart mariadb
- Q1="CREATE DATABASE IF NOT EXISTS $hubzilla_db_name;"
- Q2="GRANT USAGE ON *.* TO $hubzilla_db_user@localhost IDENTIFIED BY '$hubzilla_db_pass';"
- Q3="GRANT ALL PRIVILEGES ON $hubzilla_db_name.* to $hubzilla_db_user@localhost identified by '$hubzilla_db_pass';"
- Q4="FLUSH PRIVILEGES;"
- SQL="${Q1}${Q2}${Q3}${Q4}"
- mysql -uroot -p$phpmyadminpass -e "$SQL"
-}
-
-function run_freedns {
- print_info "run freedns (dynamic IP)..."
- if [ -z "$freedns_key" ]
- then
- print_info "freedns was not started because 'freedns_key' is empty in $configfile"
- else
- if [ -n "$selfhost_user" ]
- then
- die "You can not use freeDNS AND selfHOST for dynamic IP updates ('freedns_key' AND 'selfhost_user' set in $configfile)"
- fi
- wget --no-check-certificate -O - http://freedns.afraid.org/dynamic/update.php?$freedns_key
- fi
-}
-
-function install_run_selfhost {
- print_info "install and start selfhost (dynamic IP)..."
- if [ -z "$selfhost_user" ]
- then
- print_info "selfHOST was not started because 'selfhost_user' is empty in $configfile"
- else
- if [ -n "$freedns_key" ]
- then
- die "You can not use freeDNS AND selfHOST for dynamic IP updates ('freedns_key' AND 'selfhost_user' set in $configfile)"
- fi
- if [ -z "$selfhost_pass" ]
- then
- die "selfHOST was not started because 'selfhost_pass' is empty in $configfile"
- fi
- if [ ! -d $selfhostdir ]
- then
- mkdir $selfhostdir
- fi
- # the old way
- # https://carol.selfhost.de/update?username=123456&password=supersafe
- #
- # the prefered way
- wget --output-document=$selfhostdir/$selfhostscript http://jonaspasche.de/selfhost-updater
- echo "router" > $selfhostdir/device
- echo "$selfhost_user" > $selfhostdir/user
- echo "$selfhost_pass" > $selfhostdir/pass
- bash $selfhostdir/$selfhostscript update
- fi
-}
-
-function ping_domain {
- print_info "ping domain $domain..."
- # Is the domain resolved? Try to ping 6 times à 10 seconds
- COUNTER=0
- for i in {1..6}
- do
- print_info "loop $i for ping -c 1 $domain ..."
- if ping -c 4 -W 1 $le_domain
- then
- print_info "$le_domain resolved"
- break
- else
- if [ $i -gt 5 ]
- then
- die "Failed to: ping -c 1 $domain not resolved"
- fi
- fi
- sleep 10
- done
- sleep 5
-}
-
-function configure_cron_freedns {
- print_info "configure cron for freedns..."
- if [ -z "$freedns_key" ]
- then
- print_info "freedns is not configured because freedns_key is empty in $configfile"
- else
- # Use cron for dynamich ip update
- # - at reboot
- # - every 30 minutes
- if [ -z "`grep 'freedns.afraid.org' /etc/crontab`" ]
- then
- echo "@reboot root http://freedns.afraid.org/dynamic/update.php?$freedns_key > /dev/null 2>&1" >> /etc/crontab
- echo "*/30 * * * * root wget --no-check-certificate -O - http://freedns.afraid.org/dynamic/update.php?$freedns_key > /dev/null 2>&1" >> /etc/crontab
- else
- print_info "cron for freedns was configured already"
- fi
- fi
-}
-
-function configure_cron_selfhost {
- print_info "configure cron for selfhost..."
- if [ -z "$selfhost_user" ]
- then
- print_info "selfhost is not configured because selfhost_key is empty in $configfile"
- else
- # Use cron for dynamich ip update
- # - at reboot
- # - every 5 minutes
- if [ -z "`grep 'selfhost-updater.sh' /etc/crontab`" ]
- then
- echo "@reboot root bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab
- echo "*/5 * * * * root /bin/bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab
- else
- print_info "cron for selfhost was configured already"
- fi
- fi
-}
-
-function install_letsencrypt {
- print_info "installing let's encrypt ..."
- # check if user gave domain
- if [ -z "$le_domain" ]
- then
- die "Failed to install let's encrypt: 'le_domain' is empty in $configfile"
- fi
- if [ -z "$le_email" ]
- then
- die "Failed to install let's encrypt: 'le_email' is empty in $configfile"
- fi
- nocheck_install "certbot python-certbot-apache"
- print_info "run certbot ..."
- certbot --apache -w /var/www/html -d $le_domain -m $le_email --agree-tos --non-interactive --redirect --hsts --uir
- service apache2 restart
-}
-
-function check_https {
- print_info "checking httpS > testing ..."
- url_https=https://$le_domain
- wget_output=$(wget -nv --spider --max-redirect 0 $url_https)
- if [ $? -ne 0 ]
- then
- print_warn "check not ok"
- else
- print_info "check ok"
- fi
-}
-
-function install_hubzilla {
- print_info "installing addons..."
- cd /var/www/html/
- if git remote -v | grep -i "origin.*hubzilla.*"
- then
- print_info "hubzilla"
- util/add_addon_repo https://framagit.org/hubzilla/addons hzaddons
- elif git remote -v | grep -i "origin.*zap.*"
- then
- print_info "zap"
- util/add_addon_repo https://framagit.org/zot/zap-addons.git zaddons
- else
- die "neither zap nor hubzilla repository > did not install addons or zap/hubzilla"
- fi
- mkdir -p "store/[data]/smarty3"
- mkdir -p "store"
- chmod -R 777 store
- touch .htconfig.php
- chmod ou+w .htconfig.php
- cd /var/www/
- chown -R www-data:www-data html
- chown root:www-data /var/www/html/
- chown root:www-data /var/www/html/.htaccess
- chmod 0644 /var/www/html/.htaccess
- print_info "installed addons"
-}
-
-function install_rsync {
- print_info "installing rsync..."
- nocheck_install "rsync"
-}
-
-function install_cryptosetup {
- print_info "installing cryptsetup..."
- nocheck_install "cryptsetup"
-}
-
-function configure_cron_daily {
- print_info "configuring cron..."
- # every 10 min for poller.php
- if [ -z "`grep 'Master.php' /etc/crontab`" ]
- then
- echo "*/10 * * * * www-data cd /var/www/html; php Zotlabs/Daemon/Master.php Cron >> /dev/null 2>&1" >> /etc/crontab
- fi
- # Run external script daily at 05:30
- # - stop apache and mysql-server
- # - renew the certificate of letsencrypt
- # - backup db, files (/var/www/html), certificates if letsencrypt
- # - update hubzilla core and addon
- # - update and upgrade linux
- # - reboot is done by "shutdown -h now" because "reboot" hangs sometimes depending on the system
-echo "#!/bin/sh" > /var/www/$hubzilladaily
-echo "#" >> /var/www/$hubzilladaily
-echo "echo \" \"" >> /var/www/$hubzilladaily
-echo "echo \"+++ \$(date) +++\"" >> /var/www/$hubzilladaily
-echo "echo \" \"" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$hubzilladaily
-echo "certbot renew --noninteractive" >> /var/www/$hubzilladaily
-echo "#" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - stopping apache and mysql...\"" >> /var/www/$hubzilladaily
-echo "service apache2 stop" >> /var/www/$hubzilladaily
-echo "/etc/init.d/mysql stop # to avoid inconsistencies" >> /var/www/$hubzilladaily
-echo "#" >> /var/www/$hubzilladaily
-echo "# backup" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - try to mount external device for backup...\"" >> /var/www/$hubzilladaily
-echo "backup_device_name=$backup_device_name" >> /var/www/$hubzilladaily
-echo "backup_device_pass=$backup_device_pass" >> /var/www/$hubzilladaily
-echo "backup_mount_point=$backup_mount_point" >> /var/www/$hubzilladaily
-echo "device_mounted=0" >> /var/www/$hubzilladaily
-echo "if [ -n \"$backup_device_name\" ]" >> /var/www/$hubzilladaily
-echo "then" >> /var/www/$hubzilladaily
-echo " if blkid | grep $backup_device_name" >> /var/www/$hubzilladaily
-echo " then" >> /var/www/$hubzilladaily
- if [ -n "$backup_device_pass" ]
- then
-echo " echo \"decrypting backup device...\"" >> /var/www/$hubzilladaily
-echo " echo "\"$backup_device_pass\"" | cryptsetup luksOpen $backup_device_name cryptobackup" >> /var/www/$hubzilladaily
- fi
-echo " if [ ! -d $backup_mount_point ]" >> /var/www/$hubzilladaily
-echo " then" >> /var/www/$hubzilladaily
-echo " mkdir $backup_mount_point" >> /var/www/$hubzilladaily
-echo " fi" >> /var/www/$hubzilladaily
-echo " echo \"mounting backup device...\"" >> /var/www/$hubzilladaily
- if [ -n "$backup_device_pass" ]
- then
-echo " if mount /dev/mapper/cryptobackup $backup_mount_point" >> /var/www/$hubzilladaily
- else
-echo " if mount $backup_device_name $backup_mount_point" >> /var/www/$hubzilladaily
- fi
-echo " then" >> /var/www/$hubzilladaily
-echo " device_mounted=1" >> /var/www/$hubzilladaily
-echo " echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$hubzilladaily
-echo " rsync -a --delete /var/lib/mysql/ /media/hubzilla_backup/mysql" >> /var/www/$hubzilladaily
-echo " rsync -a --delete /var/www/ /media/hubzilla_backup/www" >> /var/www/$hubzilladaily
-echo " rsync -a --delete /etc/letsencrypt/ /media/hubzilla_backup/letsencrypt" >> /var/www/$hubzilladaily
-echo " echo \"\$(date) - disk sizes...\"" >> /var/www/$hubzilladaily
-echo " df -h" >> /var/www/$hubzilladaily
-echo " echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily
-echo " du -h $backup_mount_point | grep mysql/hubzilla" >> /var/www/$hubzilladaily
-echo " echo \"unmounting backup device...\"" >> /var/www/$hubzilladaily
-echo " umount $backup_mount_point" >> /var/www/$hubzilladaily
-echo " else" >> /var/www/$hubzilladaily
-echo " echo \"failed to mount device $backup_device_name\"" >> /var/www/$hubzilladaily
-echo " fi" >> /var/www/$hubzilladaily
- if [ -n "$backup_device_pass" ]
- then
-echo " echo \"closing decrypted backup device...\"" >> /var/www/$hubzilladaily
-echo " cryptsetup luksClose cryptobackup" >> /var/www/$hubzilladaily
- fi
-echo " fi" >> /var/www/$hubzilladaily
-echo "fi" >> /var/www/$hubzilladaily
-echo "if [ \$device_mounted == 0 ]" >> /var/www/$hubzilladaily
-echo "then" >> /var/www/$hubzilladaily
-echo " echo \"device could not be mounted $backup_device_name. No backup written.\"" >> /var/www/$hubzilladaily
-echo "fi" >> /var/www/$hubzilladaily
-echo "#" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily
-echo "du -h /var/lib/mysql/ | grep mysql/hubzilla" >> /var/www/$hubzilladaily
-echo "#" >> /var/www/$hubzilladaily
-echo "# update" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - updating core and addons...\"" >> /var/www/$hubzilladaily
-echo "(cd /var/www/html/ ; util/udall)" >> /var/www/$hubzilladaily
-echo "chown -R www-data:www-data /var/www/html/ # make all accessable for the webserver" >> /var/www/$hubzilladaily
-echo "chown root:www-data /var/www/html/.htaccess" >> /var/www/$hubzilladaily
-echo "chmod 0644 /var/www/html/.htaccess # www-data can read but not write it" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - updating linux...\"" >> /var/www/$hubzilladaily
-echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - Backup and update finished. Rebooting...\"" >> /var/www/$hubzilladaily
-echo "#" >> /var/www/$hubzilladaily
-echo "shutdown -r now" >> /var/www/$hubzilladaily
-
- if [ -z "`grep 'hubzilla-daily.sh' /etc/crontab`" ]
- then
- echo "30 05 * * * root /bin/bash /var/www/$hubzilladaily >> /var/www/html/hubzilla-daily.log 2>&1" >> /etc/crontab
- echo "0 0 1 * * root rm /var/www/html/hubzilla-daily.log" >> /etc/crontab
- fi
-
- # This is active after either "reboot" or "/etc/init.d/cron reload"
- print_info "configured cron for updates/upgrades"
-}
-
-########################################################################
-# START OF PROGRAM
-########################################################################
-export PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-check_sanity
-
-# Read config file edited by user
-configfile=hubzilla-config.txt
-source $configfile
-
-selfhostdir=/etc/selfhost
-selfhostscript=selfhost-updater.sh
-hubzilladaily=hubzilla-daily.sh
-backup_mount_point=/media/hubzilla_backup
-
-#set -x # activate debugging from here
-
-check_config
-stop_hubzilla
-update_upgrade
-install_curl
-install_wget
-install_sendmail
-install_apache
-install_imagemagick
-install_php
-install_mysql
-install_adminer
-create_hubzilla_db
-run_freedns
-install_run_selfhost
-ping_domain
-configure_cron_freedns
-configure_cron_selfhost
-
-if [ "$le_domain" != "localhost" ]
-then
- install_letsencrypt
- check_https
-else
- print_info "is localhost - skipped installation of letsencrypt and configuration of apache for https"
-fi
-
-install_hubzilla
-
-configure_cron_daily
-
-if [ "$le_domain" != "localhost" ]
-then
- install_cryptosetup
- install_rsync
-else
- print_info "is localhost - skipped installation of cryptosetup"
-fi
-
-
-#set +x # stop debugging from here
-
-
diff --git a/.homeinstall/nginx-zotserver.conf.template b/.homeinstall/nginx-zotserver.conf.template
new file mode 100644
index 000000000..c77788a1b
--- /dev/null
+++ b/.homeinstall/nginx-zotserver.conf.template
@@ -0,0 +1,144 @@
+##
+# Hubzilla/Zap/Mistpark/Osada Nginx block configuration template
+# based on the example created by Olaf Conradi
+#
+# The files generated with this template will be added to
+# /etc/nginx/sites-available & /etc/nginx/sites-enabled (symlink)
+##
+
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+#
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+##
+
+##
+# This configuration assumes
+# You filled the zotserver-config.txt file
+# Your domain/subdomain is functionnal
+# You want all traffic to be https
+# You have PHP FastCGI Process Manager (php-fpm) running on localhost
+##
+
+server {
+ listen 80;
+ server_name SERVER_NAME;
+
+# HTTP > HTTPS #
+ return 301 https://$server_name$request_uri;
+}
+
+##
+# Configure Red with SSL
+#
+# All requests are routed to the front controller
+# except for certain known file types like images, css, etc.
+# Those are served statically whenever possible with a
+# fall back to the front controller (needed for avatars, for example)
+##
+
+server {
+ listen 443 ssl;
+ server_name SERVER_NAME;
+
+ ssl on;
+ ssl_certificate /etc/letsencrypt/live/SERVER_NAME/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/SERVER_NAME/privkey.pem;
+ ssl_session_timeout 5m;
+# DO WE NEED TO REVIEW THE FOLLOWING SETTINGS?
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
+ ssl_prefer_server_ciphers on;
+
+ fastcgi_param HTTPS on;
+
+ charset utf-8;
+ root INSTALL_PATH;
+ index index.php;
+ access_log /var/log/nginx/ZOTSERVER_LOG;
+
+ #Uncomment the following line to include a standard configuration file
+ #Note that the most specific rule wins and your standard configuration
+ #will therefore *add* to this file, but not override it.
+ #include standard.conf
+
+ # allow uploads up to 20MB in size
+ client_max_body_size 20m;
+ client_body_buffer_size 128k;
+
+ include mime.types;
+
+ # rewrite to front controller as default rule
+ location / {
+ if (!-e $request_filename) {
+ rewrite ^(.*)$ /index.php?req=$1;
+ }
+ }
+
+ # make sure webfinger and other well known services aren't blocked
+ # by denying dot files and rewrite request to the front controller
+ location ^~ /.well-known/ {
+ allow all;
+ if (!-e $request_filename) {
+ rewrite ^(.*)$ /index.php?req=$1;
+ }
+ }
+
+ # statically serve these file types when possible
+ # otherwise fall back to front controller
+ # allow browser to cache them
+ # added .htm for advanced source code editor library
+ # location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ {
+ # expires 30d;
+ # try_files $uri /index.php?req=$uri&$args;
+ # }
+ # SHOULD WE UNCOMMENT THE ABOVE LINES ?
+
+ # block these file types
+ location ~* \.(tpl|md|tgz|log|out)$ {
+ deny all;
+ }
+
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+ # or a unix socket
+ location ~* \.php$ {
+ # IS THE FOLLOWING STILL RELEVANT AS OF AUGUST 2020?
+ # Zero-day exploit defense.
+ # http://forum.nginx.org/read.php?2,88845,page=3
+ # Won't work properly (404 error) if the file is not stored on this
+ # server, which is entirely possible with php-fpm/php-fcgi.
+ # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
+ # another machine. And then cross your fingers that you won't get hacked.
+ try_files $uri =404;
+
+ # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+ # With php5-cgi alone:
+ # fastcgi_pass 127.0.0.1:9000;
+
+ # With php-fpm:
+ fastcgi_pass unix:PHP_FPM_SOCK;
+
+ include fastcgi_params;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ }
+
+ # deny access to all dot files
+ location ~ /\. {
+ deny all;
+ }
+
+#deny access to store
+
+ location ~ /store {
+ deny all;
+ }
+
+
+}
+
diff --git a/.homeinstall/hubzilla-config.txt.template b/.homeinstall/zotserver-config.txt.template
index f0bf6121c..39a6e77ff 100644
--- a/.homeinstall/hubzilla-config.txt.template
+++ b/.homeinstall/zotserver-config.txt.template
@@ -9,11 +9,11 @@ db_pass=
###############################################
### MANDATORY - let's encrypt #################
#
-# Hubilla requires encrypted communication via secure HTTP (HTTPS).
+# Zot requires encrypted communication via secure HTTP (HTTPS).
# This script automates installation of an SSL certificate from
# Let's Encrypt (https://letsencrypt.org)
#
-# Please give the domain name of your hub
+# Please give the domain name of your hub/instance
#
# Example: my.cooldomain.org
# Example: cooldomain.org
@@ -30,6 +30,18 @@ le_domain=
le_email=
###############################################
+### OPTIONAL - Webserver choice ###############
+#
+# Please indicate if you want to choose Nginx
+# or Apache as your web server
+#
+# Valid strings are nginx or apache (lower case),
+# any other will stop the setup script.
+#
+webserver=apache
+
+
+###############################################
### OPTIONAL - selfHOST - dynamic IP address ##
#
# 1. Register a domain at selfhost.de
@@ -87,7 +99,7 @@ freedns_key=
# - encrypted LUKS + ext4, or
# - ext4
#
-# You should test to mount the device befor you run the script
+# You should test to mount the device before you run the script
# (hubzilla-setup.sh).
# How to find your (pluged-in) devices?
#
@@ -144,10 +156,13 @@ backup_device_pass=
#
###############################################
#
-# Database for hubzilla
-hubzilla_db_name=hubzilla
-hubzilla_db_user=hubzilla
-hubzilla_db_pass=$db_pass
+# Database for your hub/instance
+# If left empty, both your database and user will be named after your zot instance (hubzilla, zap or misty)
+# Use custom name, at least fo the database, if you plan to run more than one hub/instance on the same server
+#
+zotserver_db_name=
+zotserver_db_user=
+zotserver_db_pass=$db_pass
#
#
# Password for package mysql-server
diff --git a/.homeinstall/zotserver-setup.sh b/.homeinstall/zotserver-setup.sh
new file mode 100755
index 000000000..42ff6685d
--- /dev/null
+++ b/.homeinstall/zotserver-setup.sh
@@ -0,0 +1,793 @@
+#!/bin/bash
+#
+# How to use
+# ----------
+#
+# This file automates the installation of
+# - hubzilla: https://zotlabs.org/page/hubzilla/hubzilla-project and
+# - zap: https://zotlabs.com/zap/
+# - misty : https://zotlabs.com/misty/
+# - osada : https://codeberg.org/zot/osada
+# - redmatrix : https://codeberg.org/zot/redmatrix
+# under Debian Linux "Buster"
+#
+# 1) Copy the file "zotserver-config.txt.template" to "zotserver-config.txt"
+# Follow the instuctions there
+#
+# 2) Switch to user "root" by typing "su -"
+#
+# 3) Run with "./zotserver-setup.sh"
+# If this fails check if you can execute the script.
+# - To make it executable type "chmod +x zotserver-setup.sh"
+# - or run "bash zotserver-setup.sh"
+#
+#
+# What does this script do basically?
+# -----------------------------------
+#
+# This file automates the installation of a Zot hub/instance under Debian Linux
+# - install
+# * apache webserver,
+# * php,
+# * mariadb - the database for zotserver,
+# * adminer,
+# * git to download and update addons
+# - configure cron
+# * "Run.php" for regular background processes of your Zot hub/instance
+# * "apt-get update" and "apt-get dist-upgrade" and "apt-get autoremove" to keep linux up-to-date
+# * run command to keep the IP up-to-date > DynDNS provided by selfHOST.de or freedns.afraid.org
+# * backup your server's database and files (rsync)
+# - run letsencrypt to create, register and use a certifacte for https
+#
+#
+# Discussion
+# ----------
+#
+# Security - password is the same for mysql-server, phpmyadmin and your hub/instance db
+# - The script runs into installation errors for phpmyadmin if it uses
+# different passwords. For the sake of simplicity one single password.
+#
+# How to restore from backup
+# --------------------------
+#
+# (Some explanations here would certainly be useful)
+#
+# Daily backup
+# ------------
+#
+# The installation
+# - writes a shell script in /var/www/
+# - creates a daily cron that runs this script
+#
+# The script makes a (daily) backup of all relevant files
+# - /var/lib/mysql/ > database
+# - /var/www/ > hubzilla/zap/misty from git repository
+# - /etc/letsencrypt/ > certificates
+#
+# The backup will be written on an external disk compatible to LUKS+ext4 (see zotserver-config.txt)
+#
+# How to restore from backup
+# --------------------------
+#
+# (Some explanations here would certainly be useful)
+#
+#
+# Credits
+# -------
+#
+# The script is based on Thomas Willinghams script "debian-setup.sh"
+# which he used to install the red#matrix.
+#
+# The documentation for bash is here
+# https://www.gnu.org/software/bash/manual/bash.html
+#
+function check_sanity {
+ # Do some sanity checking.
+ print_info "Sanity check..."
+ if [ $(/usr/bin/id -u) != "0" ]
+ then
+ die 'Must be run by root user'
+ fi
+
+ if [ -f /etc/lsb-release ]
+ then
+ die "Distribution is not supported"
+ fi
+ if [ ! -f /etc/debian_version ]
+ then
+ die "Debian is supported only"
+ fi
+ if ! grep -q 'Linux 10' /etc/issue
+ then
+ die "Linux 10 (buster) is supported only"x
+ fi
+}
+
+function check_config {
+ print_info "config check..."
+ # Check for required parameters
+ if [ -z "$db_pass" ]
+ then
+ die "db_pass not set in $configfile"
+ fi
+ if [ -z "$le_domain" ]
+ then
+ die "le_domain not set in $configfile"
+ fi
+ # backup is important and should be checked
+ if [ -n "$backup_device_name" ]
+ then
+ if [ ! -d "$backup_mount_point" ]
+ then
+ mkdir "$backup_mount_point"
+ fi
+ device_mounted=0
+ if fdisk -l | grep -i "$backup_device_name.*linux"
+ then
+ print_info "ok - filesystem of external device is linux"
+ if [ -n "$backup_device_pass" ]
+ then
+ echo "$backup_device_pass" | cryptsetup luksOpen $backup_device_name cryptobackup
+ if mount /dev/mapper/cryptobackup /media/zotserver_backup
+ then
+ device_mounted=1
+ print_info "ok - could encrypt and mount external backup device"
+ umount /media/zotserver_backup
+ else
+ print_warn "backup to external device will fail because encryption failed"
+ fi
+ cryptsetup luksClose cryptobackup
+ else
+ if mount $backup_device_name /media/zotserver_backup
+ then
+ device_mounted=1
+ print_info "ok - could mount external backup device"
+ umount /media/zotserver_backup
+ else
+ print_warn "backup to external device will fail because mount failed"
+ fi
+ fi
+ else
+ print_warn "backup to external device will fail because filesystem is either not linux or 'backup_device_name' is not correct in $configfile"
+ fi
+ if [ $device_mounted == 0 ]
+ then
+ die "backup device not ready"
+ fi
+ fi
+}
+
+function die {
+ echo "ERROR: $1" > /dev/null 1>&2
+ exit 1
+}
+
+
+function update_upgrade {
+ print_info "updated and upgrade..."
+ # Run through the apt-get update/upgrade first. This should be done before
+ # we try to install any package
+ apt-get -q -y update && apt-get -q -y dist-upgrade
+ print_info "updated and upgraded linux"
+}
+
+function check_install {
+ if [ -z "`which "$1" 2>/dev/null`" ]
+ then
+ # export DEBIAN_FRONTEND=noninteractive ... answers from the package
+ # configuration database
+ # - q ... without progress information
+ # - y ... answer interactive questions with "yes"
+ # DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install $2
+ DEBIAN_FRONTEND=noninteractive apt-get -q -y install $2
+ print_info "installed $2 installed for $1"
+ else
+ print_warn "$2 already installed"
+ fi
+}
+
+function nocheck_install {
+ # export DEBIAN_FRONTEND=noninteractive ... answers from the package configuration database
+ # - q ... without progress information
+ # - y ... answer interactive questions with "yes"
+ # DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install $2
+ # DEBIAN_FRONTEND=noninteractive apt-get --install-suggests -q -y install $1
+ DEBIAN_FRONTEND=noninteractive apt-get -q -y install $1
+ print_info "installed $1"
+}
+
+
+function print_info {
+ echo -n -e '\e[1;34m'
+ echo -n $1
+ echo -e '\e[0m'
+}
+
+function print_warn {
+ echo -n -e '\e[1;31m'
+ echo -n $1
+ echo -e '\e[0m'
+}
+
+function stop_zotserver {
+ if [ $webserver = "nginx" ]
+ then
+ print_info "stopping nginx webserver..."
+ systemctl stop nginx
+ elif [ $webserver = "apache" ]
+ then
+ print_info "stopping apache webserver..."
+ systemctl stop apache2
+ fi
+ print_info "stopping mysql db..."
+ systemctl stop mariadb
+}
+
+function install_apache {
+ print_info "installing apache..."
+ nocheck_install "apache2 apache2-utils"
+ a2enmod rewrite
+ systemctl restart apache2
+}
+
+function install_nginx {
+ print_info "installing nginx..."
+ nocheck_install "nginx"
+ systemctl restart nginx
+}
+
+function add_vhost {
+ print_info "adding apache vhost"
+ echo "<VirtualHost *:80>" >> "/etc/apache2/sites-available/${le_domain}.conf"
+ echo "ServerName ${le_domain}" >> "/etc/apache2/sites-available/${le_domain}.conf"
+ echo "DocumentRoot $install_path" >> "/etc/apache2/sites-available/${le_domain}.conf"
+ echo "</VirtualHost>" >> "/etc/apache2/sites-available/${le_domain}.conf"
+ a2ensite $le_domain
+}
+
+function add_nginx_block {
+ print_info "adding nginx block"
+ sed "s|SERVER_NAME|${le_domain}|g;s|INSTALL_PATH|${install_path}|g;s|ZOTSERVER_LOG|${install_folder}-${zotserver}.log|;s|PHP_FPM_SOCK|$(ls /var/run/php/*sock)|;" nginx-zotserver.conf.template >> /etc/nginx/sites-enabled/${le_domain}.conf
+ ln -s /etc/nginx/sites-enabled/${le_domain}.conf /etc/nginx/sites-available/
+}
+
+function install_imagemagick {
+ print_info "installing imagemagick..."
+ nocheck_install "imagemagick"
+}
+
+function install_curl {
+ print_info "installing curl..."
+ nocheck_install "curl"
+}
+
+function install_wget {
+ print_info "installing wget..."
+ nocheck_install "wget"
+}
+
+function install_sendmail {
+ print_info "installing sendmail..."
+ nocheck_install "sendmail sendmail-bin"
+}
+
+function install_php {
+ # openssl and mbstring are included in libapache2-mod-php
+ print_info "installing php..."
+ if [ $webserver = "nginx" ]
+ then
+ nocheck_install "php php-pear php-curl php-gd php-mbstring php-xml php-zip php-fpm"
+ sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/fpm/php.ini
+ sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/fpm/php.ini
+ systemctl reload php7.3-fpm
+ elif [ $webserver = "apache" ]
+ then
+ nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mbstring php-xml php-zip"
+ sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/apache2/php.ini
+ sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/apache2/php.ini
+ fi
+}
+
+function install_mysql {
+ print_info "installing mysql..."
+ if [ -z "$mysqlpass" ]
+ then
+ die "mysqlpass not set in $configfile"
+ fi
+ if type mysql ; then
+ echo "Yes, mysql is installed"
+ else
+ echo "mariadb-server"
+ nocheck_install "mariadb-server"
+ systemctl status mariadb
+ systemctl start mariadb
+ mysql --user=root <<_EOF_
+UPDATE mysql.user SET Password=PASSWORD('${mysqlpass}') WHERE User='root';
+DELETE FROM mysql.user WHERE User='';
+DROP DATABASE IF EXISTS test;
+DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
+FLUSH PRIVILEGES;
+_EOF_
+ fi
+}
+
+function install_adminer {
+ print_info "installing adminer..."
+ nocheck_install "adminer"
+ if [ ! -f /etc/adminer/adminer.conf ]
+ then
+ echo "Alias /adminer /usr/share/adminer/adminer" > /etc/adminer/adminer.conf
+ ln -s /etc/adminer/adminer.conf /etc/apache2/conf-available/adminer.conf
+ else
+ print_info "file /etc/adminer/adminer.conf exists already"
+ fi
+
+ a2enmod rewrite
+
+ if [ ! -f /etc/apache2/apache2.conf ]
+ then
+ die "could not find file /etc/apache2/apache2.conf"
+ fi
+ sed -i \
+ "s/AllowOverride None/AllowOverride all/" \
+ /etc/apache2/apache2.conf
+
+ a2enconf adminer
+ systemctl restart mariadb
+ systemctl reload apache2
+}
+
+function create_zotserver_db {
+ print_info "creating zotserver database..."
+ if [ -z "$zotserver_db_name" ]
+ then
+ zotserver_db_name=$zotserver
+ fi
+ if [ -z "$zotserver_db_user" ]
+ then
+ zotserver_db_user=$zotserver
+ fi
+ if [ -z "$zotserver_db_pass" ]
+ then
+ die "zotserver_db_pass not set in $configfile"
+ fi
+ systemctl restart mariadb
+ # Make sure we don't write over an already existing database if we install more than one Zot hub/instance
+ if [ -z $(mysql -h localhost -u root -p$mysqlpass -e "SHOW DATABASES;" | grep $zotserver_db_name) ]
+ then
+ Q1="CREATE DATABASE IF NOT EXISTS $zotserver_db_name;"
+ Q2="GRANT USAGE ON *.* TO $zotserver_db_user@localhost IDENTIFIED BY '$zotserver_db_pass';"
+ Q3="GRANT ALL PRIVILEGES ON $zotserver_db_name.* to $zotserver_db_user@localhost identified by '$zotserver_db_pass';"
+ Q4="FLUSH PRIVILEGES;"
+ SQL="${Q1}${Q2}${Q3}${Q4}"
+ mysql -uroot -p$mysqlpass -e "$SQL"
+ else
+ die "Can't write over an already existing database!"
+ fi
+}
+
+function run_freedns {
+ print_info "run freedns (dynamic IP)..."
+ if [ -z "$freedns_key" ]
+ then
+ print_info "freedns was not started because 'freedns_key' is empty in $configfile"
+ else
+ if [ -n "$selfhost_user" ]
+ then
+ die "You can not use freeDNS AND selfHOST for dynamic IP updates ('freedns_key' AND 'selfhost_user' set in $configfile)"
+ fi
+ wget --no-check-certificate -O - http://freedns.afraid.org/dynamic/update.php?$freedns_key
+ fi
+}
+
+function install_run_selfhost {
+ print_info "install and start selfhost (dynamic IP)..."
+ if [ -z "$selfhost_user" ]
+ then
+ print_info "selfHOST was not started because 'selfhost_user' is empty in $configfile"
+ else
+ if [ -n "$freedns_key" ]
+ then
+ die "You can not use freeDNS AND selfHOST for dynamic IP updates ('freedns_key' AND 'selfhost_user' set in $configfile)"
+ fi
+ if [ -z "$selfhost_pass" ]
+ then
+ die "selfHOST was not started because 'selfhost_pass' is empty in $configfile"
+ fi
+ if [ ! -d $selfhostdir ]
+ then
+ mkdir $selfhostdir
+ fi
+ # the old way
+ # https://carol.selfhost.de/update?username=123456&password=supersafe
+ #
+ # the prefered way
+ wget --output-document=$selfhostdir/$selfhostscript http://jonaspasche.de/selfhost-updater
+ echo "router" > $selfhostdir/device
+ echo "$selfhost_user" > $selfhostdir/user
+ echo "$selfhost_pass" > $selfhostdir/pass
+ bash $selfhostdir/$selfhostscript update
+ fi
+}
+
+function ping_domain {
+ print_info "ping domain $domain..."
+ # Is the domain resolved? Try to ping 6 times à 10 seconds
+ COUNTER=0
+ for i in {1..6}
+ do
+ print_info "loop $i for ping -c 1 $domain ..."
+ if ping -c 4 -W 1 $le_domain
+ then
+ print_info "$le_domain resolved"
+ break
+ else
+ if [ $i -gt 5 ]
+ then
+ die "Failed to: ping -c 1 $domain not resolved"
+ fi
+ fi
+ sleep 10
+ done
+ sleep 5
+}
+
+function configure_cron_freedns {
+ print_info "configure cron for freedns..."
+ if [ -z "$freedns_key" ]
+ then
+ print_info "freedns is not configured because freedns_key is empty in $configfile"
+ else
+ # Use cron for dynamich ip update
+ # - at reboot
+ # - every 30 minutes
+ if [ -z "`grep 'freedns.afraid.org' /etc/crontab`" ]
+ then
+ echo "@reboot root http://freedns.afraid.org/dynamic/update.php?$freedns_key > /dev/null 2>&1" >> /etc/crontab
+ echo "*/30 * * * * root wget --no-check-certificate -O - http://freedns.afraid.org/dynamic/update.php?$freedns_key > /dev/null 2>&1" >> /etc/crontab
+ else
+ print_info "cron for freedns was configured already"
+ fi
+ fi
+}
+
+function configure_cron_selfhost {
+ print_info "configure cron for selfhost..."
+ if [ -z "$selfhost_user" ]
+ then
+ print_info "selfhost is not configured because selfhost_key is empty in $configfile"
+ else
+ # Use cron for dynamich ip update
+ # - at reboot
+ # - every 5 minutes
+ if [ -z "`grep 'selfhost-updater.sh' /etc/crontab`" ]
+ then
+ echo "@reboot root bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab
+ echo "*/5 * * * * root /bin/bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab
+ else
+ print_info "cron for selfhost was configured already"
+ fi
+ fi
+}
+
+function install_letsencrypt {
+ print_info "installing let's encrypt ..."
+ # check if user gave domain
+ if [ -z "$le_domain" ]
+ then
+ die "Failed to install let's encrypt: 'le_domain' is empty in $configfile"
+ fi
+ if [ -z "$le_email" ]
+ then
+ die "Failed to install let's encrypt: 'le_email' is empty in $configfile"
+ fi
+ if [ $webserver = "nginx" ]
+ then
+ nocheck_install "certbot"
+ print_info "run certbot..."
+ systemctl stop nginx
+ certbot certonly --standalone -d $le_domain -m $le_email --agree-tos --non-interactive
+ systemctl start nginx
+ elif [ $webserver = "apache" ]
+ then
+ nocheck_install "certbot python-certbot-apache"
+ print_info "run certbot ..."
+ certbot --apache -w $install_path -d $le_domain -m $le_email --agree-tos --non-interactive --redirect --hsts --uir
+ service apache2 restart
+ fi
+}
+
+function check_https {
+ print_info "checking httpS > testing ..."
+ url_https=https://$le_domain
+ wget_output=$(wget -nv --spider --max-redirect 0 $url_https)
+ if [ $? -ne 0 ]
+ then
+ print_warn "check not ok"
+ else
+ print_info "check ok"
+ fi
+}
+
+function zotserver_name {
+ if git remote -v | grep -i "origin.*hubzilla.*"
+ then
+ zotserver=hubzilla
+ elif git remote -v | grep -i "origin.*zap.*"
+ then
+ zotserver=zap
+ elif git remote -v | grep -i "origin.*misty.*"
+ then
+ zotserver=misty
+ elif git remote -v | grep -i "origin.*osada.*"
+ then
+ zotserver=osada
+ elif git remote -v | grep -i "origin.*redmatrix.*"
+ then
+ zotserver=redmatrix
+ else
+ die "neither redmatrix, osada, misty, zap nor hubzilla repository > did not install redmatrix/osada/misty/zap/hubzilla"
+ fi
+}
+
+function install_zotserver {
+ print_info "installing addons..."
+ cd $install_path/
+ if [ $zotserver = "hubzilla" ]
+ then
+ print_info "hubzilla"
+ util/add_addon_repo https://framagit.org/hubzilla/addons hzaddons
+ elif [ $zotserver = "zap" ]
+ then
+ print_info "zap"
+ util/add_addon_repo https://codeberg.org/zot/zap-addons.git zaddons
+ elif [ $zotserver = "misty" ]
+ then
+ print_info "misty"
+ util/add_addon_repo https://codeberg.org/zot/misty-addons.git maddons
+ elif [ $zotserver = "osada" ]
+ then
+ print_info "osada"
+ util/add_addon_repo https://codeberg.org/zot/osada-addons.git oaddons
+ elif [ $zotserver = "redmatrix" ]
+ then
+ print_info "redmatrix"
+ util/add_addon_repo https://codeberg.org/zot/redmatrix-addons.git raddons
+ else
+ die "neither redmatrix, osada, misty, zap nor hubzilla repository > did not install addons or redmatrix/osada/misty/zap/hubzilla"
+ fi
+ mkdir -p "cache/smarty3"
+ mkdir -p "store"
+ chmod -R 777 store
+ touch .htconfig.php
+ chmod ou+w .htconfig.php
+ cd /var/www/
+ chown -R www-data:www-data $install_path
+ chown root:www-data $install_path/
+ chown root:www-data $install_path/.htaccess
+ chmod 0644 $install_path/.htaccess
+ print_info "installed addons"
+}
+
+function install_rsync {
+ print_info "installing rsync..."
+ nocheck_install "rsync"
+}
+
+function install_cryptosetup {
+ print_info "installing cryptsetup..."
+ nocheck_install "cryptsetup"
+}
+
+function configure_zotserverdaily {
+ echo "#!/bin/sh" >> /var/www/$zotserverdaily
+ echo "#" >> /var/www/$zotserverdaily
+ echo "# update of $le_domain Zot hub/instance" >> /var/www/$zotserverdaily
+ echo "echo \"\$(date) - updating core and addons...\"" >> /var/www/$zotserverdaily
+ echo "echo \"reaching git repository for $le_domain $zotserver hub/instance...\"" >> /var/www/$zotserverdaily
+ echo "(cd $install_path ; util/udall)" >> /var/www/$zotserverdaily
+ echo "chown -R www-data:www-data $install_path # make all accessible for the webserver" >> /var/www/$zotserverdaily
+ if [ $webserver = "apache" ]
+ then
+ echo "chown root:www-data $install_path/.htaccess" >> /var/www/$zotserverdaily
+ echo "chmod 0644 $install_path/.htaccess # www-data can read but not write it" >> /var/www/$zotserverdaily
+ fi
+ chmod a+x /var/www/$zotserverdaily
+}
+
+function configure_cron_daily {
+ print_info "configuring cron..."
+ # every 10 min for poller.php
+ if [ -z "`grep '$install_path.*Run.php' /etc/crontab`" ]
+ then
+ echo "*/10 * * * * www-data cd $install_path; php Zotlabs/Daemon/Run.php Cron >> /dev/null 2>&1" >> /etc/crontab
+ fi
+ # Run external script daily at 05:30
+ # - stop apache/nginx and mysql-server
+ # - renew the certificate of letsencrypt
+ # - backup db, files ($install_path), certificates if letsencrypt
+ # - update zotserver core and addon
+ # - update and upgrade linux
+ # - reboot is done by "shutdown -h now" because "reboot" hangs sometimes depending on the system
+ echo "#!/bin/sh" > /var/www/$zotcron
+ echo "#" >> /var/www/$zotcron
+ echo "echo \" \"" >> /var/www/$zotcron
+ echo "echo \"+++ \$(date) +++\"" >> /var/www/$zotcron
+ echo "echo \" \"" >> /var/www/$zotcron
+ echo "echo \"\$(date) - stopping $webserver and mysql...\"" >> /var/www/$zotcron
+ if [ $webserver = "nginx" ]
+ then
+ echo "systemctl stop nginx" >> /var/www/$zotcron
+ elif [ $webserver = "apache" ]
+ then
+ echo "service apache2 stop" >> /var/www/$zotcron
+ fi
+ echo "/etc/init.d/mysql stop # to avoid inconsistencies" >> /var/www/$zotcron
+ echo "#" >> /var/www/$zotcron
+ echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$zotcron
+ echo "certbot renew --noninteractive" >> /var/www/$zotcron
+ echo "#" >> /var/www/$zotcron
+ echo "# backup" >> /var/www/$zotcron
+ echo "echo \"\$(date) - try to mount external device for backup...\"" >> /var/www/$zotcron
+ echo "backup_device_name=$backup_device_name" >> /var/www/$zotcron
+ echo "backup_device_pass=$backup_device_pass" >> /var/www/$zotcron
+ echo "backup_mount_point=$backup_mount_point" >> /var/www/$zotcron
+ echo "device_mounted=0" >> /var/www/$zotcron
+ echo "if [ -n \"\$backup_device_name\" ]" >> /var/www/$zotcron
+ echo "then" >> /var/www/$zotcron
+ echo " if blkid | grep $backup_device_name" >> /var/www/$zotcron
+ echo " then" >> /var/www/$zotcron
+ if [ -n "$backup_device_pass" ]
+ then
+ echo " echo \"decrypting backup device...\"" >> /var/www/$zotcron
+ echo " echo "\"$backup_device_pass\"" | cryptsetup luksOpen $backup_device_name cryptobackup" >> /var/www/$zotcron
+ fi
+ echo " if [ ! -d $backup_mount_point ]" >> /var/www/$zotcron
+ echo " then" >> /var/www/$zotcron
+ echo " mkdir $backup_mount_point" >> /var/www/$zotcron
+ echo " fi" >> /var/www/$zotcron
+ echo " echo \"mounting backup device...\"" >> /var/www/$zotcron
+ if [ -n "$backup_device_pass" ]
+ then
+ echo " if mount /dev/mapper/cryptobackup $backup_mount_point" >> /var/www/$zotcron
+ else
+ echo " if mount $backup_device_name $backup_mount_point" >> /var/www/$zotcron
+ fi
+ echo " then" >> /var/www/$zotcron
+ echo " device_mounted=1" >> /var/www/$zotcron
+ echo " echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$zotcron
+ echo " rsync -a --delete /var/lib/mysql/ /media/zotserver_backup/mysql" >> /var/www/$zotcron
+ echo " rsync -a --delete /var/www/ /media/zotserver_backup/www" >> /var/www/$zotcron
+ echo " rsync -a --delete /etc/letsencrypt/ /media/zotserver_backup/letsencrypt" >> /var/www/$zotcron
+ echo " echo \"\$(date) - disk sizes...\"" >> /var/www/$zotcron
+ echo " df -h" >> /var/www/$zotcron
+ echo " echo \"\$(date) - db size...\"" >> /var/www/$zotcron
+ echo " du -h $backup_mount_point | grep mysql/zotserver" >> /var/www/$zotcron
+ echo " echo \"unmounting backup device...\"" >> /var/www/$zotcron
+ echo " umount $backup_mount_point" >> /var/www/$zotcron
+ echo " else" >> /var/www/$zotcron
+ echo " echo \"failed to mount device $backup_device_name\"" >> /var/www/$zotcron
+ echo " fi" >> /var/www/$zotcron
+ if [ -n "$backup_device_pass" ]
+ then
+ echo " echo \"closing decrypted backup device...\"" >> /var/www/$zotcron
+ echo " cryptsetup luksClose cryptobackup" >> /var/www/$zotcron
+ fi
+ echo " fi" >> /var/www/$zotcron
+ echo "fi" >> /var/www/$zotcron
+ echo "if [ \$device_mounted == 0 ]" >> /var/www/$zotcron
+ echo "then" >> /var/www/$zotcron
+ echo " echo \"device could not be mounted $backup_device_name. No backup written.\"" >> /var/www/$zotcron
+ echo "fi" >> /var/www/$zotcron
+ echo "#" >> /var/www/$zotcron
+ echo "echo \"\$(date) - db size...\"" >> /var/www/$zotcron
+ echo "du -h /var/lib/mysql/ | grep mysql/" >> /var/www/$zotcron
+ echo "#" >> /var/www/$zotcron
+ echo "cd /var/www" >> /var/www/$zotcron
+ echo "for f in *-daily.sh; do \"./\${f}\"; done" >> /var/www/$zotcron
+ echo "echo \"\$(date) - updating linux...\"" >> /var/www/$zotcron
+ echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$zotcron
+ echo "echo \"\$(date) - Backup and update finished. Rebooting...\"" >> /var/www/$zotcron
+ echo "#" >> /var/www/$zotcron
+ echo "shutdown -r now" >> /var/www/$zotcron
+
+ # If global cron job does not exist we add it to /etc/crontab
+ if grep -q $zotcron /etc/crontab
+ then
+ echo "cron job already in /etc/crontab"
+ else
+ echo "30 05 * * * root /bin/bash /var/www/$zotcron >> /var/www/zot-daily.log 2>&1" >> /etc/crontab
+ echo "0 0 1 * * root rm /var/www/zot-daily.log" >> /etc/crontab
+ fi
+
+ # This is active after either "reboot" or cron reload"
+ systemctl restart cron
+ print_info "configured cron for updates/upgrades"
+}
+
+########################################################################
+# START OF PROGRAM
+########################################################################
+export PATH=/bin:/usr/bin:/sbin:/usr/sbin
+check_sanity
+
+zotserver_name
+print_info "We're installing a $zotserver instance"
+install_path="$(dirname "$(pwd)")"
+install_folder="$(basename $install_path)"
+
+# Read config file edited by user
+configfile=zotserver-config.txt
+source $configfile
+
+selfhostdir=/etc/selfhost
+selfhostscript=selfhost-updater.sh
+zotcron="zotcron.sh"
+zotserverdaily="${install_folder}-${zotserver}-daily.sh"
+backup_mount_point="/media/zotserver_backup"
+
+#set -x # activate debugging from here
+
+check_config
+stop_zotserver
+update_upgrade
+install_curl
+install_wget
+install_sendmail
+if [ $webserver = "nginx" ]
+then
+ install_nginx
+elif [ $webserver = "apache" ]
+then
+ install_apache
+else
+die "Failed to install a Web server: 'webserver' not set to \"apache\" or \"nginx\" in $configfile"
+fi
+install_imagemagick
+install_php
+if [ $webserver = "nginx" ]
+then
+ add_nginx_block
+elif [ $webserver = "apache" ]
+then
+ if [ "$install_path" != "/var/www/html" ]
+ then
+ add_vhost
+ fi
+fi
+install_mysql
+if [ $webserver = "apache" ]
+then
+install_adminer
+fi
+create_zotserver_db
+run_freedns
+install_run_selfhost
+ping_domain
+configure_cron_freedns
+configure_cron_selfhost
+
+if [ "$le_domain" != "localhost" ]
+then
+ install_letsencrypt
+ check_https
+else
+ print_info "is localhost - skipped installation of letsencrypt and configuration of apache for https"
+fi
+
+install_zotserver
+
+configure_zotserverdaily
+
+configure_cron_daily
+
+if [ "$le_domain" != "localhost" ]
+then
+ install_cryptosetup
+ install_rsync
+else
+ print_info "is localhost - skipped installation of cryptosetup"
+fi
+
+
+#set +x # stop debugging from here