diff options
-rw-r--r-- | .homeinstall/README.md | 186 | ||||
-rw-r--r-- | .homeinstall/hubzilla-config.txt.template | 11 | ||||
-rw-r--r--[-rwxr-xr-x] | .homeinstall/hubzilla-setup.sh | 291 | ||||
-rw-r--r-- | Zotlabs/Module/Photo.php | 45 | ||||
-rwxr-xr-x | util/storageconv | 16 |
5 files changed, 133 insertions, 416 deletions
diff --git a/.homeinstall/README.md b/.homeinstall/README.md index d63931a84..45e1ba0e6 100644 --- a/.homeinstall/README.md +++ b/.homeinstall/README.md @@ -1,16 +1,43 @@ # Hubzilla at Home next to your Router -Run hubzilla-setup.sh for an unattended installation of hubzilla. +This readme will show you how to install and run Hubzilla or Zap at home. + +The installation is done by a script. + +What the script will do for you... + ++ install everything required by Zap/Hubzilla, basically a web server (Apache), PHP, a database (MySQL), certbot,... ++ create a database ++ run certbot to have everything for a secure connection (httpS) ++ create a script for daily maintenance + - backup to external disk (certificates, database, /var/www/) + - renew certfificate (letsencrypt) + - update of Zap/Hubzilla + - update of Debian + - restart ++ create cron jobs for + - DynDNS (selfHOST.de or freedns.afraid.org) every 5 minutes + - Master.php for Zap/Hubzilla every 10 minutes + - daily maintenance script every day at 05:30 The script is known to work without adjustments with + Hardware - - Mini-PC with Debian-9.5-amd64, or - - Rapberry 3 with Raspbian, Debian-9.5 + - Mini-PC with Debian 9 (stretch), or + - Rapberry 3 with Raspbian, Debian 9 + DynDNS - selfHOST.de - freedns.afraid.org +The script can install both [Hubzilla](https://zotlabs.org/page/hubzilla/hubzilla-project) and [Zap](https://zotlabs.com/zap/). Make sure to use the correct GIT repositories. + ++ Hubzilla + - core: git clone https://framagit.org/hubzilla/core.git html (in this readme) + - addons: util/add_addon_repo https://framagit.org/hubzilla/addons.git hzaddons (in hubzilla-setup.sh) ++ Zap + - core: git clone https://framagit.org/zot/zap.git html (in this readme) + - addons: util/add_addon_repo https://framagit.org/zot/zap-addons.git zaddons (in hubzilla-setup.sh) + ## Disclaimers - This script does work with Debian 9 only. @@ -29,7 +56,7 @@ Hardware Software + Fresh installation of Debian 9 (Stretch) -+ Router with open ports 80 and 443 for your Hub ++ Router with open ports 80 and 443 for your web server ## The basic steps (quick overview) @@ -44,10 +71,9 @@ Software - nano hubzilla-config.txt - Read the comments carefully - Enter your values: db pass, domain, values for dyn DNS - - Make sure your external drive (for backups) is mounted + - Prepare your external disk for backups - hubzilla-setup.sh as root - ... wait, wait, wait until the script is finised - - reboot + Open your domain with a browser and step throught the initial configuration of hubzilla. ## Troubleshooting @@ -66,57 +92,27 @@ In Admin settings of hubzilla or via terminal # Step-by-Step in Detail -## Preparations Hardware - -### Mini-PC - -### Recommended: USB Drive for Backups - -The installation will create a daily backup written to an external drive. - -The USB drive must be compatible with the filesystems - -- ext4 (if you do not want to encrypt the USB) -- LUKS + ext4 (if you want to encrypt the USB) - -The backup includes - -- Hubzilla DB -- Hubzilla installation /var/www/html -- Certificates for letsencrypt - ## Preparations Software -### Install Debian Linux on the Mini-PC - -Download the stable Debian at https://www.debian.org/ -(Debian 8 is no longer supported.) +## Install Debian 9 -Create bootable USB drive with Debian on it.You could use +Provided you use a Raspberry Pi 3... -- unetbootin, https://en.wikipedia.org/wiki/UNetbootin -- or simply the linux command "dd" +Download the OS Raspbian from https://www.raspberrypi.org/downloads/raspbian/ -Example for command dd... +Follow the installation instruction there. - su - - dd if=2018-10-09-raspbian-stretch.img of=/dev/mmcblk0 +## Configure your Router -Do not forget to unmount the SD card before and check if unmounted like in this example... +Your web has to be visible in the internet. - su - - umount /dev/mmcblk0* - df -h +Open the ports 80 and 443 on your router for your Debian. Make sure your web server is marked as "exposed host". +## Preparations Dynamic IP Address -Switch off your mini pc, plug in your USB drive and start the mini pc from the -stick. Install Debian. Follow the instructions of the installation. - -### Configure your Router - -Open the ports 80 and 443 on your router for your Debian +Follow the instructions in .homeinstall/hubzilla-config.txt. -## Preparations Dynamic IP Address +In short... Your Hubzilla must be reachable by a domain that you can type in your browser @@ -132,105 +128,15 @@ There are two ways to get a domain... ...for example buy at selfHOST.de -The cost are around 10,- € once and 1,50 € per month (2017). +The cost is 1,50 € per month (2019). ### Method 2: Register a free subdomain ...for example register at freedns.afraid.org -Follow the instructions in .homeinstall/hubzilla-config.txt. - - -## Install Hubzilla on your Debian - -Login to your debian -(Provided your username is "you" and the name of the mini pc is "debian". You -could take the IP address instead of "debian") - - ssh -X you@debian - -Change to root user - - su -l - -Install git - - apt-get install git - -Make the directory for apache and change diretory to it - - mkdir /var/www - cd /var/www/ - -Clone hubzilla from git ("git pull" will update it later) - - git clone https://framagit.org/hubzilla/core.git html - -Change to the install script - - cd html/.homeinstall/ - -Copy the template file - - cp hubzilla-config.txt.template hubzilla-config.txt - -Modify the file "hubzilla-config.txt". Read the instructions there carefully and enter your values. - - nano hubzilla-config.txt - -Make sure your external drive (for backups) is plugged in and can be mounted as configured in "hubzilla-config.txt". Otherwise the daily backups will not work. - -Run the script - - ./hubzilla-setup.sh - -Wait... The script should not finish with an error message. - -In a webbrowser open your domain. -Expected: A test page of hubzilla is shown. All checks there should be -successfull. Go on... -Expected: A page for the Hubzilla server configuration shows up. - -Leave db server name "127.0.0.1" and port "0" untouched. - -Enter - -- DB user name = hubzilla -- DB pass word = This is the password you entered in "hubzilla-config.txt" -- DB name = hubzilla - -Leave db type "MySQL" untouched. - -Follow the instructions in the next pages. - -Recommended: Set path to imagemagick - -- in admin settings of hubzilla or -- via terminal - - util/config system.imagick_convert_path /usr/bin/convert - -After the daily script was executed at 05:30 (am) - -- look at /var/www/html/hubzilla-daily.log -- check your backup on the external drive -- optionally view the daily log under yourdomain.org/admin/logs/ - - set the logfile to var/www/html/hubzilla-daily.log - - -## Install Hubzilla in a Virtual Machine for Test Purposes - -Modify the file "hubzilla-config.txt". - - nano hubzilla-config.txt - -There use - - le_domain=localhost - -## Note for the Rasperry +## Note on Rasperry -The script was tested with an Raspberry 3 under Raspian (Debian 9.5, 2018-10-09-raspbian-stretch.img). +The script was tested with an Raspberry 3 under Raspian, Debian 9. It is recommended to run the Raspi without graphical frontend (X-Server). Use... @@ -240,7 +146,7 @@ to boot the Rapsi to the client console. DO NOT FORGET TO CHANGE THE DEFAULT PASSWORD FOR USER PI! -If the validation of the mail address fails for the very first registered user... +On a Raspian Stretch (Debian 9) the validation of the mail address fails for the very first user. This used to happen on some *bsd distros but there was some work to fix that a year ago (2017). So if your system isn't registered in DNS or DNS isn't active do diff --git a/.homeinstall/hubzilla-config.txt.template b/.homeinstall/hubzilla-config.txt.template index e42da0e4e..f0bf6121c 100644 --- a/.homeinstall/hubzilla-config.txt.template +++ b/.homeinstall/hubzilla-config.txt.template @@ -2,8 +2,8 @@ ### MANDATORY - database password ############# # # Please give your database password +# It is better to not use blanks inside the password. # Example: db_pass=pass_word_with_no_blanks_in_it -# Example: db_pass="this password has blanks in it" db_pass= ############################################### @@ -18,9 +18,12 @@ db_pass= # Example: my.cooldomain.org # Example: cooldomain.org # -# Example: localhost (test installation without certificates for httpS) +# You might use "localhost" for a LOCAL TEST installation. +# This is usefull if you want to debug the server inside a VM. # -# Email is optional +# Example: localhost +# +# Email is optional if you use "localhost". # # le_domain= @@ -30,7 +33,7 @@ le_email= ### OPTIONAL - selfHOST - dynamic IP address ## # # 1. Register a domain at selfhost.de -# - choose offer "DOMAIN dynamisch" 1,50€/mon at 08.01.2016 +# - choose offer "DOMAIN dynamisch" 1,50€/mon at 04/2019 # 2. Get your configuration for dynamic IP update # - Log in at selfhost.de # - go to "DynDNS Accounte" diff --git a/.homeinstall/hubzilla-setup.sh b/.homeinstall/hubzilla-setup.sh index 1f3ad5db5..023ef7afc 100755..100644 --- a/.homeinstall/hubzilla-setup.sh +++ b/.homeinstall/hubzilla-setup.sh @@ -3,7 +3,10 @@ # How to use # ---------- # -# This file automates the installation of hubzilla under Debian Linux +# This file automates the installation of +# - hubzilla: https://zotlabs.org/page/hubzilla/hubzilla-project and +# - zap: https://zotlabs.com/zap/ +# under Debian Linux # # 1) Copy the file "hubzilla-config.txt.template" to "hubzilla-config.txt" # Follow the instuctions there @@ -25,16 +28,14 @@ # * php, # * mysql - the database for hubzilla, # * phpmyadmin, -# * git to download and update hubzilla itself +# * git to download and update hubzilla addon # - download hubzilla core and addons # - configure cron -# * "poller.php" for regular background prozesses of hubzilla -# * to_do "apt-get update" and "apt-get dist-upgrade" to keep linux -# up-to-date -# * to_do backup hubzillas database and files (rsnapshot) -# - configure dynamic ip with cron -# - to_do letsencrypt -# - to_do redirection to https +# * "Master.php" for regular background prozesses of hubzilla +# * "apt-get update" and "apt-get dist-upgrade" and "apt-get autoremove" to keep linux up-to-date +# * run command to keep the IP up-to-date > DynDNS provided by selfHOST.de or freedns.afraid.org +# * backup hubzillas database and files (rsync) +# - letsencrypt # # # Discussion @@ -43,26 +44,11 @@ # Security - password is the same for mysql-server, phpmyadmin and hubzilla db # - The script runs into installation errors for phpmyadmin if it uses # different passwords. For the sake of simplicity one singel password. -# -# Security - suhosin for PHP -# - The script does not install suhosin. -# - Is the security package suhosin usefull or not usefull? # # Hubzilla - email verification # - The script switches off email verification off in all htconfig.tpl. # Example: /var/www/html/view/en/htconfig.tpl # - Is this a silly idea or not? -# -# -# Remove Hubzilla (for a fresh start using the script) -# ---------------------------------------------------- -# -# You could use /var/www/hubzilla-remove.sh -# that is created by hubzilla-setup.sh. -# -# The script will remove (almost everything) what was installed by the script. -# After the removal you could run the script again to have a fresh install -# of all applications including hubzilla and its database. # # How to restore from backup # -------------------------- @@ -76,18 +62,10 @@ # # hubzilla-daily.sh makes a (daily) backup of all relevant files # - /var/lib/mysql/ > hubzilla database -# - /var/www/html/ > hubzilla from github -# - /var/www/letsencrypt/ > certificates -# -# hubzilla-daily.sh writes the backup -# - either to an external disk compatible to LUKS+ext4 (see hubzilla-config.txt) -# - or to /var/cache/rsnapshot in case the external disk is not plugged in +# - /var/www/ > hubzilla/zap from github +# - /etc/letsencrypt/ > certificates # -# Restore backup -# - - - - - - - -# -# This was not tested yet. -# Bacically you can copy the files from the backup to the server. +# hubzilla-daily.sh writes the backup to an external disk compatible to LUKS+ext4 (see hubzilla-config.txt) # # Credits # ------- @@ -136,11 +114,11 @@ function check_config { # backup is important and should be checked if [ -n "$backup_device_name" ] then - if [ ! -d "$backup_mount_point" ] - then - mkdir "$backup_mount_point" - fi - device_mounted=0 + if [ ! -d "$backup_mount_point" ] + then + mkdir "$backup_mount_point" + fi + device_mounted=0 if fdisk -l | grep -i "$backup_device_name.*linux" then print_info "ok - filesystem of external device is linux" @@ -264,7 +242,7 @@ function install_sendmail { function install_php { # openssl and mbstring are included in libapache2-mod-php print_info "installing php..." - nocheck_install "libapache2-mod-php php php-pear php-curl php-mcrypt php-gd" + nocheck_install "libapache2-mod-php php php-pear php-curl php-mcrypt php-gd php-mysqli php-mbstring php-xml" sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.0/apache2/php.ini sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.0/apache2/php.ini } @@ -449,11 +427,11 @@ function configure_cron_selfhost { print_info "configure cron for selfhost..." if [ -z "$selfhost_user" ] then - print_info "freedns is not configured because freedns_key is empty in $configfile" + print_info "selfhost is not configured because selfhost_key is empty in $configfile" else # Use cron for dynamich ip update # - at reboot - # - every 30 minutes + # - every 5 minutes if [ -z "`grep 'selfhost-updater.sh' /etc/crontab`" ] then echo "@reboot root bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab @@ -471,89 +449,24 @@ function install_letsencrypt { then die "Failed to install let's encrypt: 'le_domain' is empty in $configfile" fi - # configure apache - apache_le_conf=/etc/apache2/sites-available/le-default.conf - if [ -f $apache_le_conf ] - then - print_info "$apache_le_conf exist already" - else - cat > $apache_le_conf <<END -# letsencrypt default Apache configuration -Alias /.well-known/acme-challenge /var/www/letsencrypt - -<Directory /var/www/letsencrypt> - Options FollowSymLinks - Allow from all -</Directory> -END - a2ensite le-default.conf - service apache2 restart - fi - # download the shell script - if [ -d $le_dir ] - then - print_info "letsenrypt exists already (nothing downloaded > no certificate created and registered)" - return 0 - fi - git clone https://github.com/lukas2511/dehydrated $le_dir - cd $le_dir - # create config file for letsencrypt.sh - echo "WELLKNOWN=$le_dir" > $le_dir/config.sh - if [ -n "$le_email" ] - then - echo "CONTACT_EMAIL=$le_email" >> $le_dir/config.sh - fi - # create domain file for letsencrypt.sh - # WATCH THIS: - # - It did not work wit "sub.domain.org www.sub.domain.org". - # - So just use "sub.domain.org" only! - echo "$le_domain" > $le_dir/domains.txt - # test apache config for letsencrpyt - url_http=http://$le_domain/.well-known/acme-challenge/domains.txt - wget_output=$(wget -nv --spider --max-redirect 0 $url_http) - if [ $? -ne 0 ] - then - die "Failed to load $url_http" - fi - # accept terms of service of letsencrypt - ./dehydrated --register --accept-terms - # run script dehydrated - # - ./dehydrated --cron --config $le_dir/config.sh -} - -function configure_apache_for_https { - print_info "configuring apache to use httpS ..." - # letsencrypt.sh - # - # "${BASEDIR}/certs/${domain}/privkey.pem" - # "${BASEDIR}/certs/${domain}/cert.pem" - # "${BASEDIR}/certs/${domain}/fullchain.pem" - # - SSLCertificateFile=${le_dir}/certs/${le_domain}/cert.pem - SSLCertificateKeyFile=${le_dir}/certs/${le_domain}/privkey.pem - SSLCertificateChainFile=${le_dir}/certs/${le_domain}/fullchain.pem - if [ ! -f $SSLCertificateFile ] + # check if user gave mail address + if [ -z "$le_email" ] then - print_warn "Failed to configure apache for httpS: Missing certificate file $SSLCertificateFile" - return 0 + die "Failed to install let's encrypt: 'le_domain' is empty in $configfile" fi - # make sure that the ssl mode is enabled - print_info "...configuring apache to use httpS - a2enmod ssl ..." - a2enmod ssl - # modify apach' ssl conf file - if grep -i "ServerName" $sslconf + nocheck_install "apt-transport-https" + # add backports to your sources.list + backports_list=/etc/apt/sources.list.d/backports.list + if [ -f $backports_list ] then - print_info "seems that apache was already configered to use httpS with $sslconf" + print_info "$backports_list exist already" else - sed -i "s/ServerAdmin.*$/ServerAdmin webmaster@localhost\\n ServerName ${le_domain}/" $sslconf - fi - sed -i s#/etc/ssl/certs/ssl-cert-snakeoil.pem#$SSLCertificateFile# $sslconf - sed -i s#/etc/ssl/private/ssl-cert-snakeoil.key#$SSLCertificateKeyFile# $sslconf - sed -i s#/etc/apache2/ssl.crt/server-ca.crt#$SSLCertificateChainFile# $sslconf - sed -i s/#SSLCertificateChainFile/SSLCertificateChainFile/ $sslconf - # apply changes - a2ensite default-ssl.conf + echo "deb https://deb.debian.org/debian stretch-backports main" > $backports_list + fi + apt-get -y update + DEBIAN_FRONTEND=noninteractive apt-get -q -y -t stretch-backports install certbot python-certbot-apache + print_info "run certbot ..." + certbot --apache -w /var/www/html -d $le_domain -m $le_email --agree-tos --non-interactive --redirect --hsts --uir service apache2 restart } @@ -572,7 +485,10 @@ function check_https { function install_hubzilla { print_info "installing hubzilla addons..." cd /var/www/html/ - util/add_addon_repo https://framagit.org/hubzilla/addons.git hzaddons + # if you install Hubzilla + util/add_addon_repo https://framagit.org/hubzilla/addons hzaddons + # if you install ZAP + #util/add_addon_repo https://framagit.org/zot/zap-addons.git zaddons mkdir -p "store/[data]/smarty3" chmod -R 777 store touch .htconfig.php @@ -582,7 +498,7 @@ function install_hubzilla { chown root:www-data /var/www/html/ chown root:www-data /var/www/html/.htaccess chmod 0644 /var/www/html/.htaccess - # try to switch off email registration + print_info "try to switch off email registration..." sed -i "s/verify_email.*1/verify_email'] = 0/" /var/www/html/view/*/ht* if [ -n "`grep -r 'verify_email.*1' /var/www/html/view/`" ] then @@ -591,49 +507,9 @@ function install_hubzilla { print_info "installed hubzilla" } -function rewrite_to_https { - print_info "configuring apache to redirect http to httpS ..." - htaccessfile=/var/www/html/.htaccess - if grep -i "https" $htaccessfile - then - print_info "...configuring apache to redirect http to httpS was already done in $htaccessfile" - else - sed -i "s#QSA]#QSA]\\n RewriteCond %{SERVER_PORT} !^443$\\n RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]#" $htaccessfile - fi - service apache2 restart -} - -# This will allways overwrite both config files -# - internal disk -# - external disk (LUKS + ext4) -# of rsnapshot for hubzilla -function install_rsnapshot { - print_info "installing rsnapshot..." - nocheck_install "rsnapshot" - # internal disk - cp -f /etc/rsnapshot.conf $snapshotconfig - sed -i "s/^cmd_cp/#cmd_cp/" $snapshotconfig - sed -i "s/^backup/#backup/" $snapshotconfig - echo "backup /var/lib/mysql/ localhost/" >> $snapshotconfig - echo "backup /var/www/html/ localhost/" >> $snapshotconfig - echo "backup /var/www/letsencrypt/ localhost/" >> $snapshotconfig - # external disk - if [ -n "$backup_device_name" ] - then - cp -f /etc/rsnapshot.conf $snapshotconfig_external_device - sed -i "s#snapshot_root.*#snapshot_root $backup_mount_point#" $snapshotconfig_external_device - sed -i "/alpha/s/6/30/" $snapshotconfig_external_device - sed -i "s/^cmd_cp/#cmd_cp/" $snapshotconfig_external_device - sed -i "s/^backup/#backup/" $snapshotconfig_external_device - if [ -z "`grep 'letsencrypt' $snapshotconfig_external_device`" ] - then - echo "backup /var/lib/mysql/ localhost/" >> $snapshotconfig_external_device - echo "backup /var/www/html/ localhost/" >> $snapshotconfig_external_device - echo "backup /var/www/letsencrypt/ localhost/" >> $snapshotconfig_external_device - fi - else - print_info "No backup configuration (rsnapshot) for external device configured. Reason: backup_device_name and/or backup_device_pass not given in $configfile" - fi +function install_rsync { + print_info "installing rsync..." + nocheck_install "rsync" } function install_cryptosetup { @@ -644,28 +520,28 @@ function install_cryptosetup { function configure_cron_daily { print_info "configuring cron..." # every 10 min for poller.php - if [ -z "`grep 'poller.php' /etc/crontab`" ] + if [ -z "`grep 'Master.php' /etc/crontab`" ] then echo "*/10 * * * * www-data cd /var/www/html; php Zotlabs/Daemon/Master.php Cron >> /dev/null 2>&1" >> /etc/crontab fi # Run external script daily at 05:30 # - stop apache and mysql-server - # - backup hubzilla + # - renew the certificate of letsencrypt + # - backup db, files (/var/www/html), certificates if letsencrypt # - update hubzilla core and addon # - update and upgrade linux - # - reboot + # - reboot is done by "shutdown -h now" because "reboot" hangs sometimes depending on the system echo "#!/bin/sh" > /var/www/$hubzilladaily echo "#" >> /var/www/$hubzilladaily echo "echo \" \"" >> /var/www/$hubzilladaily echo "echo \"+++ \$(date) +++\"" >> /var/www/$hubzilladaily echo "echo \" \"" >> /var/www/$hubzilladaily echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$hubzilladaily -echo "bash $le_dir/dehydrated --cron --config $le_dir/config.sh" >> /var/www/$hubzilladaily +echo "certbot renew --noninteractive" >> /var/www/$hubzilladaily echo "#" >> /var/www/$hubzilladaily -echo "# stop hubzilla" >> /var/www/$hubzilladaily -echo "echo \"\$(date) - stoping apache and mysql...\"" >> /var/www/$hubzilladaily +echo "echo \"\$(date) - stopping apache and mysql...\"" >> /var/www/$hubzilladaily echo "service apache2 stop" >> /var/www/$hubzilladaily -echo "/etc/init.d/mysql stop # to avoid inconsistancies" >> /var/www/$hubzilladaily +echo "/etc/init.d/mysql stop # to avoid inconsistencies" >> /var/www/$hubzilladaily echo "#" >> /var/www/$hubzilladaily echo "# backup" >> /var/www/$hubzilladaily echo "echo \"\$(date) - try to mount external device for backup...\"" >> /var/www/$hubzilladaily @@ -696,11 +572,13 @@ echo " if mount $backup_device_name $backup_mount_point" >> /var/www/$hub echo " then" >> /var/www/$hubzilladaily echo " device_mounted=1" >> /var/www/$hubzilladaily echo " echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$hubzilladaily -echo " rsnapshot -c $snapshotconfig_external_device alpha" >> /var/www/$hubzilladaily -echo " echo \"\$(date) - disk sizes...\"" >> /var/www/$hubzilladaily -echo " df -h" >> /var/www/$hubzilladaily -echo " echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily -echo " du -h $backup_mount_point | grep mysql/hubzilla" >> /var/www/$hubzilladaily +echo " rsync -a --delete /var/lib/mysql/ /media/hubzilla_backup/mysql" >> /var/www/$hubzilladaily +echo " rsync -a --delete /var/www/ /media/hubzilla_backup/www" >> /var/www/$hubzilladaily +echo " rsync -a --delete /etc/letsencrypt/ /media/hubzilla_backup/letsencrypt" >> /var/www/$hubzilladaily +echo " echo \"\$(date) - disk sizes...\"" >> /var/www/$hubzilladaily +echo " df -h" >> /var/www/$hubzilladaily +echo " echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily +echo " du -h $backup_mount_point | grep mysql/hubzilla" >> /var/www/$hubzilladaily echo " echo \"unmounting backup device...\"" >> /var/www/$hubzilladaily echo " umount $backup_mount_point" >> /var/www/$hubzilladaily echo " else" >> /var/www/$hubzilladaily @@ -722,18 +600,16 @@ echo "echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily echo "du -h /var/lib/mysql/ | grep mysql/hubzilla" >> /var/www/$hubzilladaily echo "#" >> /var/www/$hubzilladaily echo "# update" >> /var/www/$hubzilladaily -echo "echo \"\$(date) - updating dehydrated...\"" >> /var/www/$hubzilladaily -echo "git -C /var/www/letsencrypt/ pull" >> /var/www/$hubzilladaily -echo "echo \"\$(date) - updating hubhilla core...\"" >> /var/www/$hubzilladaily +echo "echo \"\$(date) - updating core and addons...\"" >> /var/www/$hubzilladaily echo "(cd /var/www/html/ ; util/udall)" >> /var/www/$hubzilladaily echo "chown -R www-data:www-data /var/www/html/ # make all accessable for the webserver" >> /var/www/$hubzilladaily echo "chown root:www-data /var/www/html/.htaccess" >> /var/www/$hubzilladaily echo "chmod 0644 /var/www/html/.htaccess # www-data can read but not write it" >> /var/www/$hubzilladaily echo "echo \"\$(date) - updating linux...\"" >> /var/www/$hubzilladaily echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$hubzilladaily -echo "echo \"\$(date) - Backup hubzilla and update linux finished. Rebooting...\"" >> /var/www/$hubzilladaily +echo "echo \"\$(date) - Backup and update finished. Rebooting...\"" >> /var/www/$hubzilladaily echo "#" >> /var/www/$hubzilladaily -echo "reboot" >> /var/www/$hubzilladaily +echo "shutdown -r now" >> /var/www/$hubzilladaily if [ -z "`grep 'hubzilla-daily.sh' /etc/crontab`" ] then @@ -745,38 +621,6 @@ echo "reboot" >> /var/www/$hubzilladaily print_info "configured cron for updates/upgrades" } -function write_uninstall_script { - print_info "writing uninstall script..." - - cat > /var/www/hubzilla-remove.sh <<END -#!/bin/sh -# -# This script removes Hubzilla. -# You might do this for a fresh start using the script. -# The script will remove (almost everything) what was installed by the script, -# all applications including hubzilla and its database. -# -# Backup the certificates of letsencrypt (you never know) -cp -a /var/www/letsencrypt/ ~/backup_le_certificats -# -# Removal -apt-get remove apache2 apache2-utils libapache2-mod-php5 php5 php-pear php5-xcache php5-curl php5-mcrypt php5-gd php5-mysql mysql-server mysql-client phpmyadmin -apt-get purge apache2 apache2-utils libapache2-mod-php5 php5 php-pear php5-xcache php5-curl php5-mcrypt php5-gd php5-mysql mysql-server mysql-client phpmyadmin -apt-get autoremove -apt-get clean -rm /etc/rsnapshot_hubzilla.conf -rm /etc/rsnapshot_hubzilla_external_device.conf -rm -R /etc/apache2/ -rm -R /var/lib/mysql/ -rm -R /var/www -rm -R /etc/selfhost/ -# uncomment the next line if you want to remove the backups -# rm -R /var/cache/rsnapshot -nano /etc/crontab # remove entries there manually -END - chmod -x /var/www/hubzilla-remove.sh -} - ######################################################################## # START OF PROGRAM ######################################################################## @@ -792,11 +636,7 @@ selfhostdir=/etc/selfhost selfhostscript=selfhost-updater.sh hubzilladaily=hubzilla-daily.sh plugins_update=.homeinstall/plugins_update.sh -snapshotconfig=/etc/rsnapshot_hubzilla.conf -snapshotconfig_external_device=/etc/rsnapshot_hubzilla_external_device.conf backup_mount_point=/media/hubzilla_backup -le_dir=/var/www/letsencrypt -sslconf=/etc/apache2/sites-available/default-ssl.conf #set -x # activate debugging from here @@ -820,7 +660,6 @@ configure_cron_selfhost if [ "$le_domain" != "localhost" ] then install_letsencrypt - configure_apache_for_https check_https else print_info "is localhost - skipped installation of letsencrypt and configuration of apache for https" @@ -828,20 +667,12 @@ fi install_hubzilla -if [ "$le_domain" != "localhost" ] -then - rewrite_to_https - install_rsnapshot -else - print_info "is localhost - skipped rewrite to https and installation of rsnapshot" -fi - configure_cron_daily if [ "$le_domain" != "localhost" ] then + install_rsync install_cryptosetup - write_uninstall_script else print_info "is localhost - skipped installation of cryptosetup" fi diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 6912322aa..7e25e08b2 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -40,7 +40,7 @@ class Photo extends \Zotlabs\Web\Controller { call_hooks('cache_mode_hook', $cache_mode); $observer_xchan = get_observer_hash(); - $ismodified = $_SERVER['HTTP_IF_MODIFIED_SINCE']; + $cachecontrol = ''; if(isset($type)) { @@ -68,8 +68,6 @@ class Photo extends \Zotlabs\Web\Controller { } } - $modified = filemtime($default); - $default = z_root() . '/' . $default; $uid = $person; $data = ''; @@ -83,7 +81,7 @@ class Photo extends \Zotlabs\Web\Controller { $modified = strtotime($r[0]['edited'] . "Z"); $mimetype = $r[0]['mimetype']; if(intval($r[0]['os_storage'])) - $data = file_get_contents($data); + $data = file_get_contents(dbunescbin($r[0]['content'])); else $data = dbunescbin($r[0]['content']); } @@ -97,13 +95,17 @@ class Photo extends \Zotlabs\Web\Controller { $default = $d['default']; $data = $d['data']; $mimetype = $d['mimetype']; + $modified = time(); } if(! $data) { - $x = z_fetch_url($default,true,0,[ 'novalidate' => true ]); + $x = z_fetch_url(z_root() . '/' . $default, true, 0, [ 'novalidate' => true ]); $data = ($x['success'] ? $x['body'] : EMPTY_STR); $mimetype = 'image/png'; + $modified = filemtime($default); } + + $cachecontrol = ', must-revalidate'; } else { @@ -216,38 +218,18 @@ class Photo extends \Zotlabs\Web\Controller { http_status_exit(404,'not found'); } + if(! $data) + killme(); + header_remove('Pragma'); - if($ismodified === gmdate("D, d M Y H:i:s", $modified) . " GMT") { + if($_SERVER['HTTP_IF_NONE_MATCH'] === md5($data) || $_SERVER['HTTP_IF_MODIFIED_SINCE'] === gmdate("D, d M Y H:i:s", $modified) . " GMT") { header_remove('Expires'); header_remove('Cache-Control'); header_remove('Set-Cookie'); http_status_exit(304,'not modified'); - } - - if(! isset($data)) { - if(isset($resolution)) { - switch($resolution) { - case 4: - $default = get_default_profile_photo(); - break; - case 5: - $default = get_default_profile_photo(80); - break; - case 6: - $default = get_default_profile_photo(48); - break; - default: - killme(); - // NOTREACHED - break; - } - $x = z_fetch_url(z_root() . '/' . $default,true,0,[ 'novalidate' => true ]); - $data = ($x['success'] ? $x['body'] : EMPTY_STR); - $mimetype = 'image/png'; - } } - + if(isset($res) && intval($res) && $res < 500) { $ph = photo_factory($data, $mimetype); if($ph->is_valid()) { @@ -284,12 +266,13 @@ class Photo extends \Zotlabs\Web\Controller { $maxage = $expires - time(); header("Expires: " . gmdate("D, d M Y H:i:s", $expires) . " GMT"); - header("Cache-Control: max-age=" . $maxage); + header("Cache-Control: max-age=" . $maxage . $cachecontrol); } header("Content-type: " . $mimetype); header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT"); + header("ETag: " . md5($data)); header("Content-Length: " . (isset($filesize) ? $filesize : strlen($data))); // If it's a file resource, stream it. diff --git a/util/storageconv b/util/storageconv index 594ec14fb..9c49787d1 100755 --- a/util/storageconv +++ b/util/storageconv @@ -29,7 +29,7 @@ if($argc == 2) { echo 'Current storage set to: ' . ($storage ? 'filesystem' : 'SQL database') . PHP_EOL; switch($argv[1]) { case 'stats': - $x = q("SELECT COUNT(resource_id) AS qty FROM photo WHERE photo_usage = 0 and os_storage = 1"); + $x = q("SELECT COUNT(resource_id) AS qty FROM photo WHERE photo_usage = 0 AND os_storage = 1 AND imgscale = 0"); echo 'Local images: ' . $x[0]['qty'] . PHP_EOL; $x = q("SELECT COUNT(id) AS qty FROM photo WHERE resource_id IN (SELECT DISTINCT resource_id FROM photo WHERE photo_usage = 0 and os_storage = 1) AND imgscale > 0"); echo 'Thumbnails total: ' . $x[0]['qty'] . PHP_EOL; @@ -45,26 +45,21 @@ if($argc == 2) { break; } - $x = q("SELECT DISTINCT uid, resource_id FROM photo WHERE photo_usage = 0 and os_storage = 1"); + $x = q("SELECT DISTINCT resource_id, content FROM photo WHERE photo_usage = 0 AND os_storage = 1 AND imgscale = 0"); if($x) { foreach($x as $xx) { - $r = q("SELECT channel_address FROM channel WHERE channel_id = %d", - intval($xx['uid']) - ); - - $n = q("SELECT id, imgscale, content, os_path FROM photo WHERE resource_id = '%s' AND os_storage != %d AND imgscale > 0", + $n = q("SELECT id, imgscale, content FROM photo WHERE resource_id = '%s' AND os_storage != %d AND imgscale > 0", dbesc($xx['resource_id']), $storage ); - echo count($n) . PHP_EOL; foreach($n as $nn) { echo '.'; - $filename = 'store/' . $r[0]['channel_address'] . '/' . $nn['os_path'] . '-' . $nn['imgscale']; + $filename = dbunescbin($xx['content']) . '-' . $nn['imgscale']; if(! file_put_contents($filename, dbunescbin($nn['content']))) { echo 'Failed to save file ' . $filename . PHP_EOL; continue; @@ -90,7 +85,7 @@ if($argc == 2) { break; } - $x = q("SELECT DISTINCT resource_id FROM photo WHERE photo_usage = 0 and os_storage = 1"); + $x = q("SELECT DISTINCT resource_id FROM photo WHERE photo_usage = 0 AND os_storage = 1 AND imgscale = 0"); if($x) { foreach($x as $xx) { @@ -134,4 +129,3 @@ if($argc == 2) { echo PHP_EOL; } - |