create open_port function to automatically open ports over upnp (#1469)

Co-authored-by: szaimen <szaimen@e.mail.de>
2025-10-26 11:27:32 +00:00 · 2020-09-18 12:04:31 +02:00 · 2020-09-18 12:04:31 +02:00 · 6aba7b7935
commit 6aba7b7935
parent e9a5281061
8 changed files with 153 additions and 49 deletions
--- a/apps/bitwarden-rs.sh
+++ b/apps/bitwarden-rs.sh
@ -64,11 +64,21 @@ SUBDOMAIN=$(input_box_flow "Please enter the Domain that you want to use for Bit
 # shellcheck source=lib.sh
 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)

-msg_box "Please make sure that you have you have edited the dns-settings of your domain and open ports 80 and 443."
+msg_box "Before continuing, please make sure that you have you have edited the DNS settings for $SUBDOMAIN, and opened port 80 and 443 directly to this servers IP. A full exstensive guide can be found here:
+https://www.techandme.se/open-port-80-443

-if ! yesno_box_yes "Have you made the necessary preparations?"
+This can be done automatically if you have UNNP enabled in your firewall/router. You will be offered to use UNNP in the next step.
+
+PLEASE NOTE:
+Using other ports than the default 80 and 443 is not supported, though it may be possible with some custom modification:
+https://help.nextcloud.com/t/domain-refused-to-connect-collabora/91303/17"
+
+if yesno_box_no "Do you want to use UPNP to open port 80 and 443?"
 then
-    exit
+    unset FAIL
+    open_port 80 TCP
+    open_port 443 TCP
+    cleanup_open_port
 fi

 # Check if $SUBDOMAIN exists and is reachable
--- a/apps/collabora_docker.sh
+++ b/apps/collabora_docker.sh
@ -162,8 +162,23 @@ NCDOMAIN_ESCAPED=${NCDOMAIN//[.]/\\\\.}
 nc_update

 # Notification
-msg_box "Before you start, please make sure that port 80+443 is directly forwarded to this machine!"
+msg_box "Before continuing, please make sure that you have you have edited the DNS settings for $SUBDOMAIN, and opened port 80 and 443 directly to this servers IP. A full exstensive guide can be found here:
+https://www.techandme.se/open-port-80-443

+This can be done automatically if you have UNNP enabled in your firewall/router. You will be offered to use UNNP in the next step.
+
+PLEASE NOTE:
+Using other ports than the default 80 and 443 is not supported, though it may be possible with some custom modification:
+https://help.nextcloud.com/t/domain-refused-to-connect-collabora/91303/17"
+
+if yesno_box_no "Do you want to use UPNP to open port 80 and 443?"
+then
+    unset FAIL
+    open_port 80 TCP
+    open_port 443 TCP
+    cleanup_open_port
+fi
+    
 # Get the latest packages
 apt update -q4 & spinner_loading

--- a/apps/onlyoffice_docker.sh
+++ b/apps/onlyoffice_docker.sh
@ -175,7 +175,22 @@ true
 nc_update

 # Notification
-msg_box "Before you start, please make sure that port 80+443 is directly forwarded to this machine!"
+msg_box "Before continuing, please make sure that you have you have edited the DNS settings for $SUBDOMAIN, and opened port 80 and 443 directly to this servers IP. A full exstensive guide can be found here:
+https://www.techandme.se/open-port-80-443
+
+This can be done automatically if you have UNNP enabled in your firewall/router. You will be offered to use UNNP in the next step.
+
+PLEASE NOTE:
+Using other ports than the default 80 and 443 is not supported, though it may be possible with some custom modification:
+https://help.nextcloud.com/t/domain-refused-to-connect-collabora/91303/17"
+
+if yesno_box_no "Do you want to use UPNP to open port 80 and 443?"
+then
+    unset FAIL
+    open_port 80 TCP
+    open_port 443 TCP
+    cleanup_open_port
+fi

 # Get the latest packages
 apt update -q4 & spinner_loading
--- a/apps/talk.sh
+++ b/apps/talk.sh
@ -41,7 +41,7 @@ then
    choice=$(whiptail --title "$TITLE" --menu "It seems like 'Nextcloud Talk' is already installed.\nChoose what you want to do." "$WT_HEIGHT" "$WT_WIDTH" 4 \
    "Reinstall Nextcloud Talk" "" \
    "Uninstall Nextcloud Talk" "" 3>&1 1>&2 2>&3)
-    
+
    case "$choice" in
        "Uninstall Nextcloud Talk")
            print_text_in_color "$ICyan" "Uninstalling Nextcloud Talk and resetting all settings..."
@ -151,11 +151,19 @@ check_command systemctl restart coturn.service

 # Warn user to open port
 msg_box "You have to open $TURN_PORT TCP/UDP in your firewall or your TURN/STUN server won't work!
-After you hit OK the script will check for the firewall and eventually exit on failure.

-To run again the setup, after fixing your firewall:
-sudo -sLO $APP/talk.sh
-sudo bash talk.sh"
+This can be done automatically if you have UNNP enabled in your firewall/router. You will be offered to use UNNP in the next step."
+
+After you hit OK, the script will check if the port is open or not. If it fails and you want to run this script again, just execute this in your CLI:
+sudo bash /var/scripts/menu.sh, and choose 'Talk'.
+
+if yesno_box_no "Do you want to use UPNP to open port $TURN_PORT?"
+then
+    unset FAIL
+    open_port "$TURN_PORT" TCP
+    open_port "$TURN_PORT" UDP
+    cleanup_open_port
+fi

 # Check if the port is open
 check_open_port "$TURN_PORT" "$TURN_DOMAIN"
--- a/apps/talk_signaling.sh
+++ b/apps/talk_signaling.sh
@ -173,10 +173,19 @@ check_command systemctl restart coturn.service

 # Warn user to open port
 msg_box "You have to open $TURN_PORT TCP/UDP in your firewall or your TURN/STUN server won't work!
-After you hit OK the script will check for the firewall and eventually exit on failure.
-To run again the setup, after fixing your firewall:
-sudo -sLO $APP/talk_signaling.sh
-sudo bash talk_signaling.sh"
+
+This can be done automatically if you have UNNP enabled in your firewall/router. You will be offered to use UNNP in the next step."
+
+After you hit OK, the script will check if the port is open or not. If it fails and you want to run this script again, just execute this in your CLI:
+sudo bash /var/scripts/menu.sh, and choose 'Talk'.
+
+if yesno_box_no "Do you want to use UPNP to open port $TURN_PORT?"
+then
+    unset FAIL
+    open_port "$TURN_PORT" TCP
+    open_port "$TURN_PORT" UDP
+    cleanup_open_port
+fi

 # Check if the port is open
 check_open_port "$TURN_PORT" "$TURN_DOMAIN"
@ -225,6 +234,24 @@ SUBDOMAIN=$(input_box_flow "Talk Signaling Server subdomain e.g: talk.yourdomain
 # shellcheck source=lib.sh
 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)

+# Notification
+msg_box "Before continuing, please make sure that you have you have edited the DNS settings for $SUBDOMAIN, and opened port 80 and 443 directly to this servers IP. A full exstensive guide can be found here:
+https://www.techandme.se/open-port-80-443
+
+This can be done automatically if you have UNNP enabled in your firewall/router. You will be offered to use UNNP in the next step.
+
+PLEASE NOTE:
+Using other ports than the default 80 and 443 is not supported, though it may be possible with some custom modification:
+https://help.nextcloud.com/t/domain-refused-to-connect-collabora/91303/17"
+
+if yesno_box_no "Do you want to use UPNP to open port 80 and 443?"
+then
+    unset FAIL
+    open_port 80 TCP
+    open_port 443 TCP
+    cleanup_open_port
+fi
+
 # Check if $SUBDOMAIN exists and is reachable
 print_text_in_color "$ICyan" "Checking if $SUBDOMAIN exists and is reachable..."
 domain_check_200 "$SUBDOMAIN"
@ -303,14 +330,6 @@ check_command systemctl enable signaling
 # Apache Proxy
 # https://github.com/strukturag/nextcloud-spreed-signaling#apache

-# Check if $SUBDOMAIN exists and is reachable
-print_text_in_color "$ICyan" "Checking if $SUBDOMAIN exists and is reachable..."
-domain_check_200 "$SUBDOMAIN"
-
-# Check open ports with NMAP
-check_open_port 80 "$SUBDOMAIN"
-check_open_port 443 "$SUBDOMAIN"
-
 # Install Apache2
 install_if_not apache2

--- a/apps/tmbitwarden.sh
+++ b/apps/tmbitwarden.sh
@ -56,7 +56,7 @@ It's a good idea to read that before you start this script.
 Please also report any issues regarding this script setup to $ISSUES"

 msg_box "The necessary preparations to run expose Bitwarden to the internet are:
-1. Please open port 443 and 80 and point to this server.
+1. Please open port 443 and 80 and point to this server. (You will be asked if you want to use UPNP to open those ports automatically in the next step.)
 2. Please create a DNS record for your subdomain and point that to this server.
 3. Raise the amount of RAM to this server to at least 4 GB."

@ -185,6 +185,23 @@ check_command sudo -u "$BITWARDEN_USER" ./bitwarden.sh updatedb
 # Produce reverse-proxy config and get lets-encrypt certificate
 msg_box "We'll now setup the Apache Proxy that will act as TLS front for your Bitwarden installation."

+msg_box "Before continuing, please make sure that you have you have edited the DNS settings for $SUBDOMAIN, and opened port 80 and 443 directly to this servers IP. A full exstensive guide can be found here:
+https://www.techandme.se/open-port-80-443
+
+This can be done automatically if you have UNNP enabled in your firewall/router. You will be offered to use UNNP in the next step.
+
+PLEASE NOTE:
+Using other ports than the default 80 and 443 is not supported, though it may be possible with some custom modification:
+https://help.nextcloud.com/t/domain-refused-to-connect-collabora/91303/17"
+
+if yesno_box_no "Do you want to use UPNP to open port 80 and 443?"
+then
+    unset FAIL
+    open_port 80 TCP
+    open_port 443 TCP
+    cleanup_open_port
+fi
+
 # Curl the lib another time to get the correct HTTPS_CONF
 # shellcheck source=lib.sh
 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
--- a/lets-encrypt/activate-tls.sh
+++ b/lets-encrypt/activate-tls.sh
@ -17,53 +17,53 @@ debug_mode
 root_check

 # Information
-msg_box "Important! Please read this:
+# Information
+msg_box "Before we begin the installation of your TLS certificate you need to:

-This script will install TLS from Let's Encrypt.
-It's free of charge, and very easy to maintain.
+1. Have a domain like: cloud.example.com
+If you want to get a domain at a fair price, please check this out: https://store.binero.se/?lang=en-US

-Before we begin the installation you need to have
-a domain that the TLS certs will be valid for.
-If you don't have a domain yet, get one before
-you run this script!
-
-You also have to open port 80+443 against this VMs
-IP address: $ADDRESS - do this in your router/FW.
+2. Open port 80 and 443 against this VMs IP address: $ADDRESS.
 Here is a guide: https://goo.gl/Uyuf65
+It's also possible automatically open ports with UPNP, if you have that enabled in your firewall/router.

-You can find the script here: $SCRIPTS/activate-tls.sh
-and you can run it after you got a domain.
-
-Please don't run this script if you don't have
-a domain yet. You can get one for a fair price here:
-https://store.binero.se/?lang=en-US"
+PLEASE NOTE:
+This script can be run again by executing: sudo bash $SCRIPTS/menu.sh, and choose 'Server Configuration' --> 'Activate TLS'"

 if ! yesno_box_yes "Are you sure you want to continue?"
 then
-msg_box "OK, but if you want to run this script later,
-just type: sudo bash $SCRIPTS/activate-tls.sh"
+msg_box "OK, but if you want to run this script later, just execute this in your CLI: sudo bash /var/scripts/menu.sh and choose 'Server Configuration' --> 'Activate TLS'"
    exit
 fi

-if ! yesno_box_yes "Have you forwarded port 80+443 in your router?"
+if ! yesno_box_yes "Have you opened port 80 and 443 in your router, or are you using UPNP?"
 then
-msg_box "OK, but if you want to run this script later,
-just type: sudo bash /var/scripts/activate-tls.sh"
+msg_box "OK, but if you want to run this script later, just execute this in your CLI: sudo bash /var/scripts/menu.sh and choose 'Server Configuration' --> 'Activate TLS'"
    exit
 fi

-if yesno_box_yes "Do you have a domain that you will use?"
+if ! yesno_box_yes "Do you have a domain that you will use?"
 then
-    sleep 1
-else
-msg_box "OK, but if you want to run this script later,
-just type: sudo bash /var/scripts/activate-tls.sh"
+msg_box "OK, but if you want to run this script later, just execute this in your CLI: sudo bash /var/scripts/menu.sh and choose 'Server Configuration' --> 'Activate TLS'"
    exit
 fi

 # Nextcloud Main Domain (activate-tls.sh)
 TLSDOMAIN=$(input_box_flow "Please enter the domain name you will use for Nextcloud.\n\nMake sure it looks like this:\nyourdomain.com, or cloud.yourdomain.com")

+msg_box "Before continuing, please make sure that you have you have edited the DNS settings for $TLSDOMAIN, and opened port 80 and 443 directly to this servers IP. A full exstensive guide can be found here:
+https://www.techandme.se/open-port-80-443
+
+This can be done automatically if you have UNNP enabled in your firewall/router. You will be offered to use UNNP in the next step."
+
+if yesno_box_no "Do you want to use UPNP to open port 80 and 443?"
+then
+    unset FAIL
+    open_port 80 TCP
+    open_port 443 TCP
+    cleanup_open_port
+fi
+
 # Curl the lib another time to get the correct https_conf
 # shellcheck source=lib.sh
 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
--- a/lib.sh
+++ b/lib.sh
@ -698,6 +698,26 @@ fi
 restart_webserver
 }

+# Use like this: open_port 443 TCP
+# or e.g. open_port 3478 UDP
+open_port() {
+    install_if_not miniupnpc
+    print_text_in_color "$ICyan" "Trying to open port $1 automatically..."
+    if ! upnpc -a "$ADDRESS" "$1" "$1" "$2" &>/dev/null
+    then
+        msg_box "Failed to open port $1 $2 automatically. You have to do this manually."
+        FAIL=1
+    fi
+}
+
+cleanup_open_port() {
+    if [ -n "$FAIL" ]
+    then
+        apt-get purge miniupnpc -y
+        apt autoremove -y
+    fi
+}
+
 # Check if port is open # check_open_port 443 domain.example.com
 check_open_port() {
 print_text_in_color "$ICyan" "Checking if port ${1} is open with https://www.networkappers.com/tools/open-port-checker..."