Merge branch 'master' of https://github.com/nextcloud/vm

lets-encrypt/activate-ssl.sh

@@ -173,6 +173,8 @@ fi
 
 # Change ServerName in apache.conf
 sed -i "s|ServerName nextcloud|ServerName $domain|g" /etc/apache2/apache2.conf
+sudo hostnamectl set-hostname $domain
+service apache2 restart
 
 # Generate nextcloud_ssl_domain.conf
 if [ -f $ssl_conf ]
@@ -359,7 +361,9 @@ ENDMSG
     rm $SCRIPTS/test-new-config.sh
     rm $ssl_conf
     rm -R /root/.local/share/letsencrypt
-# Change ServerName in apache.conf
+# Change ServerName in apache.conf and hostname
     sed -i "s|ServerName $domain|ServerName nextcloud|g" /etc/apache2/apache2.conf
+    sudo hostnamectl set-hostname nextcloud
+    service apache2 restart
 fi
 clear

nextcloud_install_production.sh

@@ -23,7 +23,6 @@ OS=$(grep -ic "Ubuntu" /etc/issue.net)
 # Passwords
 SHUF=$(shuf -i 13-15 -n 1)
 MYSQL_PASS=$(cat /dev/urandom | tr -dc "a-zA-Z0-9@#*=" | fold -w $SHUF | head -n 1)
-NC_MYSQL_PASS=$(cat /dev/urandom | tr -dc "a-zA-Z0-9@#*=" | fold -w $SHUF | head -n 1)
 PW_FILE=/var/mysql_password.txt
 # Directories
 SCRIPTS=/var/scripts
@@ -325,20 +324,14 @@ rm $HTML/$STABLEVERSION.zip
 wget -q $STATIC/setup_secure_permissions_nextcloud.sh -P $SCRIPTS
 bash $SCRIPTS/setup_secure_permissions_nextcloud.sh
 
-# Manually create new DB
-mysql \
--u root \
--p$MYSQL_PASS \
--e "create database nextcloud_db; GRANT ALL PRIVILEGES ON nextcloud_db.* TO nc_mysql@localhost IDENTIFIED BY '$NC_MYSQL_PASS'"
-
 # Install Nextcloud
 cd $NCPATH
 sudo -u www-data php occ maintenance:install \
     --data-dir "$NCDATA" \
     --database "mysql" \
     --database-name "nextcloud_db" \
-    --database-user "nc_mysql" \
-    --database-pass "$NC_MYSQL_PASS" \
+    --database-user "root" \
+    --database-pass "$MYSQL_PASS" \
     --admin-user "$UNIXUSER" \
     --admin-pass "$UNIXPASS"
 echo
@@ -504,10 +497,10 @@ apt update -q2
 apt install webmin -y
 
 # Nextcloud apps
-CONVER=$(wget -q https://raw.githubusercontent.com/nextcloud/contacts/master/appinfo/info.xml && grep -Po "(?<=<version>)[^<]*(?=</version>)" info.xml && rm info.xml)
+CONVER=$(curl -s https://api.github.com/repos/nextcloud/contacts/releases/latest | grep "tag_name" | cut -d\" -f4 | sed -e "s|v||g")
 CONVER_FILE=contacts.tar.gz
 CONVER_REPO=https://github.com/nextcloud/contacts/releases/download
-CALVER=$(wget -q https://raw.githubusercontent.com/nextcloud/calendar/master/appinfo/info.xml && grep -Po "(?<=<version>)[^<]*(?=</version>)" info.xml && rm info.xml)
+CALVER=$(curl -s https://api.github.com/repos/nextcloud/calendar/releases/latest | grep "tag_name" | cut -d\" -f4 | sed -e "s|v||g")
 CALVER_FILE=calendar.tar.gz
 CALVER_REPO=https://github.com/nextcloud/calendar/releases/download
 

nextcloud_update.sh

@@ -29,7 +29,7 @@ NCVERSION=$(curl -s --max-time 900 $NCREPO/ | tac | grep unknown.gif | sed 's/.*
 
 # System Upgrade
 apt update
-apt dist-upgrade -y
+export DEBIAN_FRONTEND=noninteractive ; apt dist-upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
 
 # Set secure permissions
 FILE="$SECURE"
@@ -194,7 +194,11 @@ else
     echo "Theme set"
 fi
 
-# Set secure permissions again
+# Pretty URLs
+echo "Setting RewriteBase to "/" in config.php..."
+chown -R www-data:www-data $NCPATH
+sudo -u www-data php $NCPATH/occ config:system:set htaccess.RewriteBase --value="/"
+sudo -u www-data php $NCPATH/occ maintenance:update:htaccess
 bash $SECURE
 
 # Repair

static/collabora.sh

@@ -1,22 +1,28 @@
 #!/bin/bash
 # Collabora auto installer
 
+SCRIPTS=/var/scripts
+# Check if root
+if [ "$(whoami)" != "root" ]
+then
+    echo
+    echo -e "\e[31mSorry, you are not root.\n\e[0mYou must type: \e[36msudo \e[0mbash $SCRIPTS/collabora.sh"
+    echo
+    exit 1
+fi
+
 ## Variable's
 # Docker URL
-DOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Nextcloud url, make sure it looks like this: cloud\\.yourdomain\\.com" "$WT_HEIGHT" "$WT_WIDTH" cloud\\.yourdomain\\.com 3>&1 1>&2 2>&3)
-# Letsencrypt domains (we need to find a solution to add this Letsencrypt request to the main request for the NC domain)
-CLEANDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Nextcloud url, now make sure it look normal" "$WT_HEIGHT" "$WT_WIDTH" cloud.yourdomain.com 3>&1 1>&2 2>&3)
-EDITORDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Collabora subdomain eg: office.yourdomain.com" "$WT_HEIGHT" "$WT_WIDTH" 3>&1 1>&2 2>&3)
-# Vhosts
-HTTPS_EXIST="/etc/apache2/sites-available/$CLEANDOMAIN.conf"
-HTTPS_CONF="/etc/apache2/sites-available/$EDITORDOMAIN.conf"
+SUBDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Collabora subdomain eg: office.yourdomain.com" "$WT_HEIGHT" "$WT_WIDTH" 3>&1 1>&2 2>&3)
+# Nextcloud Main Domain
+NCDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Nextcloud url, make sure it looks like this: cloud\\.yourdomain\\.com" "$WT_HEIGHT" "$WT_WIDTH" cloud\\.yourdomain\\.com 3>&1 1>&2 2>&3)
+# Vhost
+HTTPS_CONF="/etc/apache2/sites-available/$SUBDOMAIN.conf"
 # Letsencrypt
 LETSENCRYPTPATH=/etc/letsencrypt
 CERTFILES=$LETSENCRYPTPATH/live
 # WANIP
 WANIP4=$(dig +short myip.opendns.com @resolver1.opendns.com)
-# Misc
-SCRIPTS=/var/scripts
 
 # Whiptail auto size
 calc_wt_size() {
@@ -36,50 +42,64 @@ calc_wt_size() {
 whiptail --msgbox "Please before you start make sure port 443 is directly forwarded to this machine or open!" "$WT_HEIGHT" "$WT_WIDTH"
 
 # Check if 443 is open using nmap, if not notify the user
-if [ $(dpkg-query -W -f='${Status}' nmap 2>/dev/null | grep -c "ok installed") -eq 1 ]; then
+if [ $(dpkg-query -W -f='${Status}' nmap 2>/dev/null | grep -c "ok installed") -eq 1 ]
+then
       echo "nmap is already installed..."
       clear
 else
     apt install nmap -y
 fi
 
-if [ $(nmap -sS -p 443 "$WANIP4" | grep -c "open") -eq 1 ]; then
-  echo "Port is open"
+if [ $(nmap -sS -p 443 "$WANIP4" | grep -c "open") -eq 1 ]
+then
+  echo -e "\e[32mPort 443 is open!\e[0m"
   apt remove --purge nmap -y
 else
   whiptail --msgbox "Port 443 is not open..." "$WT_HEIGHT" "$WT_WIDTH"
   apt remove --purge nmap -y
-  exit
+  exit 1
+fi
+
+# Check if Nextcloud is installed
+echo "Checking if Nextcloud is installed..."
+curl -s https://$DOMAIN/status.php | grep -q 'installed":true'
+if [ $? -eq 0 ]
+then
+    sleep 1
+else
+    echo "It seems like Nextcloud is not installed or that you don't use https on your domain."
+    echo "Please install Nextcloud or activate SSL on your installation to be able to run this script"
+    exit 1
 fi
 
 # Update & upgrade
 apt update
 apt upgrade -y
-apt -f install -y
 
 # Check if docker is installed
-	if [ $(dpkg-query -W -f='${Status}' docker.io 2>/dev/null | grep -c "ok installed") -eq 1 ]; then
-				echo "Docker.io is installed..."
+if [ $(dpkg-query -W -f='${Status}' docker.io 2>/dev/null | grep -c "ok installed") -eq 1 ]
+then
+    sleep 1
 else
-				apt install docker.io -y
+    apt install docker.io -y
 fi
 
-	if [ $(dpkg-query -W -f='${Status}' git 2>/dev/null | grep -c "ok installed") -eq 1 ]; then
-				echo "Git is installed..."
+if [ $(dpkg-query -W -f='${Status}' git 2>/dev/null | grep -c "ok installed") -eq 1 ]
+then
+    sleep 1
 else
-				apt install git -y
+    apt install git -y
 fi
 
 # Install Collabora docker
 docker pull collabora/code
-docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=$DOMAIN" --restart always --cap-add MKNOD collabora/code
+docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=$NCDOMAIN" --restart always --cap-add MKNOD collabora/code
 
 # Install Apache2
-	if [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") -eq 1 ];
+if [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") -eq 1 ]
 then
-        echo "Apache2 is installed..."
+    echo "Apache2 is installed..."
 else
-
     {
     i=1
     while read -r line; do
@@ -87,7 +107,6 @@ else
         echo $i
     done < <(apt install apache2 -y)
     } | whiptail --title "Progress" --gauge "Please wait while installing Apache2" 6 60 0
-
 fi
 
 # Enable Apache2 module's
@@ -99,19 +118,18 @@ a2enmod ssl
 # Create Vhost for Collabora online in Apache2
 if [ -f "$HTTPS_CONF" ];
 then
-        echo "Virtual Host exists"
+    echo "Virtual Host exists"
 else
-
-	touch "$HTTPS_CONF"
+        touch "$HTTPS_CONF"
         cat << HTTPS_CREATE > "$HTTPS_CONF"
 <VirtualHost *:443>
-  ServerName $EDITORDOMAIN:443
+  ServerName $SUBDOMAIN:443
 
   # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
   SSLEngine on
-  SSLCertificateChainFile $CERTFILES/$EDITORDOMAIN/chain.pem
-  SSLCertificateFile $CERTFILES/$EDITORDOMAIN/cert.pem
-  SSLCertificateKeyFile $CERTFILES/$EDITORDOMAIN/privkey.pem
+  SSLCertificateChainFile $CERTFILES/$SUBDOMAIN/chain.pem
+  SSLCertificateFile $CERTFILES/$SUBDOMAIN/cert.pem
+  SSLCertificateKeyFile $CERTFILES/$SUBDOMAIN/privkey.pem
   SSLProtocol             all -SSLv2 -SSLv3
   SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
   SSLHonorCipherOrder     on
@@ -145,17 +163,17 @@ else
 
   # Download as, Fullscreen presentation and Image upload operations
   ProxyPass           /lool https://127.0.0.1:9980/lool
-ProxyPassReverse /lool https://127.0.0.1:9980/lool
+  ProxyPassReverse /lool https://127.0.0.1:9980/lool
 </VirtualHost>
 HTTPS_CREATE
 
 if [ -f "$HTTPS_CONF" ];
 then
-        echo "$HTTPS_CONF was successfully created"
-        sleep 2
+    echo "$HTTPS_CONF was successfully created"
+    sleep 2
 else
-	echo "Unable to create vhost, exiting..."
-	exit
+    echo "Unable to create vhost, exiting..."
+    exit
 fi
 
 fi
@@ -165,13 +183,12 @@ fi
 # Stop Apache to aviod port conflicts
 a2dissite 000-default.conf
 sudo service apache2 stop
-
 ############################### Still need to rewrite test-new-config.sh for collabora domain and add more tries for letsencrypt
 # Generate certs
 cd /etc
 git clone https://github.com/certbot/certbot.git
 cd /etc/certbot
-./letsencrypt-auto certonly --agree-tos --standalone -d $EDITORDOMAIN
+./letsencrypt-auto certonly --agree-tos --standalone -d $SUBDOMAIN
 # Check if $certfiles exists
 if [ -d "$HTTPS_CONF" ]
 then

static/passman.sh

@@ -2,3 +2,5 @@
 
 # We will develop this when Passman is production ready
 # https://github.com/nextcloud/passman
+
+echo "The passman script is not yet developed..."