From f76f78ee87d056a5073b9a0ed81fe0d1cfc49b76 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Mon, 16 Jan 2017 15:04:30 +0100 Subject: [PATCH 01/12] set hostname --- lets-encrypt/activate-ssl.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lets-encrypt/activate-ssl.sh b/lets-encrypt/activate-ssl.sh index f5b074f7..2d06c434 100644 --- a/lets-encrypt/activate-ssl.sh +++ b/lets-encrypt/activate-ssl.sh @@ -173,6 +173,8 @@ fi # Change ServerName in apache.conf sed -i "s|ServerName nextcloud|ServerName $domain|g" /etc/apache2/apache2.conf +sudo hostnamectl set-hostname $domain +service apache2 restart # Generate nextcloud_ssl_domain.conf if [ -f $ssl_conf ] @@ -359,7 +361,9 @@ ENDMSG rm $SCRIPTS/test-new-config.sh rm $ssl_conf rm -R /root/.local/share/letsencrypt -# Change ServerName in apache.conf +# Change ServerName in apache.conf and hostname sed -i "s|ServerName $domain|ServerName nextcloud|g" /etc/apache2/apache2.conf + sudo hostnamectl set-hostname nextcloud + service apache2 restart fi clear From 7d5329634a56d952df68b6ba65ff45c512c8b239 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Mon, 16 Jan 2017 16:06:38 +0100 Subject: [PATCH 02/12] Always keep local configuration when updating (#90) --- nextcloud_update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud_update.sh b/nextcloud_update.sh index 28071191..f69df002 100644 --- a/nextcloud_update.sh +++ b/nextcloud_update.sh @@ -29,7 +29,7 @@ NCVERSION=$(curl -s --max-time 900 $NCREPO/ | tac | grep unknown.gif | sed 's/.* # System Upgrade apt update -apt dist-upgrade -y +export DEBIAN_FRONTEND=noninteractive ; apt dist-upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" # Set secure permissions FILE="$SECURE" From e26e57601f910a1a8b299a013383c20c0b99f3be Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Mon, 16 Jan 2017 16:43:40 +0100 Subject: [PATCH 03/12] Change back to original Nextcloud install (#71) As https://github.com/nextcloud/server/pull/2703 is fixed now, this will work again. --- nextcloud_install_production.sh | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/nextcloud_install_production.sh b/nextcloud_install_production.sh index d0f4ef58..2a3f0729 100644 --- a/nextcloud_install_production.sh +++ b/nextcloud_install_production.sh @@ -23,7 +23,6 @@ OS=$(grep -ic "Ubuntu" /etc/issue.net) # Passwords SHUF=$(shuf -i 13-15 -n 1) MYSQL_PASS=$(cat /dev/urandom | tr -dc "a-zA-Z0-9@#*=" | fold -w $SHUF | head -n 1) -NC_MYSQL_PASS=$(cat /dev/urandom | tr -dc "a-zA-Z0-9@#*=" | fold -w $SHUF | head -n 1) PW_FILE=/var/mysql_password.txt # Directories SCRIPTS=/var/scripts @@ -325,20 +324,14 @@ rm $HTML/$STABLEVERSION.zip wget -q $STATIC/setup_secure_permissions_nextcloud.sh -P $SCRIPTS bash $SCRIPTS/setup_secure_permissions_nextcloud.sh -# Manually create new DB -mysql \ --u root \ --p$MYSQL_PASS \ --e "create database nextcloud_db; GRANT ALL PRIVILEGES ON nextcloud_db.* TO nc_mysql@localhost IDENTIFIED BY '$NC_MYSQL_PASS'" - # Install Nextcloud cd $NCPATH sudo -u www-data php occ maintenance:install \ --data-dir "$NCDATA" \ --database "mysql" \ --database-name "nextcloud_db" \ - --database-user "nc_mysql" \ - --database-pass "$NC_MYSQL_PASS" \ + --database-user "root" \ + --database-pass "$MYSQL_PASS" \ --admin-user "$UNIXUSER" \ --admin-pass "$UNIXPASS" echo From f36bc2faaa684e5aff4956ca3185fa59180e135c Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Mon, 16 Jan 2017 19:51:55 +0100 Subject: [PATCH 04/12] remove / from Let's Encrypt domain --- static/collabora.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static/collabora.sh b/static/collabora.sh index b96b64ac..9d65704b 100644 --- a/static/collabora.sh +++ b/static/collabora.sh @@ -171,7 +171,7 @@ sudo service apache2 stop cd /etc git clone https://github.com/certbot/certbot.git cd /etc/certbot -./letsencrypt-auto certonly --agree-tos --standalone -d $EDITORDOMAIN +./letsencrypt-auto certonly --agree-tos --standalone -d $CLEANDOMAIN # Check if $certfiles exists if [ -d "$HTTPS_CONF" ] then From 484ad593d012b41c004ccf47cad91cc292c7f018 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Mon, 16 Jan 2017 20:24:04 +0100 Subject: [PATCH 05/12] Clean up This could be used to stripe out the backslashes: LEDOMAIN=$(echo "$NCDOMAIN" | tr -d '\\') Was called "CLEANDOMAIN" before. --- static/collabora.sh | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/static/collabora.sh b/static/collabora.sh index 9d65704b..72e8996d 100644 --- a/static/collabora.sh +++ b/static/collabora.sh @@ -3,13 +3,10 @@ ## Variable's # Docker URL -DOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Nextcloud url, make sure it looks like this: cloud\\.yourdomain\\.com" "$WT_HEIGHT" "$WT_WIDTH" cloud\\.yourdomain\\.com 3>&1 1>&2 2>&3) -# Letsencrypt domains (we need to find a solution to add this Letsencrypt request to the main request for the NC domain) -CLEANDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Nextcloud url, now make sure it look normal" "$WT_HEIGHT" "$WT_WIDTH" cloud.yourdomain.com 3>&1 1>&2 2>&3) -EDITORDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Collabora subdomain eg: office.yourdomain.com" "$WT_HEIGHT" "$WT_WIDTH" 3>&1 1>&2 2>&3) -# Vhosts -HTTPS_EXIST="/etc/apache2/sites-available/$CLEANDOMAIN.conf" -HTTPS_CONF="/etc/apache2/sites-available/$EDITORDOMAIN.conf" +SUBDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Collabora subdomain eg: office.yourdomain.com" "$WT_HEIGHT" "$WT_WIDTH" 3>&1 1>&2 2>&3) +NCDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Nextcloud url, make sure it looks like this: cloud\\.yourdomain\\.com" "$WT_HEIGHT" "$WT_WIDTH" cloud\\.yourdomain\\.com 3>&$ +# Vhost +HTTPS_CONF="/etc/apache2/sites-available/$SUBDOMAIN.conf" # Letsencrypt LETSENCRYPTPATH=/etc/letsencrypt CERTFILES=$LETSENCRYPTPATH/live @@ -72,7 +69,7 @@ fi # Install Collabora docker docker pull collabora/code -docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=$DOMAIN" --restart always --cap-add MKNOD collabora/code +docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=$NCDOMAIN" --restart always --cap-add MKNOD collabora/code # Install Apache2 if [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") -eq 1 ]; @@ -105,13 +102,13 @@ else touch "$HTTPS_CONF" cat << HTTPS_CREATE > "$HTTPS_CONF" - ServerName $EDITORDOMAIN:443 + ServerName $SUBDOMAIN:443 # SSL configuration, you may want to take the easy route instead and use Lets Encrypt! SSLEngine on - SSLCertificateChainFile $CERTFILES/$EDITORDOMAIN/chain.pem - SSLCertificateFile $CERTFILES/$EDITORDOMAIN/cert.pem - SSLCertificateKeyFile $CERTFILES/$EDITORDOMAIN/privkey.pem + SSLCertificateChainFile $CERTFILES/$SUBDOMAIN/chain.pem + SSLCertificateFile $CERTFILES/$SUBDOMAIN/cert.pem + SSLCertificateKeyFile $CERTFILES/$SUBDOMAIN/privkey.pem SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on @@ -171,7 +168,7 @@ sudo service apache2 stop cd /etc git clone https://github.com/certbot/certbot.git cd /etc/certbot -./letsencrypt-auto certonly --agree-tos --standalone -d $CLEANDOMAIN +./letsencrypt-auto certonly --agree-tos --standalone -d $SUBDOMAIN # Check if $certfiles exists if [ -d "$HTTPS_CONF" ] then From dee9a6eb82be7f04f9280b5d173eec5b4ac55e92 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Mon, 16 Jan 2017 20:48:58 +0100 Subject: [PATCH 06/12] more clean up and indentation --- static/collabora.sh | 71 +++++++++++++++++++++++++++++---------------- 1 file changed, 46 insertions(+), 25 deletions(-) diff --git a/static/collabora.sh b/static/collabora.sh index 72e8996d..ce1e6b69 100644 --- a/static/collabora.sh +++ b/static/collabora.sh @@ -4,7 +4,8 @@ ## Variable's # Docker URL SUBDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Collabora subdomain eg: office.yourdomain.com" "$WT_HEIGHT" "$WT_WIDTH" 3>&1 1>&2 2>&3) -NCDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Nextcloud url, make sure it looks like this: cloud\\.yourdomain\\.com" "$WT_HEIGHT" "$WT_WIDTH" cloud\\.yourdomain\\.com 3>&$ +# Nextcloud Main Domain +NCDOMAIN=$$(whiptail --title "Techandme.se Collabora" --inputbox "Nextcloud url, make sure it looks like this: cloud\\.yourdomain\\.com" "$WT_HEIGHT" "$WT_WIDTH" cloud\\.yourdomain\\.com 3>&1 1>&2 2>&3) # Vhost HTTPS_CONF="/etc/apache2/sites-available/$SUBDOMAIN.conf" # Letsencrypt @@ -15,6 +16,15 @@ WANIP4=$(dig +short myip.opendns.com @resolver1.opendns.com) # Misc SCRIPTS=/var/scripts +# Check if root +if [ "$(whoami)" != "root" ] +then + echo + echo -e "\e[31mSorry, you are not root.\n\e[0mYou must type: \e[36msudo \e[0mbash $SCRIPTS/collabora.sh" + echo + exit 1 +fi + # Whiptail auto size calc_wt_size() { WT_HEIGHT=17 @@ -33,38 +43,53 @@ calc_wt_size() { whiptail --msgbox "Please before you start make sure port 443 is directly forwarded to this machine or open!" "$WT_HEIGHT" "$WT_WIDTH" # Check if 443 is open using nmap, if not notify the user -if [ $(dpkg-query -W -f='${Status}' nmap 2>/dev/null | grep -c "ok installed") -eq 1 ]; then +if [ $(dpkg-query -W -f='${Status}' nmap 2>/dev/null | grep -c "ok installed") -eq 1 ] +then echo "nmap is already installed..." clear else apt install nmap -y fi -if [ $(nmap -sS -p 443 "$WANIP4" | grep -c "open") -eq 1 ]; then - echo "Port is open" +if [ $(nmap -sS -p 443 "$WANIP4" | grep -c "open") -eq 1 ] +then + echo -e "\e[32mPort 443 is open!\e[0m" apt remove --purge nmap -y else whiptail --msgbox "Port 443 is not open..." "$WT_HEIGHT" "$WT_WIDTH" apt remove --purge nmap -y - exit + exit 1 +fi + +# Check if Nextcloud is installed +echo "Checking if Nextcloud is installed..." +curl -s https://$DOMAIN/status.php | grep -q 'installed":true' +if [ $? -eq 0 ] +then + sleep 1 +else + echo "It seems like Nextcloud is not installed or that you don't use https on your domain." + echo "Please install Nextcloud or activate SSL on your installation to be able to run this script" + exit 1 fi # Update & upgrade apt update apt upgrade -y -apt -f install -y # Check if docker is installed - if [ $(dpkg-query -W -f='${Status}' docker.io 2>/dev/null | grep -c "ok installed") -eq 1 ]; then - echo "Docker.io is installed..." +if [ $(dpkg-query -W -f='${Status}' docker.io 2>/dev/null | grep -c "ok installed") -eq 1 ] +then + sleep 1 else - apt install docker.io -y + apt install docker.io -y fi - if [ $(dpkg-query -W -f='${Status}' git 2>/dev/null | grep -c "ok installed") -eq 1 ]; then - echo "Git is installed..." +if [ $(dpkg-query -W -f='${Status}' git 2>/dev/null | grep -c "ok installed") -eq 1 ] +then + sleep 1 else - apt install git -y + apt install git -y fi # Install Collabora docker @@ -72,11 +97,10 @@ docker pull collabora/code docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=$NCDOMAIN" --restart always --cap-add MKNOD collabora/code # Install Apache2 - if [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") -eq 1 ]; +if [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") -eq 1 ] then - echo "Apache2 is installed..." + echo "Apache2 is installed..." else - { i=1 while read -r line; do @@ -84,7 +108,6 @@ else echo $i done < <(apt install apache2 -y) } | whiptail --title "Progress" --gauge "Please wait while installing Apache2" 6 60 0 - fi # Enable Apache2 module's @@ -96,10 +119,9 @@ a2enmod ssl # Create Vhost for Collabora online in Apache2 if [ -f "$HTTPS_CONF" ]; then - echo "Virtual Host exists" + echo "Virtual Host exists" else - - touch "$HTTPS_CONF" + touch "$HTTPS_CONF" cat << HTTPS_CREATE > "$HTTPS_CONF" ServerName $SUBDOMAIN:443 @@ -142,17 +164,17 @@ else # Download as, Fullscreen presentation and Image upload operations ProxyPass /lool https://127.0.0.1:9980/lool -ProxyPassReverse /lool https://127.0.0.1:9980/lool + ProxyPassReverse /lool https://127.0.0.1:9980/lool HTTPS_CREATE if [ -f "$HTTPS_CONF" ]; then - echo "$HTTPS_CONF was successfully created" - sleep 2 + echo "$HTTPS_CONF was successfully created" + sleep 2 else - echo "Unable to create vhost, exiting..." - exit + echo "Unable to create vhost, exiting..." + exit fi fi @@ -162,7 +184,6 @@ fi # Stop Apache to aviod port conflicts a2dissite 000-default.conf sudo service apache2 stop - ############################### Still need to rewrite test-new-config.sh for collabora domain and add more tries for letsencrypt # Generate certs cd /etc From 013afb7d489465d9e63082a274122cc0ed2c04f4 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Mon, 16 Jan 2017 20:50:00 +0100 Subject: [PATCH 07/12] typo --- static/collabora.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static/collabora.sh b/static/collabora.sh index ce1e6b69..22514fc9 100644 --- a/static/collabora.sh +++ b/static/collabora.sh @@ -5,7 +5,7 @@ # Docker URL SUBDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Collabora subdomain eg: office.yourdomain.com" "$WT_HEIGHT" "$WT_WIDTH" 3>&1 1>&2 2>&3) # Nextcloud Main Domain -NCDOMAIN=$$(whiptail --title "Techandme.se Collabora" --inputbox "Nextcloud url, make sure it looks like this: cloud\\.yourdomain\\.com" "$WT_HEIGHT" "$WT_WIDTH" cloud\\.yourdomain\\.com 3>&1 1>&2 2>&3) +NCDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Nextcloud url, make sure it looks like this: cloud\\.yourdomain\\.com" "$WT_HEIGHT" "$WT_WIDTH" cloud\\.yourdomain\\.com 3>&1 1>&2 2>&3) # Vhost HTTPS_CONF="/etc/apache2/sites-available/$SUBDOMAIN.conf" # Letsencrypt From 7beb71cfbf57ed1acff076fa57ef31d7a4c5e44c Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Mon, 16 Jan 2017 20:54:41 +0100 Subject: [PATCH 08/12] check if root first --- static/collabora.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/static/collabora.sh b/static/collabora.sh index 22514fc9..67b4a57d 100644 --- a/static/collabora.sh +++ b/static/collabora.sh @@ -1,6 +1,15 @@ #!/bin/bash # Collabora auto installer +# Check if root +if [ "$(whoami)" != "root" ] +then + echo + echo -e "\e[31mSorry, you are not root.\n\e[0mYou must type: \e[36msudo \e[0mbash $SCRIPTS/collabora.sh" + echo + exit 1 +fi + ## Variable's # Docker URL SUBDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Collabora subdomain eg: office.yourdomain.com" "$WT_HEIGHT" "$WT_WIDTH" 3>&1 1>&2 2>&3) @@ -16,15 +25,6 @@ WANIP4=$(dig +short myip.opendns.com @resolver1.opendns.com) # Misc SCRIPTS=/var/scripts -# Check if root -if [ "$(whoami)" != "root" ] -then - echo - echo -e "\e[31mSorry, you are not root.\n\e[0mYou must type: \e[36msudo \e[0mbash $SCRIPTS/collabora.sh" - echo - exit 1 -fi - # Whiptail auto size calc_wt_size() { WT_HEIGHT=17 From 4335c59b189dde87c5d8771b4ecb13ac48b8661d Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Mon, 16 Jan 2017 20:55:57 +0100 Subject: [PATCH 09/12] move variable --- static/collabora.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/static/collabora.sh b/static/collabora.sh index 67b4a57d..78aa574e 100644 --- a/static/collabora.sh +++ b/static/collabora.sh @@ -1,6 +1,7 @@ #!/bin/bash # Collabora auto installer +SCRIPTS=/var/scripts # Check if root if [ "$(whoami)" != "root" ] then @@ -22,8 +23,6 @@ LETSENCRYPTPATH=/etc/letsencrypt CERTFILES=$LETSENCRYPTPATH/live # WANIP WANIP4=$(dig +short myip.opendns.com @resolver1.opendns.com) -# Misc -SCRIPTS=/var/scripts # Whiptail auto size calc_wt_size() { From afacc3c63f2727c5b139f61fe97f2102cad24f3e Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Mon, 16 Jan 2017 21:26:38 +0100 Subject: [PATCH 10/12] inform user --- static/passman.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/static/passman.sh b/static/passman.sh index d0deef2a..c33dd69e 100644 --- a/static/passman.sh +++ b/static/passman.sh @@ -2,3 +2,5 @@ # We will develop this when Passman is production ready # https://github.com/nextcloud/passman + +echo "The passman script is not yet developed..." From e63e04ce41f9964e0bd7325b090676c305b10721 Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Mon, 16 Jan 2017 21:48:32 +0100 Subject: [PATCH 11/12] update version checker --- nextcloud_install_production.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nextcloud_install_production.sh b/nextcloud_install_production.sh index 2a3f0729..d2e2e14c 100644 --- a/nextcloud_install_production.sh +++ b/nextcloud_install_production.sh @@ -497,10 +497,10 @@ apt update -q2 apt install webmin -y # Nextcloud apps -CONVER=$(wget -q https://raw.githubusercontent.com/nextcloud/contacts/master/appinfo/info.xml && grep -Po "(?<=)[^<]*(?=)" info.xml && rm info.xml) +CONVER=$(curl -s https://api.github.com/repos/nextcloud/contacts/releases/latest | grep "tag_name" | cut -d\" -f4 | sed -e "s|v||g") CONVER_FILE=contacts.tar.gz CONVER_REPO=https://github.com/nextcloud/contacts/releases/download -CALVER=$(wget -q https://raw.githubusercontent.com/nextcloud/calendar/master/appinfo/info.xml && grep -Po "(?<=)[^<]*(?=)" info.xml && rm info.xml) +CALVER=$(curl -s https://api.github.com/repos/nextcloud/calendar/releases/latest | grep "tag_name" | cut -d\" -f4 | sed -e "s|v||g") CALVER_FILE=calendar.tar.gz CALVER_REPO=https://github.com/nextcloud/calendar/releases/download From c85aaed8f76413dffab974c68c902b61d1a4fedd Mon Sep 17 00:00:00 2001 From: Daniel Hansson Date: Tue, 17 Jan 2017 00:20:58 +0100 Subject: [PATCH 12/12] Set pretty urls --- nextcloud_update.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nextcloud_update.sh b/nextcloud_update.sh index f69df002..10fb7826 100644 --- a/nextcloud_update.sh +++ b/nextcloud_update.sh @@ -194,7 +194,11 @@ else echo "Theme set" fi -# Set secure permissions again +# Pretty URLs +echo "Setting RewriteBase to "/" in config.php..." +chown -R www-data:www-data $NCPATH +sudo -u www-data php $NCPATH/occ config:system:set htaccess.RewriteBase --value="/" +sudo -u www-data php $NCPATH/occ maintenance:update:htaccess bash $SECURE # Repair