scale-catalog/jails/nextcloud/install.sh

363 lines
16 KiB
Bash
Raw Normal View History

#!/usr/local/bin/bash
# This script installs the current release of Nextcloud into a create jail
# Based on the example by danb35: https://github.com/danb35/freenas-iocage-nextcloud
# Initialise defaults
JAIL_NAME="nextcloud"
# shellcheck disable=SC2154
JAIL_IP="${nextcloud_ip4_addr%/*}"
# shellcheck disable=SC2154
DATABASE="$nextcloud_database"
INCLUDES_PATH="${SCRIPT_DIR}/jails/nextcloud/includes"
# shellcheck disable=SC2154
STANDALONE_CERT=${nextcloud_standalone_cert}
# shellcheck disable=SC2154
SELFSIGNED_CERT=${nextcloud_selfsigned_cert}
# shellcheck disable=SC2154
DNS_CERT=${nextcloud_dns_cert}
# shellcheck disable=SC2154
NO_CERT=${nextcloud_no_cert}
# shellcheck disable=SC2154
DL_FLAGS=${nextcloud_dl_flags}
# shellcheck disable=SC2154
DNS_SETTING=${nextcloud_dns_settings}
# shellcheck disable=SC2154
CERT_EMAIL=${nextcloud_cert_email}
# shellcheck disable=SC2154
HOST_NAME=${nextcloud_host_name}
# Only generate new DB passwords when using buildin database
# Set DB username and database to fixed "nextcloud"
if [ "${DATABASE}" = "pgsql-external" ]; then
DB_NAME="PostgreSQL"
# shellcheck disable=SC2154
DB_HOST="${nextcloud_db_host}"
# shellcheck disable=SC2154
DB_DATABASE="${nextcloud_db_database}"
# shellcheck disable=SC2154
DB_USER="${nextcloud_db_user}"
# shellcheck disable=SC2154
DB_PASSWORD="${nextcloud_db_password}"
elif [ "${DATABASE}" = "mariadb-external" ]; then
DB_NAME="MariaDB"
DB_HOST="${nextcloud_db_host}"
DB_DATABASE="${nextcloud_db_database}"
DB_USER="${nextcloud_db_user}"
DB_PASSWORD="${nextcloud_db_password}"
elif [ "${DATABASE}" = "mariadb-jail" ]; then
DB_DATABASE="nextcloud"
DB_USER="nextcloud"
# shellcheck disable=SC2154
DB_HOST="${mariadb_ip4_addr%/*}:3306"
DB_PASSWORD="${nextcloud_db_password}"
else
echo "Invalid ${JAIL_NAME}_database selected please select one from the following options:"
echo "mariadb-jail, mariadb-external, pgsql-external"
exit 1
fi
ADMIN_PASSWORD=$(openssl rand -base64 12)
#####
#
# Input Sanity Check
#
#####
# Check that necessary variables were set by nextcloud-config
if [ -z "${nextcloud_ip4_addr}" ]; then
echo 'Configuration error: The Nextcloud jail does NOT accept DHCP'
echo 'Please reinstall using a fixed IP adress'
exit 1
fi
if [ -z "${DB_PASSWORD}" ]; then
echo 'Configuration error: The Nextcloud Jail needs a database password'
echo 'Please reinstall with a defifined: db_password'
exit 1
fi
if [ -z "${DB_USER}" ]; then
echo 'Configuration error: The Nextcloud Jail needs a database user'
echo 'Please reinstall with a defifined: db_user'
exit 1
fi
if [ -z "${DB_HOST}" ]; then
echo 'Configuration error: The Nextcloud Jail needs a database host'
echo 'Please reinstall with a defifined: db_host'
exit 1
fi
if [ -z "${DB_DATABASE}" ]; then
echo 'Configuration error: The Nextcloud Jail needs a database name'
echo 'Please reinstall with a defifined: db_database'
exit 1
fi
# shellcheck disable=SC2154
if [ -z "${nextcloud_time_zone}" ]; then
echo 'Configuration error: TIME_ZONE must be set'
exit 1
fi
if [ -z "${HOST_NAME}" ]; then
echo 'Configuration error: HOST_NAME must be set'
exit 1
fi
if [ "$STANDALONE_CERT" -eq 0 ] && [ "$DNS_CERT" -eq 0 ] && [ "$NO_CERT" -eq 0 ] && [ "$SELFSIGNED_CERT" -eq 0 ]; then
echo 'Configuration error: Either STANDALONE_CERT, DNS_CERT, NO_CERT,'
echo 'or SELFSIGNED_CERT must be set to 1.'
exit 1
fi
if [ "$STANDALONE_CERT" -eq 1 ] && [ "$DNS_CERT" -eq 1 ] ; then
echo 'Configuration error: Only one of STANDALONE_CERT and DNS_CERT'
echo 'may be set to 1.'
exit 1
fi
if [ "$DNS_CERT" -eq 1 ] && [ -z "${DNS_PLUGIN}" ] ; then
echo "DNS_PLUGIN must be set to a supported DNS provider."
echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for list."
echo "Be sure to omit the prefix of \"tls.dns.\"."
exit 1
fi
if [ "$DNS_CERT" -eq 1 ] && [ -z "${DNS_ENV}" ] ; then
echo "DNS_ENV must be set to a your DNS provider\'s authentication credentials."
echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for more."
exit 1
fi
if [ "$DNS_CERT" -eq 1 ] ; then
DL_FLAGS="tls.dns.${DNS_PLUGIN}"
DNS_SETTING="dns ${DNS_PLUGIN}"
fi
# Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke
# shellcheck disable=SC2154
if [ "$(ls -A "/mnt/${global_dataset_config}/${JAIL_NAME}/config")" ]; then
echo "Reinstall of Nextcloud detected... "
echo "External database selected, unable to verify compatibility. REINSTALL MIGHT NOT WORK... Continuing"
REINSTALL="true"
fi
#####
#
# Fstab And Mounts
#
#####
# Create and Mount Nextcloud, Config and Files
createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/config /usr/local/www/nextcloud/config
createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/themes /usr/local/www/nextcloud/themes
createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/files /config/files
# Install includes fstab
iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes
iocage fstab -a "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0
iocage exec "${JAIL_NAME}" chown -R www:www /config/files
iocage exec "${JAIL_NAME}" chmod -R 770 /config/files
#####
#
# Basic dependency install
#
#####
if [ "${DATABASE}" = "mariadb-external" ] || [ "${DATABASE}" = "mariadb-jail" ]; then
iocage exec "${JAIL_NAME}" pkg install -qy mariadb103-client php73-pdo_mysql php73-mysqli
elif [ "${DATABASE}" = "pgsql-external" ]; then
iocage exec "${JAIL_NAME}" pkg install -qy postgresql10-client php73-pgsql php73-pdo_pgsql
fi
fetch -o /tmp https://getcaddy.com
if ! iocage exec "${JAIL_NAME}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com
then
echo "Failed to download/install Caddy"
exit 1
fi
iocage exec "${JAIL_NAME}" sysrc redis_enable="YES"
iocage exec "${JAIL_NAME}" sysrc php_fpm_enable="YES"
iocage exec "${JAIL_NAME}" sh -c "make -C /usr/ports/www/php73-opcache clean install BATCH=yes"
iocage exec "${JAIL_NAME}" sh -c "make -C /usr/ports/devel/php73-pcntl clean install BATCH=yes"
#####
#
# Install Nextcloud
#
#####
FILE="latest-18.tar.bz2"
if ! iocage exec "${JAIL_NAME}" fetch -o /tmp https://download.nextcloud.com/server/releases/"${FILE}" https://download.nextcloud.com/server/releases/"${FILE}".asc https://nextcloud.com/nextcloud.asc
then
echo "Failed to download Nextcloud"
exit 1
fi
iocage exec "${JAIL_NAME}" gpg --import /tmp/nextcloud.asc
if ! iocage exec "${JAIL_NAME}" gpg --verify /tmp/"${FILE}".asc
then
echo "GPG Signature Verification Failed!"
echo "The Nextcloud download is corrupt."
exit 1
fi
iocage exec "${JAIL_NAME}" tar xjf /tmp/"${FILE}" -C /usr/local/www/
iocage exec "${JAIL_NAME}" chown -R www:www /usr/local/www/nextcloud/
# Generate and install self-signed cert, if necessary
if [ "$SELFSIGNED_CERT" -eq 1 ] && [ ! -f "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl/privkey.pem" ]; then
echo "No ssl certificate present, generating self signed certificate"
if [ ! -d "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl" ]; then
echo "cert folder not existing... creating..."
iocage exec ${JAIL_NAME} mkdir /config/ssl
fi
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=${HOST_NAME}" -keyout "${INCLUDES_PATH}"/privkey.pem -out "${INCLUDES_PATH}"/fullchain.pem
iocage exec "${JAIL_NAME}" cp /mnt/includes/privkey.pem /config/ssl/privkey.pem
iocage exec "${JAIL_NAME}" cp /mnt/includes/fullchain.pem /config/ssl/fullchain.pem
fi
# Copy and edit pre-written config files
iocage exec "${JAIL_NAME}" cp -f /mnt/includes/php.ini /usr/local/etc/php.ini
iocage exec "${JAIL_NAME}" cp -f /mnt/includes/redis.conf /usr/local/etc/redis.conf
iocage exec "${JAIL_NAME}" cp -f /mnt/includes/www.conf /usr/local/etc/php-fpm.d/
if [ "$STANDALONE_CERT" -eq 1 ] || [ "$DNS_CERT" -eq 1 ]; then
iocage exec "${JAIL_NAME}" cp -f /mnt/includes/remove-staging.sh /root/
fi
if [ "$NO_CERT" -eq 1 ]; then
echo "Copying Caddyfile for no SSL"
iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile-nossl /usr/local/www/Caddyfile
elif [ "$SELFSIGNED_CERT" -eq 1 ]; then
echo "Copying Caddyfile for self-signed cert"
iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile-selfsigned /usr/local/www/Caddyfile
else
echo "Copying Caddyfile for Let's Encrypt cert"
iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/
fi
iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/
iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${HOST_NAME}/" /usr/local/www/Caddyfile
iocage exec "${JAIL_NAME}" sed -i '' "s/DNS-PLACEHOLDER/${DNS_SETTING}/" /usr/local/www/Caddyfile
iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile
iocage exec "${JAIL_NAME}" sed -i '' "s|mytimezone|${nextcloud_time_zone}|" /usr/local/etc/php.ini
iocage exec "${JAIL_NAME}" sysrc caddy_enable="YES"
iocage exec "${JAIL_NAME}" sysrc caddy_cert_email="${CERT_EMAIL}"
iocage exec "${JAIL_NAME}" sysrc caddy_SNI_default="${HOST_NAME}"
iocage exec "${JAIL_NAME}" sysrc caddy_env="${DNS_ENV}"
iocage restart "${JAIL_NAME}"
if [ "${REINSTALL}" == "true" ]; then
echo "Reinstall detected, skipping generaion of new config and database"
else
# Secure database, set root password, create Nextcloud DB, user, and password
if [ "${DATABASE}" = "mariadb-jail" ]; then
iocage exec "mariadb" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};"
iocage exec "mariadb" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${DB_PASSWORD}';"
iocage exec "mariadb" mysqladmin reload
fi
# Save passwords for later reference
iocage exec "${JAIL_NAME}" echo "${DB_NAME} root password is ${DB_ROOT_PASSWORD}" > /root/${JAIL_NAME}_db_password.txt
iocage exec "${JAIL_NAME}" echo "Nextcloud database password is ${DB_PASSWORD}" >> /root/${JAIL_NAME}_db_password.txt
iocage exec "${JAIL_NAME}" echo "Nextcloud Administrator password is ${ADMIN_PASSWORD}" >> /root/${JAIL_NAME}_db_password.txt
# CLI installation and configuration of Nextcloud
if [ "${DATABASE}" = "mariadb-external" ] || [ "${DATABASE}" = "mariadb-jail" ]; then
iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"mysql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${ADMIN_PASSWORD}\" --data-dir=\"/config/files\""
iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set mysql.utf8mb4 --type boolean --value=\"true\""
elif [ "${DATABASE}" = "pgsql-external" ]; then
iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"pgsql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${ADMIN_PASSWORD}\" --data-dir=\"/config/files\""
fi
iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ db:add-missing-indices"
iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ db:convert-filecache-bigint --no-interaction"
iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set logtimezone --value=\"${nextcloud_time_zone}\""
iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set log_type --value="file"'
iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logfile --value="/var/log/nextcloud.log"'
iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set loglevel --value="2"'
iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logrotate_size --value="104847600"'
iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"'
iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis host --value="/tmp/redis.sock"'
iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis port --value=0 --type=integer'
iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"'
iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwritehost --value=\"${HOST_NAME}\""
iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwriteprotocol --value=\"https\""
if [ "$NO_CERT" -eq 1 ]; then
iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"http://${HOST_NAME}/\""
else
iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"https://${HOST_NAME}/\""
fi
iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set htaccess.RewriteBase --value="/"'
iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ maintenance:update:htaccess'
iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 1 --value=\"${HOST_NAME}\""
iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 2 --value=\"${JAIL_IP}\""
iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ app:enable encryption'
iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:enable'
iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:disable'
iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ background:cron'
fi
iocage exec "${JAIL_NAME}" touch /var/log/nextcloud.log
iocage exec "${JAIL_NAME}" chown www /var/log/nextcloud.log
iocage exec "${JAIL_NAME}" su -m www -c 'php -f /usr/local/www/nextcloud/cron.php'
iocage exec "${JAIL_NAME}" crontab -u www /mnt/includes/www-crontab
# Don't need /mnt/includes any more, so unmount it
iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0
# Done!
echo "Installation complete!"
if [ "$NO_CERT" -eq 1 ]; then
echo "Using your web browser, go to http://${HOST_NAME} to log in"
else
echo "Using your web browser, go to https://${HOST_NAME} to log in"
fi
if [ "${REINSTALL}" == "true" ]; then
echo "You did a reinstall, please use your old database and account credentials"
else
echo "Default user is admin, password is ${ADMIN_PASSWORD}"
echo ""
echo "Database Information"
echo "--------------------"
echo "Database user = ${DB_USER}"
echo "Database password = ${DB_PASSWORD}"
echo ""
echo "All passwords are saved in /root/${JAIL_NAME}_db_password.txt"
fi
echo ""
if [ "$STANDALONE_CERT" -eq 1 ] || [ "$DNS_CERT" -eq 1 ]; then
echo "You have obtained your Let's Encrypt certificate using the staging server."
echo "This certificate will not be trusted by your browser and will cause SSL errors"
echo "when you connect. Once you've verified that everything else is working"
echo "correctly, you should issue a trusted certificate. To do this, run:"
echo " iocage exec ${JAIL_NAME} /root/remove-staging.sh"
echo ""
elif [ "$SELFSIGNED_CERT" -eq 1 ]; then
echo "You have chosen to create a self-signed TLS certificate for your Nextcloud"
echo "installation. This certificate will not be trusted by your browser and"
echo "will cause SSL errors when you connect. If you wish to replace this certificate"
echo "with one obtained elsewhere, the private key is located at:"
echo "/config/ssl/privkey.pem"
echo "The full chain (server + intermediate certificates together) is at:"
echo "/config/ssl/fullchain.pem"
echo ""
fi