scale-catalog/jails/nextcloud/install.sh

#!/usr/local/bin/bash
# This script installs the current release of Nextcloud into a create jail
# Based on the example by danb35: https://github.com/danb35/freenas-iocage-nextcloud


# Initialise defaults
JAIL_NAME="nextcloud"
JAIL_IP="$(sed 's|\(.*\)/.*|\1|' <<<"${nextcloud_ip4_addr}" )"
DATABASE="$nextcloud_database"
INCLUDES_PATH="${SCRIPT_DIR}/jails/nextcloud/includes"
STANDALONE_CERT=${nextcloud_standalone_cert}
SELFSIGNED_CERT=${nextcloud_selfsigned_cert}
DNS_CERT=${nextcloud_dns_cert}
NO_CERT=${nextcloud_no_cert}
DL_FLAGS=${nextcloud_dl_flags}
DNS_SETTING=${nextcloud_dns_settings}
CERT_EMAIL=${nextcloud_cert_email}
HOST_NAME=${nextcloud_host_name}

# Only generate new DB passwords when using buildin database
# Set DB username and database to fixed "nextcloud"

if [ "${DATABASE}" = "pgsql-external" ]; then
  DB_NAME="PostgreSQL"
  DB_HOST="${nextcloud_db_host}"
  DB_DATABASE="${nextcloud_db_database}"
  DB_USER="${nextcloud_db_user}"
  DB_PASSWORD="${nextcloud_db_password}"
elif [ "${DATABASE}" = "mariadb-external" ]; then
  DB_NAME="MariaDB"
  DB_HOST="${nextcloud_db_host}"
  DB_DATABASE="${nextcloud_db_database}"
  DB_USER="${nextcloud_db_user}"
  DB_PASSWORD="${nextcloud_db_password}"
elif [ "${DATABASE}" = "mariadb-jail" ]; then
  DB_DATABASE="nextcloud"
  DB_USER="nextcloud"
  DB_HOST="$(sed 's|\(.*\)/.*|\1|' <<<"${mariadb_ip4_addr}"):3306"
  DB_PASSWORD="${nextcloud_db_password}"
else
  echo "Invalid ${JAIL_NAME}_database selected please select one from the following options:"
  echo "mariadb-jail, mariadb-external, pgsql-external"
  exit 1
fi


ADMIN_PASSWORD=$(openssl rand -base64 12)

#####
# 
# Input Sanity Check 
#
#####


# Check that necessary variables were set by nextcloud-config
if [ -z "${nextcloud_ip4_addr}" ]; then
  echo 'Configuration error: The Nextcloud jail does NOT accept DHCP'
  echo 'Please reinstall using a fixed IP adress'
  exit 1
fi

if [ -z "${DB_PASSWORD}" ]; then
  echo 'Configuration error: The Nextcloud Jail needs a database password'
  echo 'Please reinstall with a defifined: db_password'
  exit 1
fi

if [ -z "${DB_USER}" ]; then
  echo 'Configuration error: The Nextcloud Jail needs a database user'
  echo 'Please reinstall with a defifined: db_user'
  exit 1
fi

if [ -z "${DB_HOST}" ]; then
	echo 'Configuration error: The Nextcloud Jail needs a database host'
  echo 'Please reinstall with a defifined: db_host'
  exit 1
fi

if [ -z "${DB_DATABASE}" ]; then
	echo 'Configuration error: The Nextcloud Jail needs a database name'
  echo 'Please reinstall with a defifined: db_database'
  exit 1
fi

if [ -z "${nextcloud_time_zone}" ]; then
  echo 'Configuration error: TIME_ZONE must be set'
  exit 1
fi
if [ -z "${HOST_NAME}" ]; then
  echo 'Configuration error: HOST_NAME must be set'
  exit 1
fi
if [ $STANDALONE_CERT -eq 0 ] && [ $DNS_CERT -eq 0 ] && [ $NO_CERT -eq 0 ] && [ $SELFSIGNED_CERT -eq 0 ]; then
  echo 'Configuration error: Either STANDALONE_CERT, DNS_CERT, NO_CERT,'
  echo 'or SELFSIGNED_CERT must be set to 1.'
  exit 1
fi
if [ $STANDALONE_CERT -eq 1 ] && [ $DNS_CERT -eq 1 ] ; then
  echo 'Configuration error: Only one of STANDALONE_CERT and DNS_CERT'
  echo 'may be set to 1.'
  exit 1
fi

if [ $DNS_CERT -eq 1 ] && [ -z "${DNS_PLUGIN}" ] ; then
  echo "DNS_PLUGIN must be set to a supported DNS provider."
  echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for list."
  echo "Be sure to omit the prefix of \"tls.dns.\"."
  exit 1
fi  
if [ $DNS_CERT -eq 1 ] && [ -z "${DNS_ENV}" ] ; then
  echo "DNS_ENV must be set to a your DNS provider\'s authentication credentials."
  echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for more."
  exit 1
fi  

if [ $DNS_CERT -eq 1 ] ; then
  DL_FLAGS="tls.dns.${DNS_PLUGIN}"
  DNS_SETTING="dns ${DNS_PLUGIN}"
fi

# Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke
if [ "$(ls -A "/mnt/${global_dataset_config}/${JAIL_NAME}/config")" ]; then
	echo "Reinstall of Nextcloud detected... "
	echo "External database selected, unable to verify compatibility. REINSTALL MIGHT NOT WORK... Continuing"
	REINSTALL="true"
fi


#####
	# 
# Fstab And Mounts
#
#####

# Create and Mount Nextcloud, Config and Files
createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/config /usr/local/www/nextcloud/config
createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/themes /usr/local/www/nextcloud/themes
createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/files /config/files

# Install includes fstab
iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes
iocage fstab -a "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0


iocage exec "${JAIL_NAME}" chown -R www:www /config/files
iocage exec "${JAIL_NAME}" chmod -R 770 /config/files


#####
# 
# Basic dependency install
#
#####

if [ "${DATABASE}" = "mariadb-external" ] || [ "${DATABASE}" = "mariadb-jail" ]; then
  iocage exec "${JAIL_NAME}" pkg install -qy mariadb103-client php73-pdo_mysql php73-mysqli
elif [ "${DATABASE}" = "pgsql-external" ]; then
  iocage exec "${JAIL_NAME}" pkg install -qy postgresql10-client php73-pgsql php73-pdo_pgsql
fi

fetch -o /tmp https://getcaddy.com
if ! iocage exec "${JAIL_NAME}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com
then
	echo "Failed to download/install Caddy"
	exit 1
fi

iocage exec "${JAIL_NAME}" sysrc redis_enable="YES"
iocage exec "${JAIL_NAME}" sysrc php_fpm_enable="YES"
iocage exec "${JAIL_NAME}" sh -c "make -C /usr/ports/www/php73-opcache clean install BATCH=yes"
iocage exec "${JAIL_NAME}" sh -c "make -C /usr/ports/devel/php73-pcntl clean install BATCH=yes"


#####
# 
# Install Nextcloud
#
#####

FILE="latest-18.tar.bz2"
if ! iocage exec "${JAIL_NAME}" fetch -o /tmp https://download.nextcloud.com/server/releases/"${FILE}" https://download.nextcloud.com/server/releases/"${FILE}".asc https://nextcloud.com/nextcloud.asc
then
	echo "Failed to download Nextcloud"
	exit 1
fi
iocage exec "${JAIL_NAME}" gpg --import /tmp/nextcloud.asc
if ! iocage exec "${JAIL_NAME}" gpg --verify /tmp/"${FILE}".asc
then
	echo "GPG Signature Verification Failed!"
	echo "The Nextcloud download is corrupt."
	exit 1
fi
iocage exec "${JAIL_NAME}" tar xjf /tmp/"${FILE}" -C /usr/local/www/
iocage exec "${JAIL_NAME}" chown -R www:www /usr/local/www/nextcloud/


# Generate and install self-signed cert, if necessary
if [ $SELFSIGNED_CERT -eq 1 ] && [ ! -f "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl/privkey.pem" ]; then
	echo "No ssl certificate present, generating self signed certificate"
	if [ ! -d "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl" ]; then
		echo "cert folder not existing... creating..."
		iocage exec ${JAIL_NAME} mkdir /config/ssl
	fi
	openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=${HOST_NAME}" -keyout "${INCLUDES_PATH}"/privkey.pem -out "${INCLUDES_PATH}"/fullchain.pem
	iocage exec "${JAIL_NAME}" cp /mnt/includes/privkey.pem /config/ssl/privkey.pem
	iocage exec "${JAIL_NAME}" cp /mnt/includes/fullchain.pem /config/ssl/fullchain.pem
fi

# Copy and edit pre-written config files
iocage exec "${JAIL_NAME}" cp -f /mnt/includes/php.ini /usr/local/etc/php.ini
iocage exec "${JAIL_NAME}" cp -f /mnt/includes/redis.conf /usr/local/etc/redis.conf
iocage exec "${JAIL_NAME}" cp -f /mnt/includes/www.conf /usr/local/etc/php-fpm.d/
if [ $STANDALONE_CERT -eq 1 ] || [ $DNS_CERT -eq 1 ]; then
  iocage exec "${JAIL_NAME}" cp -f /mnt/includes/remove-staging.sh /root/
fi
if [ $NO_CERT -eq 1 ]; then
  echo "Copying Caddyfile for no SSL"
  iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile-nossl /usr/local/www/Caddyfile
elif [ $SELFSIGNED_CERT -eq 1 ]; then
  echo "Copying Caddyfile for self-signed cert"
  iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile-selfsigned /usr/local/www/Caddyfile
else
  echo "Copying Caddyfile for Let's Encrypt cert"
  iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/
fi
iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/


iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${HOST_NAME}/" /usr/local/www/Caddyfile
iocage exec "${JAIL_NAME}" sed -i '' "s/DNS-PLACEHOLDER/${DNS_SETTING}/" /usr/local/www/Caddyfile
iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile
iocage exec "${JAIL_NAME}" sed -i '' "s|mytimezone|${nextcloud_time_zone}|" /usr/local/etc/php.ini

iocage exec "${JAIL_NAME}" sysrc caddy_enable="YES"
iocage exec "${JAIL_NAME}" sysrc caddy_cert_email="${CERT_EMAIL}"
iocage exec "${JAIL_NAME}" sysrc caddy_SNI_default="${HOST_NAME}"
iocage exec "${JAIL_NAME}" sysrc caddy_env="${DNS_ENV}"

iocage restart "${JAIL_NAME}"

if [ "${REINSTALL}" == "true" ]; then
	echo "Reinstall detected, skipping generaion of new config and database"
else
	
	# Secure database, set root password, create Nextcloud DB, user, and password
	if  [ "${DATABASE}" = "mariadb-jail" ]; then
		iocage exec "mariadb" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};"
		iocage exec "mariadb" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${DB_PASSWORD}';"
		iocage exec "mariadb" mysqladmin reload
	fi
	
	
	# Save passwords for later reference
	iocage exec "${JAIL_NAME}" echo "${DB_NAME} root password is ${DB_ROOT_PASSWORD}" > /root/${JAIL_NAME}_db_password.txt
	iocage exec "${JAIL_NAME}" echo "Nextcloud database password is ${DB_PASSWORD}" >> /root/${JAIL_NAME}_db_password.txt
	iocage exec "${JAIL_NAME}" echo "Nextcloud Administrator password is ${ADMIN_PASSWORD}" >> /root/${JAIL_NAME}_db_password.txt
	
	# CLI installation and configuration of Nextcloud
	if [ "${DATABASE}" = "mariadb-external" ] || [ "${DATABASE}" = "mariadb-jail" ]; then
		iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"mysql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${ADMIN_PASSWORD}\" --data-dir=\"/config/files\""
		iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set mysql.utf8mb4 --type boolean --value=\"true\""
	elif [ "${DATABASE}" = "pgsql-external" ]; then
		iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"pgsql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${ADMIN_PASSWORD}\" --data-dir=\"/config/files\""
	fi
	iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ db:add-missing-indices"
	iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ db:convert-filecache-bigint --no-interaction"
	iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set logtimezone --value=\"${nextcloud_time_zone}\""
	iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set log_type --value="file"'
	iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logfile --value="/var/log/nextcloud.log"'
	iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set loglevel --value="2"'
	iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logrotate_size --value="104847600"'
	iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"'
	iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis host --value="/tmp/redis.sock"'
	iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis port --value=0 --type=integer'
	iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"'
	if [ $NO_CERT -eq 1 ]; then
		iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"http://${HOST_NAME}/\""
	else
		iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"https://${HOST_NAME}/\""
	fi
	iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set htaccess.RewriteBase --value="/"'
	iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ maintenance:update:htaccess'
	iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 1 --value=\"${HOST_NAME}\""
	iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 2 --value=\"${JAIL_IP}\""
	iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ app:enable encryption'
	iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:enable'
	iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:disable'
	iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ background:cron'
	
fi

iocage exec "${JAIL_NAME}" touch /var/log/nextcloud.log
iocage exec "${JAIL_NAME}" chown www /var/log/nextcloud.log
iocage exec "${JAIL_NAME}" su -m www -c 'php -f /usr/local/www/nextcloud/cron.php'
iocage exec "${JAIL_NAME}" crontab -u www /mnt/includes/www-crontab

# Don't need /mnt/includes any more, so unmount it
iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0

# Done!
echo "Installation complete!"
if [ $NO_CERT -eq 1 ]; then
  echo "Using your web browser, go to http://${HOST_NAME} to log in"
else
  echo "Using your web browser, go to https://${HOST_NAME} to log in"
fi

if [ "${REINSTALL}" == "true" ]; then
	echo "You did a reinstall, please use your old database and account credentials"
else

	echo "Default user is admin, password is ${ADMIN_PASSWORD}"
	echo ""

	echo "Database Information"
	echo "--------------------"
	echo "Database user = ${DB_USER}"
	echo "Database password = ${DB_PASSWORD}"
	echo ""
	echo "All passwords are saved in /root/${JAIL_NAME}_db_password.txt"
fi

echo ""
if [ $STANDALONE_CERT -eq 1 ] || [ $DNS_CERT -eq 1 ]; then
  echo "You have obtained your Let's Encrypt certificate using the staging server."
  echo "This certificate will not be trusted by your browser and will cause SSL errors"
  echo "when you connect.  Once you've verified that everything else is working"
  echo "correctly, you should issue a trusted certificate.  To do this, run:"
  echo "  iocage exec ${JAIL_NAME} /root/remove-staging.sh"
  echo ""
elif [ $SELFSIGNED_CERT -eq 1 ]; then
  echo "You have chosen to create a self-signed TLS certificate for your Nextcloud"
  echo "installation.  This certificate will not be trusted by your browser and"
  echo "will cause SSL errors when you connect.  If you wish to replace this certificate"
  echo "with one obtained elsewhere, the private key is located at:"
  echo "/config/ssl/privkey.pem"
  echo "The full chain (server + intermediate certificates together) is at:"
  echo "/config/ssl/fullchain.pem"
  echo ""
fi
Jailman v1.1.0 (#24) * set branch (+2 squashed commit) Squashed commit: [e322f24] remove placeholder [8647131] palceholder * Code cleanup and (primarily) consolidation (#21) * set branch * Exit 1 on iocage create failure * - Move jailcreate to global function - Remove Jailcreate.sh * Add dataset creation function * - add test script to test new global changes - also create folder in jail with createmount * fix * make test executable * more verbosity, fixing folder creation * moving global dataset create * move jails to new dataset-mount creation function * remove test jail and test branch-ref * Add Nextcloud (#22) * Basic working nextcloud integration * Enable persistent reinstall of Nextcloud * prepare for dev merge * Licence alert * Add external database and integrated jail * small improvements and update script * Add mariadb to dev (#31) * Working MariaDB config * - Set ZFS settings for DB on Nextcloud and MariaDB - Cleanup MariaDB * prepare for dev merge * Niceify Readme (#34) * put content from master into it * Some readme itteration * more niceification * [WIP} Wiki workflow test (#37) introduce automatic wiki generation * Add Bitwarden support (#35) * Nextcloud-Cleanup for v1.1.0 (#40) * Nextcloud cleanup - add db-type sanity check - remove some integrated db checks - Move ssl to /config/ssl - remove integrated databases * slight default tweaking * fix mariadb install bug * QA cycle 2020-03-13 22:59:05 +00:00			`#!/usr/local/bin/bash`
			`# This script installs the current release of Nextcloud into a create jail`
			`# Based on the example by danb35: https://github.com/danb35/freenas-iocage-nextcloud`


			`# Initialise defaults`
			`JAIL_NAME="nextcloud"`
			`JAIL_IP="$(sed 's\|\(.\)/.\|\1\|' <<<"${nextcloud_ip4_addr}" )"`
			`DATABASE="$nextcloud_database"`
			`INCLUDES_PATH="${SCRIPT_DIR}/jails/nextcloud/includes"`
			`STANDALONE_CERT=${nextcloud_standalone_cert}`
			`SELFSIGNED_CERT=${nextcloud_selfsigned_cert}`
			`DNS_CERT=${nextcloud_dns_cert}`
			`NO_CERT=${nextcloud_no_cert}`
			`DL_FLAGS=${nextcloud_dl_flags}`
			`DNS_SETTING=${nextcloud_dns_settings}`
			`CERT_EMAIL=${nextcloud_cert_email}`
			`HOST_NAME=${nextcloud_host_name}`

			`# Only generate new DB passwords when using buildin database`
			`# Set DB username and database to fixed "nextcloud"`

			`if [ "${DATABASE}" = "pgsql-external" ]; then`
			`DB_NAME="PostgreSQL"`
			`DB_HOST="${nextcloud_db_host}"`
			`DB_DATABASE="${nextcloud_db_database}"`
			`DB_USER="${nextcloud_db_user}"`
			`DB_PASSWORD="${nextcloud_db_password}"`
			`elif [ "${DATABASE}" = "mariadb-external" ]; then`
			`DB_NAME="MariaDB"`
			`DB_HOST="${nextcloud_db_host}"`
			`DB_DATABASE="${nextcloud_db_database}"`
			`DB_USER="${nextcloud_db_user}"`
			`DB_PASSWORD="${nextcloud_db_password}"`
			`elif [ "${DATABASE}" = "mariadb-jail" ]; then`
			`DB_DATABASE="nextcloud"`
			`DB_USER="nextcloud"`
			`DB_HOST="$(sed 's\|\(.\)/.\|\1\|' <<<"${mariadb_ip4_addr}"):3306"`
			`DB_PASSWORD="${nextcloud_db_password}"`
			`else`
			`echo "Invalid ${JAIL_NAME}_database selected please select one from the following options:"`
			`echo "mariadb-jail, mariadb-external, pgsql-external"`
			`exit 1`
			`fi`


			`ADMIN_PASSWORD=$(openssl rand -base64 12)`

			`#####`
			`#`
			`# Input Sanity Check`
			`#`
			`#####`


			`# Check that necessary variables were set by nextcloud-config`
			`if [ -z "${nextcloud_ip4_addr}" ]; then`
			`echo 'Configuration error: The Nextcloud jail does NOT accept DHCP'`
			`echo 'Please reinstall using a fixed IP adress'`
			`exit 1`
			`fi`

			`if [ -z "${DB_PASSWORD}" ]; then`
			`echo 'Configuration error: The Nextcloud Jail needs a database password'`
			`echo 'Please reinstall with a defifined: db_password'`
			`exit 1`
			`fi`

			`if [ -z "${DB_USER}" ]; then`
			`echo 'Configuration error: The Nextcloud Jail needs a database user'`
			`echo 'Please reinstall with a defifined: db_user'`
			`exit 1`
			`fi`

			`if [ -z "${DB_HOST}" ]; then`
			`echo 'Configuration error: The Nextcloud Jail needs a database host'`
			`echo 'Please reinstall with a defifined: db_host'`
			`exit 1`
			`fi`

			`if [ -z "${DB_DATABASE}" ]; then`
			`echo 'Configuration error: The Nextcloud Jail needs a database name'`
			`echo 'Please reinstall with a defifined: db_database'`
			`exit 1`
			`fi`

			`if [ -z "${nextcloud_time_zone}" ]; then`
			`echo 'Configuration error: TIME_ZONE must be set'`
			`exit 1`
			`fi`
			`if [ -z "${HOST_NAME}" ]; then`
			`echo 'Configuration error: HOST_NAME must be set'`
			`exit 1`
			`fi`
			`if [ $STANDALONE_CERT -eq 0 ] && [ $DNS_CERT -eq 0 ] && [ $NO_CERT -eq 0 ] && [ $SELFSIGNED_CERT -eq 0 ]; then`
			`echo 'Configuration error: Either STANDALONE_CERT, DNS_CERT, NO_CERT,'`
			`echo 'or SELFSIGNED_CERT must be set to 1.'`
			`exit 1`
			`fi`
			`if [ $STANDALONE_CERT -eq 1 ] && [ $DNS_CERT -eq 1 ] ; then`
			`echo 'Configuration error: Only one of STANDALONE_CERT and DNS_CERT'`
			`echo 'may be set to 1.'`
			`exit 1`
			`fi`

			`if [ $DNS_CERT -eq 1 ] && [ -z "${DNS_PLUGIN}" ] ; then`
			`echo "DNS_PLUGIN must be set to a supported DNS provider."`
			`echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for list."`
			`echo "Be sure to omit the prefix of \"tls.dns.\"."`
			`exit 1`
			`fi`
			`if [ $DNS_CERT -eq 1 ] && [ -z "${DNS_ENV}" ] ; then`
			`echo "DNS_ENV must be set to a your DNS provider\'s authentication credentials."`
			`echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for more."`
			`exit 1`
			`fi`

			`if [ $DNS_CERT -eq 1 ] ; then`
			`DL_FLAGS="tls.dns.${DNS_PLUGIN}"`
			`DNS_SETTING="dns ${DNS_PLUGIN}"`
			`fi`

			`# Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke`
			`if [ "$(ls -A "/mnt/${global_dataset_config}/${JAIL_NAME}/config")" ]; then`
			`echo "Reinstall of Nextcloud detected... "`
			`echo "External database selected, unable to verify compatibility. REINSTALL MIGHT NOT WORK... Continuing"`
			`REINSTALL="true"`
			`fi`


			`#####`
			`#`
			`# Fstab And Mounts`
			`#`
			`#####`

			`# Create and Mount Nextcloud, Config and Files`
			`createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/config /usr/local/www/nextcloud/config`
			`createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/themes /usr/local/www/nextcloud/themes`
			`createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/files /config/files`

			`# Install includes fstab`
			`iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes`
			`iocage fstab -a "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0`


			`iocage exec "${JAIL_NAME}" chown -R www:www /config/files`
			`iocage exec "${JAIL_NAME}" chmod -R 770 /config/files`


			`#####`
			`#`
			`# Basic dependency install`
			`#`
			`#####`

			`if [ "${DATABASE}" = "mariadb-external" ] \|\| [ "${DATABASE}" = "mariadb-jail" ]; then`
			`iocage exec "${JAIL_NAME}" pkg install -qy mariadb103-client php73-pdo_mysql php73-mysqli`
			`elif [ "${DATABASE}" = "pgsql-external" ]; then`
			`iocage exec "${JAIL_NAME}" pkg install -qy postgresql10-client php73-pgsql php73-pdo_pgsql`
			`fi`

			`fetch -o /tmp https://getcaddy.com`
			`if ! iocage exec "${JAIL_NAME}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com`
			`then`
			`echo "Failed to download/install Caddy"`
			`exit 1`
			`fi`

			`iocage exec "${JAIL_NAME}" sysrc redis_enable="YES"`
			`iocage exec "${JAIL_NAME}" sysrc php_fpm_enable="YES"`
			`iocage exec "${JAIL_NAME}" sh -c "make -C /usr/ports/www/php73-opcache clean install BATCH=yes"`
			`iocage exec "${JAIL_NAME}" sh -c "make -C /usr/ports/devel/php73-pcntl clean install BATCH=yes"`


			`#####`
			`#`
			`# Install Nextcloud`
			`#`
			`#####`

			`FILE="latest-18.tar.bz2"`
			`if ! iocage exec "${JAIL_NAME}" fetch -o /tmp https://download.nextcloud.com/server/releases/"${FILE}" https://download.nextcloud.com/server/releases/"${FILE}".asc https://nextcloud.com/nextcloud.asc`
			`then`
			`echo "Failed to download Nextcloud"`
			`exit 1`
			`fi`
			`iocage exec "${JAIL_NAME}" gpg --import /tmp/nextcloud.asc`
			`if ! iocage exec "${JAIL_NAME}" gpg --verify /tmp/"${FILE}".asc`
			`then`
			`echo "GPG Signature Verification Failed!"`
			`echo "The Nextcloud download is corrupt."`
			`exit 1`
			`fi`
			`iocage exec "${JAIL_NAME}" tar xjf /tmp/"${FILE}" -C /usr/local/www/`
			`iocage exec "${JAIL_NAME}" chown -R www:www /usr/local/www/nextcloud/`


			`# Generate and install self-signed cert, if necessary`
			`if [ $SELFSIGNED_CERT -eq 1 ] && [ ! -f "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl/privkey.pem" ]; then`
			`echo "No ssl certificate present, generating self signed certificate"`
			`if [ ! -d "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl" ]; then`
			`echo "cert folder not existing... creating..."`
			`iocage exec ${JAIL_NAME} mkdir /config/ssl`
			`fi`
			`openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=${HOST_NAME}" -keyout "${INCLUDES_PATH}"/privkey.pem -out "${INCLUDES_PATH}"/fullchain.pem`
			`iocage exec "${JAIL_NAME}" cp /mnt/includes/privkey.pem /config/ssl/privkey.pem`
			`iocage exec "${JAIL_NAME}" cp /mnt/includes/fullchain.pem /config/ssl/fullchain.pem`
			`fi`

			`# Copy and edit pre-written config files`
			`iocage exec "${JAIL_NAME}" cp -f /mnt/includes/php.ini /usr/local/etc/php.ini`
			`iocage exec "${JAIL_NAME}" cp -f /mnt/includes/redis.conf /usr/local/etc/redis.conf`
			`iocage exec "${JAIL_NAME}" cp -f /mnt/includes/www.conf /usr/local/etc/php-fpm.d/`
			`if [ $STANDALONE_CERT -eq 1 ] \|\| [ $DNS_CERT -eq 1 ]; then`
			`iocage exec "${JAIL_NAME}" cp -f /mnt/includes/remove-staging.sh /root/`
			`fi`
			`if [ $NO_CERT -eq 1 ]; then`
			`echo "Copying Caddyfile for no SSL"`
			`iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile-nossl /usr/local/www/Caddyfile`
			`elif [ $SELFSIGNED_CERT -eq 1 ]; then`
			`echo "Copying Caddyfile for self-signed cert"`
			`iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile-selfsigned /usr/local/www/Caddyfile`
			`else`
			`echo "Copying Caddyfile for Let's Encrypt cert"`
			`iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/`
			`fi`
			`iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/`


			`iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${HOST_NAME}/" /usr/local/www/Caddyfile`
			`iocage exec "${JAIL_NAME}" sed -i '' "s/DNS-PLACEHOLDER/${DNS_SETTING}/" /usr/local/www/Caddyfile`
			`iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile`
			`iocage exec "${JAIL_NAME}" sed -i '' "s\|mytimezone\|${nextcloud_time_zone}\|" /usr/local/etc/php.ini`

			`iocage exec "${JAIL_NAME}" sysrc caddy_enable="YES"`
			`iocage exec "${JAIL_NAME}" sysrc caddy_cert_email="${CERT_EMAIL}"`
			`iocage exec "${JAIL_NAME}" sysrc caddy_SNI_default="${HOST_NAME}"`
			`iocage exec "${JAIL_NAME}" sysrc caddy_env="${DNS_ENV}"`

			`iocage restart "${JAIL_NAME}"`

			`if [ "${REINSTALL}" == "true" ]; then`
			`echo "Reinstall detected, skipping generaion of new config and database"`
			`else`

			`# Secure database, set root password, create Nextcloud DB, user, and password`
			`if [ "${DATABASE}" = "mariadb-jail" ]; then`
			`iocage exec "mariadb" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};"`
			`iocage exec "mariadb" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${DB_PASSWORD}';"`
			`iocage exec "mariadb" mysqladmin reload`
			`fi`


			`# Save passwords for later reference`
			`iocage exec "${JAIL_NAME}" echo "${DB_NAME} root password is ${DB_ROOT_PASSWORD}" > /root/${JAIL_NAME}_db_password.txt`
			`iocage exec "${JAIL_NAME}" echo "Nextcloud database password is ${DB_PASSWORD}" >> /root/${JAIL_NAME}_db_password.txt`
			`iocage exec "${JAIL_NAME}" echo "Nextcloud Administrator password is ${ADMIN_PASSWORD}" >> /root/${JAIL_NAME}_db_password.txt`

			`# CLI installation and configuration of Nextcloud`
			`if [ "${DATABASE}" = "mariadb-external" ] \|\| [ "${DATABASE}" = "mariadb-jail" ]; then`
			`iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"mysql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${ADMIN_PASSWORD}\" --data-dir=\"/config/files\""`
			`iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set mysql.utf8mb4 --type boolean --value=\"true\""`
			`elif [ "${DATABASE}" = "pgsql-external" ]; then`
			`iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"pgsql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${ADMIN_PASSWORD}\" --data-dir=\"/config/files\""`
			`fi`
			`iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ db:add-missing-indices"`
			`iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ db:convert-filecache-bigint --no-interaction"`
			`iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set logtimezone --value=\"${nextcloud_time_zone}\""`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set log_type --value="file"'`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logfile --value="/var/log/nextcloud.log"'`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set loglevel --value="2"'`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logrotate_size --value="104847600"'`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"'`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis host --value="/tmp/redis.sock"'`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis port --value=0 --type=integer'`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"'`
			`if [ $NO_CERT -eq 1 ]; then`
			`iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"http://${HOST_NAME}/\""`
			`else`
			`iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"https://${HOST_NAME}/\""`
			`fi`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set htaccess.RewriteBase --value="/"'`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ maintenance:update:htaccess'`
			`iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 1 --value=\"${HOST_NAME}\""`
			`iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 2 --value=\"${JAIL_IP}\""`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ app:enable encryption'`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:enable'`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:disable'`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ background:cron'`

			`fi`

			`iocage exec "${JAIL_NAME}" touch /var/log/nextcloud.log`
			`iocage exec "${JAIL_NAME}" chown www /var/log/nextcloud.log`
			`iocage exec "${JAIL_NAME}" su -m www -c 'php -f /usr/local/www/nextcloud/cron.php'`
			`iocage exec "${JAIL_NAME}" crontab -u www /mnt/includes/www-crontab`

			`# Don't need /mnt/includes any more, so unmount it`
			`iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0`

			`# Done!`
			`echo "Installation complete!"`
			`if [ $NO_CERT -eq 1 ]; then`
			`echo "Using your web browser, go to http://${HOST_NAME} to log in"`
			`else`
			`echo "Using your web browser, go to https://${HOST_NAME} to log in"`
			`fi`

			`if [ "${REINSTALL}" == "true" ]; then`
			`echo "You did a reinstall, please use your old database and account credentials"`
			`else`

			`echo "Default user is admin, password is ${ADMIN_PASSWORD}"`
			`echo ""`

			`echo "Database Information"`
			`echo "--------------------"`
			`echo "Database user = ${DB_USER}"`
			`echo "Database password = ${DB_PASSWORD}"`
			`echo ""`
			`echo "All passwords are saved in /root/${JAIL_NAME}_db_password.txt"`
			`fi`

			`echo ""`
			`if [ $STANDALONE_CERT -eq 1 ] \|\| [ $DNS_CERT -eq 1 ]; then`
			`echo "You have obtained your Let's Encrypt certificate using the staging server."`
			`echo "This certificate will not be trusted by your browser and will cause SSL errors"`
			`echo "when you connect. Once you've verified that everything else is working"`
			`echo "correctly, you should issue a trusted certificate. To do this, run:"`
			`echo " iocage exec ${JAIL_NAME} /root/remove-staging.sh"`
			`echo ""`
			`elif [ $SELFSIGNED_CERT -eq 1 ]; then`
			`echo "You have chosen to create a self-signed TLS certificate for your Nextcloud"`
			`echo "installation. This certificate will not be trusted by your browser and"`
			`echo "will cause SSL errors when you connect. If you wish to replace this certificate"`
			`echo "with one obtained elsewhere, the private key is located at:"`
			`echo "/config/ssl/privkey.pem"`
			`echo "The full chain (server + intermediate certificates together) is at:"`
			`echo "/config/ssl/fullchain.pem"`
			`echo ""`
			`fi`