First commit for sub-module

3 years ago · e6ff3dc237
17 changed files with 678 additions and 0 deletions
--- a/.install_templates/config_complete.php
+++ b/.install_templates/config_complete.php
@ -0,0 +1,52 @@
+'activity_expire_days' => 14,
+'auth.bruteforce.protection.enabled' => true,
+'blacklisted_files' =>
+array (
+0 => '.htaccess',
+1 => 'Thumbs.db',
+2 => 'thumbs.db',
+),
+'cron_log' => true,
+'enable_previews' => true,
+'enabledPreviewProviders' =>
+array (
+0 => 'OC\\Preview\\PNG',
+1 => 'OC\\Preview\\JPEG',
+2 => 'OC\\Preview\\GIF',
+3 => 'OC\\Preview\\BMP',
+4 => 'OC\\Preview\\XBitmap',
+5 => 'OC\\Preview\\Movie',
+6 => 'OC\\Preview\\PDF',
+7 => 'OC\\Preview\\MP3',
+8 => 'OC\\Preview\\TXT',
+9 => 'OC\\Preview\\MarkDown',
+),
+'filesystem_check_changes' => 0,
+'filelocking.enabled' => 'true',
+'htaccess.RewriteBase' => '/',
+'integrity.check.disabled' => false,
+'knowledgebaseenabled' => false,
+'logfile' => '/var/log/nextcloud.log',
+'loglevel' => 2,
+'logtimezone' => 'Europe/Paris',
+'log_rotate_size' => 104857600,
+'maintenance' => false,
+'memcache.local' => '\\OC\\Memcache\\APCu',
+'memcache.locking' => '\\OC\\Memcache\\Redis',
+'overwriteprotocol' => 'https',
+'preview_max_x' => 1024,
+'preview_max_y' => 768,
+'preview_max_scale_factor' => 1,
+'redis' =>
+array (
+'host' => '/var/run/redis/redis-server.sock',
+'port' => 0,
+'timeout' => 0.0,
+),
+'quota_include_external_storage' => false,
+'share_folder' => '/Shares',
+'skeletondirectory' => '',
+'theme' => '',
+'trashbin_retention_obligation' => 'auto, 7',
+'updater.release.channel' => 'stable',
+);
--- a/.install_templates/configure_php.sh
+++ b/.install_templates/configure_php.sh
@ -0,0 +1,50 @@
+cp /etc/php/7.3/fpm/pool.d/www.conf /etc/php/7.3/fpm/pool.d/www.conf.bak
+cp /etc/php/7.3/cli/php.ini /etc/php/7.3/cli/php.ini.bak
+cp /etc/php/7.3/fpm/php.ini /etc/php/7.3/fpm/php.ini.bak
+cp /etc/php/7.3/fpm/php-fpm.conf /etc/php/7.3/fpm/php-fpm.conf.bak
+sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/7.3/fpm/pool.d/www.conf
+sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/7.3/fpm/pool.d/www.conf
+sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/7.3/fpm/pool.d/www.conf
+sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/7.3/fpm/pool.d/www.conf
+sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/7.3/fpm/pool.d/www.conf
+sed -i "s/pm.max_children = .*/pm.max_children = 240/" /etc/php/7.3/fpm/pool.d/www.conf
+sed -i "s/pm.start_servers = .*/pm.start_servers = 20/" /etc/php/7.3/fpm/pool.d/www.conf
+sed -i "s/pm.min_spare_servers = .*/pm.min_spare_servers = 10/" /etc/php/7.3/fpm/pool.d/www.conf
+sed -i "s/pm.max_spare_servers = .*/pm.max_spare_servers = 20/" /etc/php/7.3/fpm/pool.d/www.conf
+sed -i "s/;pm.max_requests = 500/pm.max_requests = 500/" /etc/php/7.3/fpm/pool.d/www.conf
+sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/7.3/cli/php.ini
+sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/7.3/cli/php.ini
+sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/7.3/cli/php.ini
+sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/7.3/cli/php.ini
+sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/7.3/cli/php.ini
+sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/7.3/cli/php.ini
+sed -i "s/;date.timezone.*/date.timezone = Europe\/\Paris/" /etc/php/7.3/cli/php.ini
+## sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/7.3/cli/php.ini # Bug if not using ssl
+sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.3/fpm/php.ini
+sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/7.3/fpm/php.ini
+sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/7.3/fpm/php.ini
+sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/7.3/fpm/php.ini
+sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/7.3/fpm/php.ini
+sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/7.3/fpm/php.ini
+sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/7.3/fpm/php.ini
+sed -i "s/;date.timezone.*/date.timezone = Europe\/\Paris/" /etc/php/7.3/fpm/php.ini
+## sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/7.3/fpm/php.ini # Bug if not using ssl
+sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/7.3/fpm/php.ini
+sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/7.3/fpm/php.ini
+sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/7.3/fpm/php.ini
+sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/7.3/fpm/php.ini
+sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/7.3/fpm/php.ini
+sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/7.3/fpm/php.ini
+sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/7.3/fpm/php.ini
+sed -i "s/;emergency_restart_threshold =.*/emergency_restart_threshold = 10/" /etc/php/7.3/fpm/php-fpm.conf
+sed -i "s/;emergency_restart_interval =.*/emergency_restart_interval = 1m/" /etc/php/7.3/fpm/php-fpm.conf
+sed -i "s/;process_control_timeout =.*/process_control_timeout = 10s/" /etc/php/7.3/fpm/php-fpm.conf
+sed -i "s/09,39.*/# &/" /etc/cron.d/php
+(crontab -l ; echo "09,39 * * * * /usr/lib/php/sessionclean 2>&1") | crontab -u root -
+cp /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xml.bak
+sed -i "s/rights\=\"none\" pattern\=\"PS\"/rights\=\"read\|write\" pattern\=\"PS\"/" /etc/ImageMagick-6/policy.xml
+sed -i "s/rights\=\"none\" pattern\=\"EPI\"/rights\=\"read\|write\" pattern\=\"EPI\"/" /etc/ImageMagick-6/policy.xml
+sed -i "s/rights\=\"none\" pattern\=\"PDF\"/rights\=\"read\|write\" pattern\=\"PDF\"/" /etc/ImageMagick-6/policy.xml
+sed -i "s/rights\=\"none\" pattern\=\"XPS\"/rights\=\"read\|write\" pattern\=\"XPS\"/" /etc/ImageMagick-6/policy.xml
+
+service php7.3-fpm restart && service nginx restart
--- a/.install_templates/my.cnf
+++ b/.install_templates/my.cnf
@ -0,0 +1,79 @@
+[client]
+default-character-set = utf8mb4
+port = 3306
+socket = /var/run/mysqld/mysqld.sock
+
+[mysqld_safe]
+log_error=/var/log/mysql/mysql_error.log
+nice = 0
+socket = /var/run/mysqld/mysqld.sock
+
+[mysqld]
+basedir = /usr
+bind-address = 127.0.0.1
+binlog_format = ROW
+bulk_insert_buffer_size = 16M
+character-set-server = utf8mb4
+collation-server = utf8mb4_general_ci
+concurrent_insert = 2
+connect_timeout = 5
+datadir = /var/lib/mysql
+default_storage_engine = InnoDB
+expire_logs_days = 10
+general_log_file = /var/log/mysql/mysql.log
+general_log = 0
+innodb_buffer_pool_size = 1024M
+innodb_buffer_pool_instances = 1
+innodb_flush_log_at_trx_commit = 2
+innodb_log_buffer_size = 32M
+innodb_max_dirty_pages_pct = 90
+innodb_large_prefix = on
+innodb_file_format = barracuda
+innodb_file_per_table = 1
+innodb_open_files = 400
+innodb_io_capacity = 4000
+innodb_flush_method = O_DIRECT
+key_buffer_size = 128M
+lc_messages_dir = /usr/share/mysql
+lc_messages = en_US
+log_bin = /var/log/mysql/mariadb-bin
+log_bin_index = /var/log/mysql/mariadb-bin.index
+log_error=/var/log/mysql/mysql_error.log
+log_slow_verbosity = query_plan
+log_warnings = 2
+long_query_time = 1
+max_allowed_packet = 16M
+max_binlog_size = 100M
+max_connections = 200
+max_heap_table_size = 64M
+myisam_recover_options = BACKUP
+myisam_sort_buffer_size = 512M
+port = 3306
+pid-file = /var/run/mysqld/mysqld.pid
+query_cache_limit = 2M
+query_cache_size = 64M
+query_cache_type = 1
+query_cache_min_res_unit = 2k
+read_buffer_size = 2M
+read_rnd_buffer_size = 1M
+skip-external-locking
+skip-name-resolve
+slow_query_log_file = /var/log/mysql/mariadb-slow.log
+slow-query-log = 1
+socket = /var/run/mysqld/mysqld.sock
+sort_buffer_size = 4M
+table_open_cache = 400
+thread_cache_size = 128
+tmp_table_size = 64M
+tmpdir = /tmp
+transaction_isolation = READ-COMMITTED
+user = mysql
+wait_timeout = 600
+
+[mysqldump]
+max_allowed_packet = 16M
+quick
+quote-names
+
+[isamchk]
+key_buffer = 16M
--- a/.install_templates/nc_optimize.sh
+++ b/.install_templates/nc_optimize.sh
@ -0,0 +1,10 @@
+#!/bin/bash
+
+redis-cli -s /var/run/redis/redis-server.sock <<EOF
+FLUSHALL
+quit
+EOF
+sudo -u www-data php /var/www/nextcloud/occ files:scan --all
+sudo -u www-data php /var/www/nextcloud/occ files:scan-app-data
+
+exit 0
--- a/.install_templates/nextcloud.conf
+++ b/.install_templates/nextcloud.conf
@ -0,0 +1,149 @@
+upstream php-handler {
+    server unix:/var/run/php/php7.3-fpm.sock;
+}
+
+server {
+    listen NC_PORT;
+    listen 443;
+    listen [::]:443 ssl;
+    server_name NC_DOMAIN;
+
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Robots-Tag none;
+    add_header X-Download-Options noopen;
+    add_header X-Permitted-Cross-Domain-Policies none;
+    add_header Referrer-Policy no-referrer;
+
+    set_real_ip_from 192.168.9.1;
+    set_real_ip_from 192.168.9.6;
+
+    # Remove X-Powered-By, which is an information leak
+    fastcgi_hide_header X-Powered-By;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+
+    # Path to the root of your installation
+    root /var/www/nextcloud/;
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # The following 2 rules are only needed for the user_webfinger app.
+    # Uncomment it if you're planning to use this app.
+    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
+    # last;
+
+    location = /.well-known/carddav {
+      return 301 https://$host/remote.php/dav;
+    }
+    location = /.well-known/caldav {
+      return 301 https://$host/remote.php/dav;
+    }
+
+    # set max upload size
+    client_max_body_size 512M;
+    fastcgi_buffers 64 4K;
+
+    # Enable gzip but do not remove ETag headers
+    gzip on;
+    gzip_vary on;
+    gzip_comp_level 4;
+    gzip_min_length 256;
+    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+    # Uncomment if your server is build with the ngx_pagespeed module
+    # This module is currently not supported.
+    #pagespeed off;
+
+    location / {
+        rewrite ^ /index.php;
+    }
+
+    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+        deny all;
+    }
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+        deny all;
+    }
+
+    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
+        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
+        try_files $fastcgi_script_name =404;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+        fastcgi_param HTTPS on;
+        # Avoid sending the security headers twice
+        fastcgi_param modHeadersAvailable true;
+        # Enable pretty urls
+        fastcgi_param front_controller_active true;
+        fastcgi_pass php-handler;
+        fastcgi_intercept_errors on;
+        fastcgi_request_buffering off;
+    }
+
+    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
+        try_files $uri/ =404;
+        index index.php;
+    }
+
+    # Adding the cache control header for js and css files
+    # Make sure it is BELOW the PHP block
+    location ~ \.(?:css|js|woff2?|svg|gif)$ {
+        try_files $uri /index.php$request_uri;
+        add_header Cache-Control "public, max-age=15778463";
+        # Add headers to serve security related headers (It is intended to
+        # have those duplicated to the ones above)
+        # Before enabling Strict-Transport-Security headers please read into
+        # this topic first.
+        # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+        #
+        # WARNING: Only add the preload option once you read about
+        # the consequences in https://hstspreload.org/. This option
+        # will add the domain to a hardcoded list that is shipped
+        # in all major browsers and getting removed from this list
+        # could take several months.
+        add_header X-Content-Type-Options nosniff;
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Robots-Tag none;
+        add_header X-Download-Options noopen;
+        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header Referrer-Policy no-referrer;
+
+        # Optional: Don't log access to assets
+        access_log off;
+    }
+
+    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+        try_files $uri /index.php$request_uri;
+        # Optional: Don't log access to other assets
+        access_log off;
+    }
+
+    location ^~ /apps/rainloop/app/data {
+            deny all;
+    }
+
+    location ~ \.(?:flv|mp4|mov|m4a)$ {
+#	mp4;
+#	mp4_buffer_size 100M;
+#	mp4_max_buffer_size 1024M;
+	fastcgi_split_path_info ^(.+?.php)(\/.*|)$;
+	include fastcgi_params;
+	include php_optimization.conf;
+	fastcgi_pass php-handler;
+	fastcgi_param HTTPS on;
+    }
+
+    location ~ ^\/nextcloud/(?:updater|oc[ms]-provider)(?:$|\/) {
+	try_files $uri/ =404;
+	index index.php;
+    }
+
+}
--- a/.install_templates/occ
+++ b/.install_templates/occ
@ -0,0 +1,6 @@
+#/bin/bash
+
+sudo -u www-data php /var/www/nextcloud/occ $@
+
+exit 0
+
--- a/.install_templates/optimization.conf
+++ b/.install_templates/optimization.conf
@ -0,0 +1,17 @@
+fastcgi_hide_header X-Powered-By;
+fastcgi_read_timeout 3600;
+fastcgi_send_timeout 3600;
+fastcgi_connect_timeout 3600;
+fastcgi_buffers 64 64K;
+fastcgi_buffer_size 256k;
+fastcgi_busy_buffers_size 3840K;
+fastcgi_cache_key $http_cookie$request_method$host$request_uri;
+fastcgi_cache_use_stale error timeout invalid_header http_500;
+fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+gzip on;
+gzip_vary on;
+gzip_comp_level 4;
+gzip_min_length 256;
+gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+gzip_disable "MSIE [1-6]\.";
--- a/.install_templates/permissions.sh
+++ b/.install_templates/permissions.sh
@ -0,0 +1,8 @@
+#!/bin/bash
+find /var/www/ -type f -print0 | xargs -0 chmod 0640
+find /var/www/ -type d -print0 | xargs -0 chmod 0750
+chown -R www-data:www-data /var/www/
+chown -R www-data:www-data /var/nextcloud/
+chmod 0644 /var/www/nextcloud/.htaccess
+chmod 0644 /var/www/nextcloud/.user.ini
+exit 0
--- a/.install_templates/php_optimization.conf
+++ b/.install_templates/php_optimization.conf
@ -0,0 +1,9 @@
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+fastcgi_param PATH_INFO $fastcgi_path_info;
+fastcgi_param modHeadersAvailable true;
+fastcgi_param front_controller_active true;
+fastcgi_intercept_errors on;
+fastcgi_request_buffering off;
+fastcgi_cache_valid 404 1m;
+fastcgi_cache_valid any 1h;
+fastcgi_cache_methods GET HEAD;
--- a/.install_templates/ssl.conf
+++ b/.install_templates/ssl.conf
@ -0,0 +1,16 @@
+   ssl_session_timeout 4h;
+   ssl_session_cache shared:SSL:50m;
+
+   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+   ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CBC-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+   ssl_prefer_server_ciphers on;
+
+   add_header Strict-Transport-Security max-age=15768000;
+
+   ssl_stapling on;
+   ssl_stapling_verify on;
+
+   resolver 8.8.8.8 8.8.4.4 valid=86400;
+   resolver_timeout 10;
+
+   ssl_session_tickets on;
--- a/.install_templates/ssl_renew.sh
+++ b/.install_templates/ssl_renew.sh
@ -0,0 +1,26 @@
+#!/bin/bash
+
+log="/var/log/ssl_renew.log"
+date=$(date +%d-%m-%Y)
+
+renew=$(certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start")
+
+echo "####################################################################################" >> $log
+echo "#################################### $date ####################################" >> $log
+echo "####################################################################################" >> $log
+
+echo "$renew" >> $log
+
+if [[ $renew = *"No hooks were run"* ]]; then
+  echo "Rien n'a été fait" >> $log
+else
+  sleep 5
+  /etc/init.d/nginx stop
+  sleep 1
+  killall nginx
+  sleep 3
+  /etc/init.d/nginx restart &>> $log
+  echo "Des certificats ont été renouvellés" >> $log
+fi
+
+exit 0
--- a/.install_templates/upgrade.sh
+++ b/.install_templates/upgrade.sh
@ -0,0 +1,15 @@
+#!/bin/bash
+
+/usr/sbin/service nginx stop
+sudo -u www-data php /var/www/nextcloud/updater/updater.phar
+sudo -u www-data php /var/www/nextcloud/occ status
+sudo -u www-data php /var/www/nextcloud/occ -V
+sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices
+sudo -u www-data php /var/www/nextcloud/occ db:convert-filecache-bigint
+sudo -u www-data sed -i "s/output_buffering=.*/output_buffering=O/" /var/www/nextcloud/.user.ini
+sudo -u www-data php /var/www/nextcloud/occ update:check
+sudo -u www-data php /var/www/nextcloud/occ app:update --all
+/usr/sbin/service php7.3-fpm restart
+/usr/sbin/service nginx restart
+
+exit 0
--- a/README.md
+++ b/README.md
@ -0,0 +1,3 @@
+# Automatic install of Nextcloud on Debian 8/9/10
+
+Please contact us for any question or bug: contact@p2p.legal
--- a/install.sh
+++ b/install.sh
@ -0,0 +1,172 @@
+#!/bin/bash
+## This work is licensed under a Creative Commons Attribution 3.0 Unported License (CC BY-NC-SA 3.0 FR).
+## Author: poka
+
+### Variables ###
+
+nc_domain=""			# Votre nom de domaine pour votre nextcloud. Si vide il prendra le premier argument que vous passerez, sinon le hostname de votre machine
+nc_port=80			# Numéro de port d'écoute de nginx
+admin_user="admin"		# Le pseudo du compte admin
+admin_pass="admin"		# Le mot de passe que vous désirez pour le compte admin
+db_pass=""			# Le mot de passe que vous désirez pour MariaDB. Si vide, un mot de passe aléatoire sécurisé sera choisi
+isSSL=false			# true si nextcloud et nginx doivent être configuré en https
+configMaria=auto		# Mettez manual ou auto, attention auto est expérimental et vraiment pas recommendé
+p2env=false			# true si vous êtes dans un environnement p2p.legal
+
+#################
+
+if [ "$EUID" -ne 0 ]
+  then echo "Veuillez executez ce script en root"
+  exit 1
+fi
+
+## Set var
+[[ -z $nc_domain ]] && nc_domain=$1
+[[ -z $nc_domain ]] && nc_domain=$(echo $HOSTNAME.p2p.legal)
+[[ -z $db_pass ]] && db_pass="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"  && echo "Votre mot de passe mysql nextcloud est : $db_pass" >> /root/nextcloud_mysql_pwd.txt
+db_pass_root="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9~!@#$%^&*_-' | fold -w 32 | head -n 1)"
+
+if [[ p2env == "true" ]]; then
+        cd /nextcloud/.install_templates/
+else
+        [[ ! -e .install_templates ]] && echo "Erreur: Le dossier .install_templates n'existe pas, installation impossible." && exit 1
+        cd .install_templates
+fi
+
+## Set apt key and upgrade system
+apt update -y
+apt upgrade -y
+
+apt install nginx mariadb-server apt-transport-https curl gnupg2 git lsb-release ssl-cert ca-certificates apt-transport-https tree locate software-properties-common dirmngr screen htop net-tools zip unzip curl ffmpeg ghostscript libfile-fcntllock-perl -y
+
+linux_version=$(cat /etc/os-release | grep VERSION_CODENAME | awk -F '=' '{ print $2}')
+wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -
+echo "deb https://packages.sury.org/php/ $linux_version main" | tee /etc/apt/sources.list.d/ondrej.list
+apt update -y
+
+systemctl start nginx || (echo "Erreur quelque part ..." && exit 1)
+systemctl start mariadb || (echo "Erreur quelque part ..." && exit 1)
+systemctl enable mariadb || (echo "Erreur quelque part ..." && exit 1)
+systemctl enable nginx || (echo "Erreur quelque part ..." && exit 1)
+
+echo "	=== Installing php ... ==="
+apt install php7.3 php7.3-fpm php7.3-xml php7.3-curl php7.3-gd php7.3 php7.3-cgi php7.3-cli php7.3-zip php7.3-mysql php7.3-mbstring php7.3-intl php7.3-json php7.3-bz2 php7.3-ldap php-apcu imagemagick php-imagick php-smbclient -y
+
+echo "	=== Configuring php ... ==="
+[[ ! -e /etc/php/7.3/cli/php.ini.bak ]] && (bash configure_php.sh || (echo "Erreur quelque part ..." && exit 1)) || echo "PHP déjà configuré, skip"
+
+echo "	=== Configure MariaDB ==="
+configMariaManual() {
+	mysql_secure_installation || (echo "Erreur quelque part ..." && exit 1)
+}
+configMariaAuto() {
+	mysql -e "UPDATE mysql.user SET Password = PASSWORD('$db_pass_root') WHERE User = 'root'"
+	isLocalhostUsers=$(mysql -e "select user from mysql.user;" | grep "localhost")
+	isTestDB=$(mysql -e "show databases" | grep "test")
+	[[ -n $isLocalhostUsers ]] && mysql -e "DROP USER ''@'localhost'; DROP USER ''@'$(hostname)'"
+	[[ -n $isTestDB ]] && mysql -e "DROP DATABASE test"
+	mysql -e "FLUSH PRIVILEGES"
+}
+
+[[ $configMaria == "auto" ]] && configMariaAuto || configMariaManual
+[[ ! -e /etc/mysql/my.cnf.bak ]] && (mv /etc/mysql/my.cnf /etc/mysql/my.cnf.bak && cp my.cnf /etc/mysql/ && service mysql restart) || echo "MariaDB déjà configuré, skip"
+
+echo "	=== Create and configure database... ==="
+isDBCreate=$(mysql -e "show databases" | grep "nextcloud")
+[[ -z $isDBCreate ]] && mysql -e "CREATE DATABASE nextcloud;CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY \"$db_pass\";GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';FLUSH PRIVILEGES;ALTER DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;" || echo "La base de donnée de nextcloud est déjà créé, skip"
+
+echo "	=== Installing and configure Redis... ==="
+apt install redis-server php-redis -y
+
+[[ ! -e /etc/redis/redis.conf.bak ]] && cp /etc/redis/redis.conf /etc/redis/redis.conf.bak || echo "Redis est déjà configuré, skip"
+sed -i "s/port 6379/port 0/" /etc/redis/redis.conf
+sed -i "s/redis.sock/redis-server.sock/" /etc/redis/redis.conf
+sed -i s/\#\ unixsocket/\unixsocket/g /etc/redis/redis.conf
+sed -i "s/unixsocketperm 700/unixsocketperm 770/" /etc/redis/redis.conf
+sed -i "s/# maxclients 10000/maxclients 512/" /etc/redis/redis.conf
+usermod -a -G redis www-data || (echo "Erreur quelque part ..." && exit 1)
+[[ ! -e /etc/sysctl.conf.bak ]] && cp /etc/sysctl.conf /etc/sysctl.conf.bak || echo "sysctl est déjà configuré, skip"
+sed -i '$avm.overcommit_memory = 1' /etc/sysctl.conf
+
+service redis-server restart || (echo "Erreur quelque part ..." && exit 1)
+
+echo "	=== Installing NextCloud... ==="
+
+if [[ ! -e /var/www/nextcloud ]]; then
+	mkdir /var/www/nextcloud
+	chown www-data:www-data /var/www/nextcloud
+	chmod 750 /var/www/nextcloud || (echo "Erreur quelque part ..." && exit 1)
+
+	wget https://download.nextcloud.com/server/releases/latest.tar.bz2
+	tar -xjf latest.tar.bz2 -C /var/www && chown -R www-data:www-data /var/www/ && rm -f latest.tar.bz2
+fi
+
+if [[ ! -e /var/nextcloud ]]; then
+	mkdir -p /var/nextcloud
+	chown www-data:www-data /var/nextcloud
+	chmod 750 /var/nextcloud || (echo "Erreur quelque part ..." && exit 1)
+fi
+
+## Add local IP as secondary trust domain
+# Prefere occ methode ...
+# sed -i "/0 => '$nc_domain'.*/a \    1 => '$ip_local:$nc_port'," /var/www/nextcloud/config/config.php
+ip_local=$(/sbin/ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
+[[ $nc_port == 80 ]] && nc_port_loc="" || nc_port_loc=":$nc_port"
+
+[[ -e /var/www/nextcloud/config/config.php ]] && isNCConfig=$(cat /var/www/nextcloud/config/config.php | grep "'installed' => true")
+[[ -z "$isNCConfig" ]] && sudo -u www-data php /var/www/nextcloud/occ maintenance:install --database "mysql" --database-name "nextcloud" --database-user "nextcloud" --database-pass "$db_pass" --admin-user "$admin_user" --admin-pass "$admin_pass" --data-dir "/var/nextcloud/"
+sleep 0.2
+sudo -u www-data php /var/www/nextcloud/occ config:system:set mysql.utf8mb4 --type boolean --value="true"
+sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 0 --value=$nc_domain
+sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value=$ip_local$nc_port_loc
+sudo -u www-data php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=$nc_domain
+
+isNCConfigAdd=$(cat /var/www/nextcloud/config/config.php | grep "activity_expire_days")
+if [[ -z "$isNCConfigAdd" ]]; then
+	sudo -u www-data sed -i 's/^[ ]*//' /var/www/nextcloud/config/config.php
+	sudo -u www-data sed -i '/);/d' /var/www/nextcloud/config/config.php
+	cat config_complete.php >> /var/www/nextcloud/config/config.php
+fi
+
+sudo -u www-data sed -i "s/output_buffering=.*/output_buffering=0/" /var/www/nextcloud/.user.ini
+
+sudo -u www-data php /var/www/nextcloud/occ app:disable survey_client
+sudo -u www-data php /var/www/nextcloud/occ app:disable firstrunwizard
+sudo -u www-data php /var/www/nextcloud/occ app:enable admin_audit
+sudo -u www-data php /var/www/nextcloud/occ app:enable files_pdfviewer
+
+echo "	=== Configure nginx ... ==="
+cp nextcloud.conf /etc/nginx/conf.d/
+cp *optimization.conf /etc/nginx/
+sed -i "s/NC_DOMAIN/$nc_domain/" /etc/nginx/conf.d/nextcloud.conf
+sed -i "s/NC_PORT/$nc_port/" /etc/nginx/conf.d/nextcloud.conf
+sed -i "s/80 default_server;/81 default_server;/" /etc/nginx/sites-enabled/default
+
+chmod u+x ../ssl.sh
+if [[ $isSSL == "false" ]]; then
+	../ssl.sh nonssl
+else
+	../ssl.sh certif
+	../ssl.sh ssl
+fi
+
+echo "	=== Mise en place des scripts et crons ... ==="
+[[ ! -e /opt/scripts ]] && mkdir /opt/scripts
+cp nc_optimize.sh /opt/scripts/
+cp upgrade.sh /opt/scripts/
+cp occ /opt/scripts/
+echo "alias occ='/opt/scripts/occ'" >> ~/.bashrc
+alias occ='/opt/scripts/occ'
+
+[[ -z $(crontab -l | grep "/var/www/nextcloud/cron.php") ]] && (crontab -l ; echo "*/5 * * * * sudo -u www-data /usr/bin/php -f /var/www/nextcloud/cron.php > /dev/null 2>&1") | crontab -u root - || echo "cron nextcloud ever set, skip"
+[[ -z $(crontab -l | grep "/opt/scripts/optimize.sh") ]] && (crontab -l ; echo "5 1 * * * /opt/scripts/optimize.sh > /dev/null 2>&1") | crontab -u root - || echo "cron optimize ever set, skip"
+sudo -u www-data php /var/www/nextcloud/occ background:cron
+
+echo "	=== Restarting services ... ==="
+service php7.3-fpm restart && service nginx restart && service mysql restart && service redis-server restart
+
+bash /opt/scripts/nc_optimize.sh
+
+exit 0
+
+## Ressource complète: https://www.c-rieger.de/nextcloud-installation-guide-ubuntu
--- a/publish.sh
+++ b/publish.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+rm /var/www/nc_install/install-nextcloud.tar.gz
+tar -zcvf /var/www/nc_install/install-nextcloud.tar.gz install.sh .install_templates/ ssl.sh
+chown root:www-data /var/www/nc_install/install-nextcloud.tar.gz
+chmod 755 /var/www/nc_install/install-nextcloud.tar.gz
+echo "Publication terminé"
+
+exit 0
--- a/1
+++ b/1
@ -0,0 +1 @@
+/var/www/nextcloud
--- a/ssl.sh
+++ b/ssl.sh
@ -0,0 +1,56 @@
+#!/bin/bash
+
+if [ "$EUID" -ne 0 ]
+  then echo "Veuillez executez ce script en root"
+  exit 1
+fi
+
+domain=$(cat /etc/nginx/conf.d/nextcloud.conf | grep server_name | awk '{ print $2 }')
+domain=$(echo ${domain::-1})
+
+[[ ! $1 =~ ^(ssl|nonssl|certif)$ ]] && echo "Veuillez choisir ssl, nonssl ou certif pour créer un certificat ssl" && exit 1
+
+ssl(){
+	sed -i "s/'overwriteprotocol' => 'http'/'overwriteprotocol' => 'https'/" /var/www/nextcloud/config/config.php
+	sed -i "s/http/https/" /etc/nginx/conf.d/nextcloud.conf
+	sed -i "s/fastcgi_param HTTPS off/fastcgi_param HTTPS on/" /etc/nginx/conf.d/nextcloud.conf
+	sed -i "s/listen 443;/listen 443 ssl;/" /etc/nginx/conf.d/nextcloud.conf
+	[[ ! -e /etc/nginx/includes ]] && mkdir /etc/nginx/includes
+	cp .install_templates/ssl.conf /etc/nginx/includes/
+	sed -i "/fastcgi_hide_header X-Powered-By;/a \    include includes/ssl.conf;\n    ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;\n    ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;" /etc/nginx/conf.d/nextcloud.conf
+}
+
+nonssl(){
+	sed -i "s/'overwriteprotocol' => 'https'/'overwriteprotocol' => 'http'/" /var/www/nextcloud/config/config.php
+	sed -i "s/https/http/" /etc/nginx/conf.d/nextcloud.conf
+	sed -i "s/fastcgi_param HTTPS on/fastcgi_param HTTPS off/" /etc/nginx/conf.d/nextcloud.conf
+	sed -i '/ssl.conf;/d' /etc/nginx/conf.d/nextcloud.conf
+	sed -i '/ssl_certificate/d' /etc/nginx/conf.d/nextcloud.conf
+}
+
+install_certbot(){
+	[[ -z $(cat /etc/apt/sources.list | grep "buster-backports main") ]] && echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
+	apt update
+	apt install certbot python-certbot-nginx -t buster-backports -y
+}
+
+create_certificate() {
+	cd .install_templates
+	certbot --nginx certonly --non-interactive --agree-tos -m $USER@$domain -d $domain && echo "Le certificat de $domain a bien été déployé" || echo "Une erreur s'est produite lors de la création du certificat SSL"
+
+	## Cronification
+	[[ ! -e /opt/scripts ]] && mkdir /opt/scripts
+	cp ssl_renew.sh /opt/scripts/
+	[[ -z $(crontab -l | grep "/opt/scripts/ssl_renew.sh") ]] && (crontab -l ; echo "12 2 * * 1 /opt/scripts/ssl_renew.sh") | crontab -u root -
+}
+
+certif() {
+	[[ -z $(which certbot) ]] && install_certbot
+	[[ -n /etc/letsencrypt/live/$domain/fullchain.pem ]] && create_certificate
+}
+
+$@
+
+service nginx reload
+
+exit 0