diff --git a/.install/install_requirements.sh b/.install/1-install_requirements.sh similarity index 100% rename from .install/install_requirements.sh rename to .install/1-install_requirements.sh diff --git a/.install/configure_ipfs_layer.sh b/.install/2-configure_ipfs_layer.sh similarity index 100% rename from .install/configure_ipfs_layer.sh rename to .install/2-configure_ipfs_layer.sh diff --git a/.install/install_optional.sh b/.install/3-install_copylaradio.sh similarity index 100% rename from .install/install_optional.sh rename to .install/3-install_copylaradio.sh diff --git a/.install/4-install_playsms.sh b/.install/4-install_playsms.sh new file mode 100755 index 0000000..e8eb6b4 --- /dev/null +++ b/.install/4-install_playsms.sh @@ -0,0 +1,123 @@ +#!/bin/bash + +MY_PATH="`dirname \"$0\"`" # relative +MY_PATH="`( cd \"$MY_PATH\" && pwd )`" # absolutized and normalized + +unset err + +echo -e "${c_yellow}Choisissez un nom de domain pour playsms: $c_" +read PSMS_DOMAIN + +sudo apt -y update +sudo apt -y install nginx php7.3-fpm php7.3-gd php7.3-mysql php7.3-curl php7.3-imap php7.3-mbstring php7.3-xml php7.3-cli mysql-server + +## Create database + +if [[ ! $(sudo mysql -e "show databases;" | grep playsms) ]]; then + sudo mysql -e "CREATE DATABASE playsms" + sudo mysql -e "CREATE USER 'playsms'@'localhost' IDENTIFIED BY 'playsms@mdp+';" + sudo mysql -e "GRANT ALL PRIVILEGES ON playsms.* TO 'playsms'@'localhost';" + sudo mysql -e "FLUSH PRIVILEGES;" +fi + +## Clone repo playSMS +git clone https://github.com/antonraharja/playSMS.git $MY_PATH/playsms + +cp $MY_PATH/templates/install-playsms.conf $MY_PATH/playsms/install.conf +pwdDB=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 42 | head -n 1) +sed -i "s/_pwdDB/$pwdDB/g" $MY_PATH/playsms/install.conf + +sudo chmod u+x $MY_PATH/playsms/install-playsms.sh +cd $MY_PATH/playsms +sudo ./install-playsms.sh +cd $MY_PATH +sudo rm -rf playsms + + +## Start playsmsd on boot +sudo /usr/local/bin/playsmsd start +[[ ! $(grep playsmsd /etc/rc.local) ]] && sudo sed -i '/^exit 0.*/i /usr/local/bin/playsmsd start' /etc/rc.local + +## Tests +if [[ $(sudo playsmsd status) =~ "is running" ]]; then + echo -e "${c_green}playSMS a été installé correctement et le daemon est démarré =)$c_" +else + echo -e "${c_red}Une erreur est survenu$c_" + err=1 +fi + +## Config NGINX + +[[ ! -d /etc/nginx/def_conf ]] && sudo mkdir /etc/nginx/def_conf/ +sudo cp $MY_PATH/templates/proxypass.conf /etc/nginx/def_conf/ +sudo cp $MY_PATH/templates/playsms.conf /etc/nginx/conf.d/ +sudo sed -i "s/_PSMS_DOMAIN/$PSMS_DOMAIN/" /etc/nginx/conf.d/playsms.conf + +## Active SSL + +manageSSL() { + + local action=$1 + [[ ! $action =~ ^(on|off|certif)$ ]] && echo "Veuillez choisir ssl, nonssl ou certif pour créer un certificat ssl" && exit 1 + + install_certbot(){ + if [[ $(grep buster /etc/os-release) ]]; then + [[ -z $(cat /etc/apt/sources.list | grep "buster-backports main") ]] && echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list + sudo apt update + sudo apt install certbot python-certbot-nginx -t buster-backports -y + elif [[ $(grep stretch /etc/os-release) ]]; then + sudo apt update + sudo apt install certbot python-certbot-nginx -y + fi + } + + create_certificate() { + sudo certbot --nginx certonly --non-interactive --agree-tos -m $USER@$PSMS_DOMAIN -d $PSMS_DOMAIN && echo "Le certificat de $PSMS_DOMAIN a bien été déployé" || echo "Une erreur s'est produite lors de la création du certificat SSL" + + ## Cronification + [[ ! -e /opt/scripts ]] && sudo mkdir /opt/scripts + sudo cp $MY_PATH/templates/ssl_renew.sh /opt/scripts/ + [[ -z $(sudo crontab -l | grep "/opt/scripts/ssl_renew.sh") ]] && (sudo crontab -l ; sudo echo "12 2 * * 1 /opt/scripts/ssl_renew.sh") | sudo crontab -u root - + } + + + case $action in + on) + sudo sed -i 's/ #if/ if/' /etc/nginx/conf.d/playsms.conf + + sudo sed -i "s/listen 443;/listen 443 ssl;/" /etc/nginx/conf.d/playsms.conf + [[ ! -d /etc/nginx/includes ]] && sudo mkdir /etc/nginx/includes + sudo cp $MY_PATH/templates/ssl.conf /etc/nginx/includes/ + sudo sed -i "/Content-Security-Policy/a \ include includes/ssl.conf;\n ssl_certificate /etc/letsencrypt/live/$PSMS_DOMAIN/fullchain.pem;\n ssl_certificate_key /etc/letsencrypt/live/$PSMS_DOMAIN/privkey.pem;" /etc/nginx/conf.d/playsms.conf + ;; + + off) + sudo sed -i 's/ if/ #if/' /etc/nginx/conf.d/playsms.conf + sudo sed -i '/ssl.conf;/d' /etc/nginx/conf.d/playsms.conf + sudo sed -i '/ssl_certificate/d' /etc/nginx/conf.d/playsms.conf + ;; + certif) + [[ -z $(which certbot) ]] && install_certbot + [[ -n /etc/letsencrypt/live/$PSMS_DOMAIN/fullchain.pem ]] && create_certificate + ;; + + esac +} + +echo -e "${c_yellow}playSMS ne fonctionne pas sans certifcat SSL.$c_" +printf "${c_yellow}Voulez activer installer un certificat SSL maintenant pour $PSMS_DOMAIN ? (o/n) $c_" +read askSSL +if [[ $askSSL =~ ^(o|y|yes|oui|Y|O|YES)$ ]]; then + manageSSL certif + if sudo test -f /etc/letsencrypt/live/$PSMS_DOMAIN/fullchain.pem; then manageSSL on; else manageSSL off && echo "Une erreur s'est produite, basculement vers le mode non SSL"; fi + http=https +else + manageSSL off + http=http +fi + +sudo service nginx restart + +[[ ! $err ]] && echo -e "${c_green}Félicitation ! playSMS est accessible via l'URL $http://$PSMS_DOMAIN" || echo -e "${c_red}Installation incomplète$c_" + +exit 0 diff --git a/.install/templates/.profile b/.install/templates/.profile new file mode 100644 index 0000000..c4a4d75 --- /dev/null +++ b/.install/templates/.profile @@ -0,0 +1,7 @@ +#!/bin/bash + +ADMINPSEUDO= +ADMINPHONE= +MASTERPHONE= +ADRESSE= + diff --git a/.install/templates/install-playsms.conf b/.install/templates/install-playsms.conf new file mode 100644 index 0000000..03cd481 --- /dev/null +++ b/.install/templates/install-playsms.conf @@ -0,0 +1,43 @@ +# MySQL database username +DBUSER="playsms" + +# MySQL database password +DBPASS="_pwdDB" + +# MySQL database name +DBNAME="playsms" + +# MySQL database host +DBHOST="localhost" + +# MySQL database port +DBPORT="3306" + +# Web server's user, for example apache2 user by default is www-data +# note: please make sure your web server user +WEBSERVERUSER="www-data" + +# Web server's group, for example apache2 group by default is www-data +# note: please make sure your web server group +WEBSERVERGROUP="www-data" + +# Path to playSMS extracted source files +PATHSRC="$(pwd)" + +# Path to playSMS web files +# note: please make sure your web root path, in this example its /var/www/html +PATHWEB="/var/www/playsms" + +# Path to playSMS additional files +PATHLIB="/var/www/playsms/lib/" + +# Path to playSMS daemon and other binary files +PATHBIN="/usr/local/bin" + +# Path to playSMS log files +PATHLOG="/var/log/playsms" + +# Path to playSMS daemon configuration file +# note: this example will create playsmsd.conf in /etc +PATHCONF="/etc" + diff --git a/.install/templates/playsms.conf b/.install/templates/playsms.conf new file mode 100644 index 0000000..41dce2f --- /dev/null +++ b/.install/templates/playsms.conf @@ -0,0 +1,40 @@ +server { + listen 80; + listen 443; + listen [::]:443 ssl; + server_name _PSMS_DOMAIN; + + add_header Content-Security-Policy upgrade-insecure-requests; + add_header 'Access-Control-Allow-Origin' '*'; + + #if ($http_x_forwarded_proto = "http") { return 301 https://$server_name$request_uri; } + + location / { + try_files $uri/ $uri /index.php?/$request_uri; # =404; + include /etc/nginx/def_conf/proxypass.conf; + } + + + index index.php index.html; + root /var/www/playsms/; + + # set expiration of assets to MAX for caching + location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ { + expires max; + log_not_found off; + } + + # php parsing + location ~ \.php$ { + include fastcgi_params; + fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + + error_log /var/log/nginx/playsms_error.log; + access_log /var/log/nginx/playsms_access.log; + + +} + diff --git a/.install/templates/proxypass.conf b/.install/templates/proxypass.conf new file mode 100644 index 0000000..1e3fc6a --- /dev/null +++ b/.install/templates/proxypass.conf @@ -0,0 +1,9 @@ +proxy_http_version 1.1; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection "upgrade"; +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forward-Proto http; +proxy_set_header X-Nginx-Proxy true; + diff --git a/.install/templates/ssl.conf b/.install/templates/ssl.conf new file mode 100644 index 0000000..64ff68f --- /dev/null +++ b/.install/templates/ssl.conf @@ -0,0 +1,16 @@ + ssl_session_timeout 4h; + ssl_session_cache shared:SSL:50m; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CBC-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; + ssl_prefer_server_ciphers on; + + add_header Strict-Transport-Security max-age=15768000; + + ssl_stapling on; + ssl_stapling_verify on; + + resolver 8.8.8.8 8.8.4.4 valid=86400; + resolver_timeout 10; + + ssl_session_tickets on; diff --git a/.install/templates/ssl_renew.sh b/.install/templates/ssl_renew.sh new file mode 100644 index 0000000..5915d47 --- /dev/null +++ b/.install/templates/ssl_renew.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +log="/var/log/ssl_renew.log" +date=$(date +%d-%m-%Y) + +renew=$(certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start") + +echo "####################################################################################" >> $log +echo "#################################### $date ####################################" >> $log +echo "####################################################################################" >> $log + +echo "$renew" >> $log + +if [[ $renew = *"No hooks were run"* ]]; then + echo "Rien n'a été fait" >> $log +else + sleep 5 + sudo service nginx stop + sleep 1 + killall nginx + sleep 3 + sudo service nginx restart &>> $log + echo "Des certificats ont été renouvellés" >> $log +fi + +exit 0 diff --git a/.profile b/.profile new file mode 100644 index 0000000..a6d3ca3 --- /dev/null +++ b/.profile @@ -0,0 +1,7 @@ +#!/bin/bash + +ADMINPSEUDO=poka +ADMINPHONE=0650573417 +MASTERPHONE=0699999999 +ADRESSE=Blois + diff --git a/install.sh b/install.sh index df81a6b..16e9716 100755 --- a/install.sh +++ b/install.sh @@ -8,59 +8,58 @@ MY_PATH="`dirname \"$0\"`" # relative MY_PATH="`( cd \"$MY_PATH\" && pwd )`" # absolutized and normalized init_loc="$MY_PATH/shell/init.sh" now=$(date +%Y-%m-%d) -repOption=$1 -#force_req="o" -## Update G1sms+ code -git pull +args="$@" +[[ $args =~ all ]] && repOption=o +[[ $args =~ noptions ]] && repOption=n +[[ $args =~ force ]] && force_req=o +[[ $args =~ noask ]] && noask=o -chmod u+x $MY_PATH/.install/*.sh +unset err if [ "$EUID" -eq 0 ] then echo -e "${c_red}Veuillez ne pas executez ce script en root. Choisissez un utilisateur pour votre serveur G1sms+ (nous recommandons l'utilisateur pi)$c_" exit 1 fi +## Update G1sms+ code +git pull || err=1 + +chmod u+x $MY_PATH/.install/*.sh + $MY_PATH/.install/export_colors.sh [[ -f ~/.bash_aliases ]] && source ~/.bash_aliases ## Vérifie si IPFS est installé if [[ $force_req == "o" || -z $(which ipfs) || -z $(which gammu) ]];then echo -e "${c_yellow}IPFS ou gammu n'ont pas été détectés sur votre machine, nous allons installer tous les prérequis...$c_" - $MY_PATH/.install/install_requirements.sh - $MY_PATH/.install/configure_ipfs_layer.sh + $MY_PATH/.install/1-install_requirements.sh || err=1 + $MY_PATH/.install/2-configure_ipfs_layer.sh || err=1 else echo -e "${c_green}IPFS et gammu sont déjà installé !$c_" fi echo -e "${c_yellow}Ce script va désormais configurer votre noeud G1sms+$c_" -IPFS=$(ps auxf --sort=+utime | grep -w ipfs | grep -v -E 'color=auto|grep' | tail -n 1 | cut -d " " -f 1); +YOU=$(ps auxf --sort=+utime | grep -w ipfs | grep -v -E 'color=auto|grep' | tail -n 1 | cut -d " " -f 1); +[[ -f .profile ]] && source .profile if [[ -f $MY_PATH/.install/templates/init.sh ]]; then - echo -e "${c_light}Quel est l'utilisateur du système IPFS (détecté: $IPFS)?$c_" - read YOU - if [[ "$YOU" == "" ]]; then YOU=$IPFS; fi + [[ ! $ADMINPSEUDO ]] && echo -e "${c_light}Votre PSEUDO? (celui de votre Compte membre Duniter)$c_" && read ADMINPSEUDO + [[ "$ADMINPSEUDO" == "" ]] && echo -e "${c_red}IMPOSSIBLE DE CONTINUER$c_" && exit 1 - echo -e "${c_light}Votre PSEUDO? (celui de votre Compte membre Duniter)$c_" - read ADMINPSEUDO - if [[ "$ADMINPSEUDO" == "" ]]; then echo -e "${c_red}IMPOSSIBLE DE CONTINUER$c_"; exit; fi + [[ ! $ADMINPHONE ]] && echo -e "${c_light}Le Numéro de téléphone SMS Admin? (Support de ce noeud) (ex +33611223344)$c_" && read ADMINPHONE + [[ "$ADMINPHONE" == "" ]] && echo -e "${c_red}IMPOSSIBLE DE CONTINUER$c_" && exit 1 - echo -e "${c_light}Le Numéro de téléphone SMS Admin? (Support de ce noeud) (ex +33611223344)$c_" - read ADMINPHONE - if [[ "$ADMINPHONE" == "" ]]; then echo -e "${c_red}IMPOSSIBLE DE CONTINUER$c_"; exit; fi + [[ ! $MASTERPHONE ]] && echo -e "${c_light}Le numéro de la carte SIM, du module SMS. AUCUNE liaison SMS? Laissez vide (défaut: +33600000000)$c_" && read MASTERPHONE + [[ "$MASTERPHONE" == "" ]] && MASTERPHONE="+33600000000" - echo -e "${c_light}Le numéro de la carte SIM, du module SMS. AUCUNE liaison SMS? Laissez vide (défaut: +33600000000)$c_" - read MASTERPHONE - if [[ "$MASTERPHONE" == "" ]]; then MASTERPHONE="+33600000000"; fi + [[ ! $ADRESSE ]] && echo -e "${c_light}L'adresse où se trouve votre G1Node pour indiquer où venir chercher ses G1Tag (ex: au G1FabLab de Toulouse)$c_" && read ADRESSE - echo -e "${c_light}L'adresse où se trouve votre G1Node pour indiquer où venir chercher ses G1Tag (ex: au G1FabLab de Toulouse)$c_" - read ADRESSE - - echo -e "${c_light}${c_blue}LES PARAMETRES SONT BONS? Appliquer? ENTER ou CTRL-C ?$c_" - read + echo -e "ADMINPSEUDO: $ADMINPSEUDO\nADMINPHONE: $ADMINPHONE\nMASTERPHONE: $MASTERPHONE\nADRESSE: $ADRESSE" + [[ $noask != "o" ]] && echo -e "${c_light}${c_blue}LES PARAMETRES SONT BONS? Appliquer? ENTER ou CTRL-C ?$c_" && read [[ -f shell/init.sh ]] && mv shell/init.sh shell/init.sh.old - cp $MY_PATH/.install/templates/init.sh shell/init.sh + cp $MY_PATH/.install/templates/init.sh shell/init.sh || err=1 sed -i s/pi/$YOU/g $init_loc sed -i s/+33600000000/$MASTERPHONE/g $init_loc @@ -68,13 +67,24 @@ if [[ -f $MY_PATH/.install/templates/init.sh ]]; then sed -i s/+33647683646/$ADMINPHONE/g $init_loc sed -i s/Fred/$ADMINPSEUDO/g $init_loc - cat $init_loc + cat $init_loc || err=1 else echo -e "${c_red}init.sh introuvable...$c_" + err=1 exit 1 fi -## Installation optionnel de copylaradio +## Installations optionnels +repOld=$repOption [[ -z $repOption ]] && echo -e "${c_yellow}Voulez-vous installer les modules complémentaires de copylaradio ? (o/n)$c_" && read repOption -[[ $repOption =~ ^(o|1|yes|options)$ ]] && .install/install_optional.sh +[[ $repOption =~ ^(o|1|yes|options|a|all)$ ]] && .install/3-install_copylaradio.sh; repOption=$repOld +[[ -z $repOption ]] && echo -e "${c_yellow}Voulez-vous installer l'interface web playSMS ? (o/n)$c_" && read repOption +[[ $repOption =~ ^(o|1|yes|options|a|all)$ ]] && .install/4-install_playsms.sh; repOption=$repOld + +if [[ $err ]]; then + echo -e "---\n${c_red}L'installation n'est mal déroulé =($c_" +else + echo -e "---\n${c_green}L'installation de votre noeud G1SMS est terminé !\nBienvenue à bord =)$c_" +fi +exit 0