Add Nextcloud flavour
This commit is contained in:
parent
bb6f39dbf4
commit
d9f5c1a1ef
|
@ -0,0 +1,35 @@
|
|||
# Automatic install of Nextcloud on Debian 8/9/10
|
||||
## Use
|
||||
|
||||
Set good variables for your use case at the beginning of install.sh:
|
||||
|
||||
```
|
||||
nc_domain="" # Votre nom de domaine pour votre nextcloud. Si vide il prendra le premier argument que vous passerez, sinon le hostname de votre machine
|
||||
nc_port=80 # Numéro de port d'écoute de nginx
|
||||
admin_user="admin" # Le pseudo du compte admin
|
||||
admin_pass="admin" # Le mot de passe que vous désirez pour le compte admin
|
||||
db_pass="" # Le mot de passe que vous désirez pour MariaDB. Si vide, un mot de passe aléatoire sécurisé sera choisi
|
||||
isSSL=false # true si nextcloud et nginx doivent être configuré en https
|
||||
configMaria=auto # Mettez manual ou auto, attention auto est expérimental et vraiment pas recommendé
|
||||
p2env=false # true si vous êtes dans un environnement p2p.legal
|
||||
```
|
||||
|
||||
Then:
|
||||
|
||||
```
|
||||
chmod u+x install.sh
|
||||
./install.sh
|
||||
```
|
||||
|
||||
You can change the ssl state of your instance after the installation if you need.
|
||||
Just execute ssl.sh:
|
||||
|
||||
`./ssl.sh`
|
||||
|
||||
If you prefere, you can download this script directly via:
|
||||
|
||||
```
|
||||
wget https://dev-nextcloud.p2p.legal/installeur/install-nextcloud.tar.gz
|
||||
tar -zxvf install-nextcloud.tar.gz
|
||||
./install.sh 2>&1 | tee loginstall.log
|
||||
```
|
|
@ -0,0 +1,179 @@
|
|||
#!/bin/bash
|
||||
################################################################################
|
||||
# Author: poka (poka@p2p.legal)
|
||||
# Version: 0.1
|
||||
# License: AGPL-3.0 (https://choosealicense.com/licenses/agpl-3.0/)
|
||||
################################################################################
|
||||
|
||||
|
||||
### Variables ###
|
||||
|
||||
nc_domain="" # Votre nom de domaine pour votre nextcloud. Si vide il prendra le premier argument que vous passerez, sinon le hostname de votre machine
|
||||
nc_port=10050 # Numéro de port d'écoute de nginx
|
||||
admin_user="admin" # Le pseudo du compte admin
|
||||
admin_pass="admin" # Le mot de passe que vous désirez pour le compte admin
|
||||
db_pass="" # Le mot de passe que vous désirez pour MariaDB. Si vide, un mot de passe aléatoire sécurisé sera choisi
|
||||
isSSL=false # true si nextcloud et nginx doivent être configuré en https
|
||||
configMaria=auto # Mettez manual ou auto, attention auto est expérimental et vraiment pas recommendé
|
||||
p2env=false # true si vous êtes dans un environnement p2p.legal
|
||||
|
||||
#################
|
||||
|
||||
if [ "$EUID" -ne 0 ]
|
||||
then echo "Veuillez executez ce script en root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
## Atroport config
|
||||
nc_domain=$(../../zen/tools/nodename)
|
||||
|
||||
## Set var
|
||||
[[ -z $nc_domain ]] && nc_domain=$1
|
||||
[[ -z $nc_domain ]] && nc_domain=$(echo $HOSTNAME.p2p.legal)
|
||||
[[ -z $db_pass ]] && db_pass="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" && echo "Votre mot de passe mysql nextcloud est : $db_pass" >> /root/nextcloud_mysql_pwd.txt
|
||||
db_pass_root="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9~!@#$%^&*_-' | fold -w 32 | head -n 1)"
|
||||
|
||||
if [[ p2env == "true" ]]; then
|
||||
cd /nextcloud/.install_templates/
|
||||
else
|
||||
[[ ! -e .install_templates ]] && echo "Erreur: Le dossier .install_templates n'existe pas, installation impossible." && exit 1
|
||||
cd .install_templates
|
||||
fi
|
||||
|
||||
## Set apt key and upgrade system
|
||||
apt update -y
|
||||
apt upgrade -y
|
||||
|
||||
apt install nginx mariadb-server apt-transport-https curl gnupg2 git lsb-release ssl-cert ca-certificates apt-transport-https tree locate software-properties-common dirmngr screen htop net-tools zip unzip curl ffmpeg ghostscript libfile-fcntllock-perl -y
|
||||
|
||||
linux_version=$(cat /etc/os-release | grep VERSION_CODENAME | awk -F '=' '{ print $2}')
|
||||
wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -
|
||||
echo "deb https://packages.sury.org/php/ $linux_version main" | tee /etc/apt/sources.list.d/ondrej.list
|
||||
apt update -y
|
||||
|
||||
systemctl start nginx || (echo "Erreur quelque part ..." && exit 1)
|
||||
systemctl start mariadb || (echo "Erreur quelque part ..." && exit 1)
|
||||
systemctl enable mariadb || (echo "Erreur quelque part ..." && exit 1)
|
||||
systemctl enable nginx || (echo "Erreur quelque part ..." && exit 1)
|
||||
|
||||
echo " === Installing php ... ==="
|
||||
apt install php7.3 php7.3-fpm php7.3-xml php7.3-curl php7.3-gd php7.3 php7.3-cgi php7.3-cli php7.3-zip php7.3-mysql php7.3-mbstring php7.3-intl php7.3-json php7.3-bz2 php7.3-ldap php-apcu imagemagick php-imagick php-smbclient -y
|
||||
|
||||
echo " === Configuring php ... ==="
|
||||
[[ ! -e /etc/php/7.3/cli/php.ini.bak ]] && (bash configure_php.sh || (echo "Erreur quelque part ..." && exit 1)) || echo "PHP déjà configuré, skip"
|
||||
|
||||
echo " === Configure MariaDB ==="
|
||||
configMariaManual() {
|
||||
mysql_secure_installation || (echo "Erreur quelque part ..." && exit 1)
|
||||
}
|
||||
configMariaAuto() {
|
||||
mysql -e "UPDATE mysql.user SET Password = PASSWORD('$db_pass_root') WHERE User = 'root'"
|
||||
isLocalhostUsers=$(mysql -e "select user from mysql.user;" | grep "localhost")
|
||||
isTestDB=$(mysql -e "show databases" | grep "test")
|
||||
[[ -n $isLocalhostUsers ]] && mysql -e "DROP USER ''@'localhost'; DROP USER ''@'$(hostname)'"
|
||||
[[ -n $isTestDB ]] && mysql -e "DROP DATABASE test"
|
||||
mysql -e "FLUSH PRIVILEGES"
|
||||
}
|
||||
|
||||
[[ $configMaria == "auto" ]] && configMariaAuto || configMariaManual
|
||||
[[ ! -e /etc/mysql/my.cnf.bak ]] && (mv /etc/mysql/my.cnf /etc/mysql/my.cnf.bak && cp my.cnf /etc/mysql/ && service mysql restart) || echo "MariaDB déjà configuré, skip"
|
||||
|
||||
echo " === Create and configure database... ==="
|
||||
isDBCreate=$(mysql -e "show databases" | grep "nextcloud")
|
||||
[[ -z $isDBCreate ]] && mysql -e "CREATE DATABASE nextcloud;CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY \"$db_pass\";GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';FLUSH PRIVILEGES;ALTER DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;" || echo "La base de donnée de nextcloud est déjà créé, skip"
|
||||
|
||||
echo " === Installing and configure Redis... ==="
|
||||
apt install redis-server php-redis -y
|
||||
|
||||
[[ ! -e /etc/redis/redis.conf.bak ]] && cp /etc/redis/redis.conf /etc/redis/redis.conf.bak || echo "Redis est déjà configuré, skip"
|
||||
sed -i "s/port 6379/port 0/" /etc/redis/redis.conf
|
||||
sed -i "s/redis.sock/redis-server.sock/" /etc/redis/redis.conf
|
||||
sed -i s/\#\ unixsocket/\unixsocket/g /etc/redis/redis.conf
|
||||
sed -i "s/unixsocketperm 700/unixsocketperm 770/" /etc/redis/redis.conf
|
||||
sed -i "s/# maxclients 10000/maxclients 512/" /etc/redis/redis.conf
|
||||
usermod -a -G redis www-data || (echo "Erreur quelque part ..." && exit 1)
|
||||
[[ ! -e /etc/sysctl.conf.bak ]] && cp /etc/sysctl.conf /etc/sysctl.conf.bak || echo "sysctl est déjà configuré, skip"
|
||||
sed -i '$avm.overcommit_memory = 1' /etc/sysctl.conf
|
||||
|
||||
service redis-server restart || (echo "Erreur quelque part ..." && exit 1)
|
||||
|
||||
echo " === Installing NextCloud... ==="
|
||||
|
||||
if [[ ! -e /var/www/nextcloud ]]; then
|
||||
mkdir /var/www/nextcloud
|
||||
chown www-data:www-data /var/www/nextcloud
|
||||
chmod 750 /var/www/nextcloud || (echo "Erreur quelque part ..." && exit 1)
|
||||
|
||||
wget https://download.nextcloud.com/server/releases/latest.tar.bz2
|
||||
tar -xjf latest.tar.bz2 -C /var/www && chown -R www-data:www-data /var/www/ && rm -f latest.tar.bz2
|
||||
fi
|
||||
|
||||
if [[ ! -e /var/nextcloud ]]; then
|
||||
mkdir -p /var/nextcloud
|
||||
chown www-data:www-data /var/nextcloud
|
||||
chmod 750 /var/nextcloud || (echo "Erreur quelque part ..." && exit 1)
|
||||
fi
|
||||
|
||||
## Add local IP as secondary trust domain
|
||||
# Prefere occ methode ...
|
||||
# sed -i "/0 => '$nc_domain'.*/a \ 1 => '$ip_local:$nc_port'," /var/www/nextcloud/config/config.php
|
||||
ip_local=$(/sbin/ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
|
||||
[[ $nc_port == 80 ]] && nc_port_loc="" || nc_port_loc=":$nc_port"
|
||||
|
||||
[[ -e /var/www/nextcloud/config/config.php ]] && isNCConfig=$(cat /var/www/nextcloud/config/config.php | grep "'installed' => true")
|
||||
[[ -z "$isNCConfig" ]] && sudo -u www-data php /var/www/nextcloud/occ maintenance:install --database "mysql" --database-name "nextcloud" --database-user "nextcloud" --database-pass "$db_pass" --admin-user "$admin_user" --admin-pass "$admin_pass" --data-dir "/var/nextcloud/"
|
||||
sleep 0.2
|
||||
sudo -u www-data php /var/www/nextcloud/occ config:system:set mysql.utf8mb4 --type boolean --value="true"
|
||||
sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 0 --value=$nc_domain
|
||||
sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 1 --value=$ip_local$nc_port_loc
|
||||
sudo -u www-data php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=$nc_domain
|
||||
|
||||
isNCConfigAdd=$(cat /var/www/nextcloud/config/config.php | grep "activity_expire_days")
|
||||
if [[ -z "$isNCConfigAdd" ]]; then
|
||||
sudo -u www-data sed -i 's/^[ ]*//' /var/www/nextcloud/config/config.php
|
||||
sudo -u www-data sed -i '/);/d' /var/www/nextcloud/config/config.php
|
||||
cat config_complete.php >> /var/www/nextcloud/config/config.php
|
||||
fi
|
||||
|
||||
sudo -u www-data sed -i "s/output_buffering=.*/output_buffering=0/" /var/www/nextcloud/.user.ini
|
||||
|
||||
sudo -u www-data php /var/www/nextcloud/occ app:disable survey_client
|
||||
sudo -u www-data php /var/www/nextcloud/occ app:disable firstrunwizard
|
||||
sudo -u www-data php /var/www/nextcloud/occ app:enable admin_audit
|
||||
sudo -u www-data php /var/www/nextcloud/occ app:enable files_pdfviewer
|
||||
|
||||
echo " === Configure nginx ... ==="
|
||||
cp nextcloud.conf /etc/nginx/conf.d/
|
||||
cp *optimization.conf /etc/nginx/
|
||||
sed -i "s/NC_DOMAIN/$nc_domain/" /etc/nginx/conf.d/nextcloud.conf
|
||||
sed -i "s/NC_PORT/$nc_port/" /etc/nginx/conf.d/nextcloud.conf
|
||||
sed -i "s/80 default_server;/81 default_server;/" /etc/nginx/sites-enabled/default
|
||||
|
||||
chmod u+x ../ssl.sh
|
||||
if [[ $isSSL == "false" ]]; then
|
||||
../ssl.sh nonssl
|
||||
else
|
||||
../ssl.sh certif
|
||||
../ssl.sh ssl
|
||||
fi
|
||||
|
||||
echo " === Mise en place des scripts et crons ... ==="
|
||||
[[ ! -e /opt/scripts ]] && mkdir /opt/scripts
|
||||
cp nc_optimize.sh /opt/scripts/
|
||||
cp upgrade.sh /opt/scripts/
|
||||
cp occ /opt/scripts/
|
||||
echo "alias occ='/opt/scripts/occ'" >> ~/.bashrc
|
||||
alias occ='/opt/scripts/occ'
|
||||
|
||||
[[ -z $(crontab -l | grep "/var/www/nextcloud/cron.php") ]] && (crontab -l ; echo "*/5 * * * * sudo -u www-data /usr/bin/php -f /var/www/nextcloud/cron.php > /dev/null 2>&1") | crontab -u root - || echo "cron nextcloud ever set, skip"
|
||||
[[ -z $(crontab -l | grep "/opt/scripts/optimize.sh") ]] && (crontab -l ; echo "5 1 * * * /opt/scripts/optimize.sh > /dev/null 2>&1") | crontab -u root - || echo "cron optimize ever set, skip"
|
||||
sudo -u www-data php /var/www/nextcloud/occ background:cron
|
||||
|
||||
echo " === Restarting services ... ==="
|
||||
service php7.3-fpm restart && service nginx restart && service mysql restart && service redis-server restart
|
||||
|
||||
bash /opt/scripts/nc_optimize.sh
|
||||
|
||||
exit 0
|
||||
|
||||
## Ressource complète: https://www.c-rieger.de/nextcloud-installation-guide-ubuntu
|
|
@ -0,0 +1,69 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ "$EUID" -ne 0 ]
|
||||
then echo "Veuillez executez ce script en root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
domain=$(cat /etc/nginx/conf.d/nextcloud.conf | grep server_name | awk '{ print $2 }')
|
||||
domain=$(echo ${domain::-1})
|
||||
|
||||
[[ ! $1 =~ ^(ssl|nonssl|certif)$ ]] && echo "Veuillez choisir ssl, nonssl ou certif pour créer un certificat ssl" && exit 1
|
||||
|
||||
ssl(){
|
||||
sed -i "s/'overwriteprotocol' => 'http'/'overwriteprotocol' => 'https'/" /var/www/nextcloud/config/config.php
|
||||
sed -i "s/http/https/" /etc/nginx/conf.d/nextcloud.conf
|
||||
sed -i "s/fastcgi_param HTTPS off/fastcgi_param HTTPS on/" /etc/nginx/conf.d/nextcloud.conf
|
||||
sed -i "s/listen 443;/listen 443 ssl;/" /etc/nginx/conf.d/nextcloud.conf
|
||||
[[ ! -e /etc/nginx/includes ]] && mkdir /etc/nginx/includes
|
||||
cp .install_templates/ssl.conf /etc/nginx/includes/
|
||||
sed -i "/fastcgi_hide_header X-Powered-By;/a \ include includes/ssl.conf;\n ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;\n ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;" /etc/nginx/conf.d/nextcloud.conf
|
||||
}
|
||||
|
||||
nonssl(){
|
||||
sed -i "s/'overwriteprotocol' => 'https'/'overwriteprotocol' => 'http'/" /var/www/nextcloud/config/config.php
|
||||
sed -i "s/https/http/" /etc/nginx/conf.d/nextcloud.conf
|
||||
sed -i "s/fastcgi_param HTTPS on/fastcgi_param HTTPS off/" /etc/nginx/conf.d/nextcloud.conf
|
||||
sed -i '/ssl.conf;/d' /etc/nginx/conf.d/nextcloud.conf
|
||||
sed -i '/ssl_certificate/d' /etc/nginx/conf.d/nextcloud.conf
|
||||
}
|
||||
|
||||
|
||||
install_certbot(){
|
||||
sudo apt update
|
||||
if [[ $(grep buster /etc/os-release) ]]; then
|
||||
[[ -z $(cat /etc/apt/sources.list | grep "buster-backports main") ]] && echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
|
||||
sudo apt install certbot python-certbot-nginx -t buster-backports -y
|
||||
elif [[ $(grep stretch /etc/os-release) ]]; then
|
||||
sudo apt install certbot python-certbot-nginx -y
|
||||
elif [[ $(grep -E '16.|17.|18.|19.' /etc/os-release) ]]; then
|
||||
sudo apt install software-properties-common
|
||||
sudo add-apt-repository universe
|
||||
sudo add-apt-repository ppa:certbot/certbot
|
||||
sudo apt update
|
||||
sudo apt install certbot python-certbot-nginx
|
||||
else
|
||||
echo "OS non supporté pour certbot." && exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
create_certificate() {
|
||||
cd .install_templates
|
||||
certbot --nginx certonly --non-interactive --agree-tos -m $USER@$domain -d $domain && echo "Le certificat de $domain a bien été déployé" || echo "Une erreur s'est produite lors de la création du certificat SSL"
|
||||
|
||||
## Cronification
|
||||
[[ ! -e /opt/scripts ]] && mkdir /opt/scripts
|
||||
cp ssl_renew.sh /opt/scripts/
|
||||
[[ -z $(crontab -l | grep "/opt/scripts/ssl_renew.sh") ]] && (crontab -l ; echo "12 2 * * 1 /opt/scripts/ssl_renew.sh") | crontab -u root -
|
||||
}
|
||||
|
||||
certif() {
|
||||
[[ -z $(which certbot) ]] && install_certbot
|
||||
[[ -n /etc/letsencrypt/live/$domain/fullchain.pem ]] && create_certificate
|
||||
}
|
||||
|
||||
$@
|
||||
|
||||
service nginx reload
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,52 @@
|
|||
'activity_expire_days' => 14,
|
||||
'auth.bruteforce.protection.enabled' => true,
|
||||
'blacklisted_files' =>
|
||||
array (
|
||||
0 => '.htaccess',
|
||||
1 => 'Thumbs.db',
|
||||
2 => 'thumbs.db',
|
||||
),
|
||||
'cron_log' => true,
|
||||
'enable_previews' => true,
|
||||
'enabledPreviewProviders' =>
|
||||
array (
|
||||
0 => 'OC\\Preview\\PNG',
|
||||
1 => 'OC\\Preview\\JPEG',
|
||||
2 => 'OC\\Preview\\GIF',
|
||||
3 => 'OC\\Preview\\BMP',
|
||||
4 => 'OC\\Preview\\XBitmap',
|
||||
5 => 'OC\\Preview\\Movie',
|
||||
6 => 'OC\\Preview\\PDF',
|
||||
7 => 'OC\\Preview\\MP3',
|
||||
8 => 'OC\\Preview\\TXT',
|
||||
9 => 'OC\\Preview\\MarkDown',
|
||||
),
|
||||
'filesystem_check_changes' => 0,
|
||||
'filelocking.enabled' => 'true',
|
||||
'htaccess.RewriteBase' => '/',
|
||||
'integrity.check.disabled' => false,
|
||||
'knowledgebaseenabled' => false,
|
||||
'logfile' => '/var/log/nextcloud.log',
|
||||
'loglevel' => 2,
|
||||
'logtimezone' => 'Europe/Paris',
|
||||
'log_rotate_size' => 104857600,
|
||||
'maintenance' => false,
|
||||
'memcache.local' => '\\OC\\Memcache\\APCu',
|
||||
'memcache.locking' => '\\OC\\Memcache\\Redis',
|
||||
'overwriteprotocol' => 'https',
|
||||
'preview_max_x' => 1024,
|
||||
'preview_max_y' => 768,
|
||||
'preview_max_scale_factor' => 1,
|
||||
'redis' =>
|
||||
array (
|
||||
'host' => '/var/run/redis/redis-server.sock',
|
||||
'port' => 0,
|
||||
'timeout' => 0.0,
|
||||
),
|
||||
'quota_include_external_storage' => false,
|
||||
'share_folder' => '/Shares',
|
||||
'skeletondirectory' => '',
|
||||
'theme' => '',
|
||||
'trashbin_retention_obligation' => 'auto, 7',
|
||||
'updater.release.channel' => 'stable',
|
||||
);
|
|
@ -0,0 +1,50 @@
|
|||
cp /etc/php/7.3/fpm/pool.d/www.conf /etc/php/7.3/fpm/pool.d/www.conf.bak
|
||||
cp /etc/php/7.3/cli/php.ini /etc/php/7.3/cli/php.ini.bak
|
||||
cp /etc/php/7.3/fpm/php.ini /etc/php/7.3/fpm/php.ini.bak
|
||||
cp /etc/php/7.3/fpm/php-fpm.conf /etc/php/7.3/fpm/php-fpm.conf.bak
|
||||
sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/7.3/fpm/pool.d/www.conf
|
||||
sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/7.3/fpm/pool.d/www.conf
|
||||
sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/7.3/fpm/pool.d/www.conf
|
||||
sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/7.3/fpm/pool.d/www.conf
|
||||
sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/7.3/fpm/pool.d/www.conf
|
||||
sed -i "s/pm.max_children = .*/pm.max_children = 240/" /etc/php/7.3/fpm/pool.d/www.conf
|
||||
sed -i "s/pm.start_servers = .*/pm.start_servers = 20/" /etc/php/7.3/fpm/pool.d/www.conf
|
||||
sed -i "s/pm.min_spare_servers = .*/pm.min_spare_servers = 10/" /etc/php/7.3/fpm/pool.d/www.conf
|
||||
sed -i "s/pm.max_spare_servers = .*/pm.max_spare_servers = 20/" /etc/php/7.3/fpm/pool.d/www.conf
|
||||
sed -i "s/;pm.max_requests = 500/pm.max_requests = 500/" /etc/php/7.3/fpm/pool.d/www.conf
|
||||
sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/7.3/cli/php.ini
|
||||
sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/7.3/cli/php.ini
|
||||
sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/7.3/cli/php.ini
|
||||
sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/7.3/cli/php.ini
|
||||
sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/7.3/cli/php.ini
|
||||
sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/7.3/cli/php.ini
|
||||
sed -i "s/;date.timezone.*/date.timezone = Europe\/\Paris/" /etc/php/7.3/cli/php.ini
|
||||
## sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/7.3/cli/php.ini # Bug if not using ssl
|
||||
sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.3/fpm/php.ini
|
||||
sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/7.3/fpm/php.ini
|
||||
sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/7.3/fpm/php.ini
|
||||
sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/7.3/fpm/php.ini
|
||||
sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/7.3/fpm/php.ini
|
||||
sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/7.3/fpm/php.ini
|
||||
sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/7.3/fpm/php.ini
|
||||
sed -i "s/;date.timezone.*/date.timezone = Europe\/\Paris/" /etc/php/7.3/fpm/php.ini
|
||||
## sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/7.3/fpm/php.ini # Bug if not using ssl
|
||||
sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/7.3/fpm/php.ini
|
||||
sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/7.3/fpm/php.ini
|
||||
sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/7.3/fpm/php.ini
|
||||
sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/7.3/fpm/php.ini
|
||||
sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/7.3/fpm/php.ini
|
||||
sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/7.3/fpm/php.ini
|
||||
sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/7.3/fpm/php.ini
|
||||
sed -i "s/;emergency_restart_threshold =.*/emergency_restart_threshold = 10/" /etc/php/7.3/fpm/php-fpm.conf
|
||||
sed -i "s/;emergency_restart_interval =.*/emergency_restart_interval = 1m/" /etc/php/7.3/fpm/php-fpm.conf
|
||||
sed -i "s/;process_control_timeout =.*/process_control_timeout = 10s/" /etc/php/7.3/fpm/php-fpm.conf
|
||||
sed -i "s/09,39.*/# &/" /etc/cron.d/php
|
||||
(crontab -l ; echo "09,39 * * * * /usr/lib/php/sessionclean 2>&1") | crontab -u root -
|
||||
cp /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xml.bak
|
||||
sed -i "s/rights\=\"none\" pattern\=\"PS\"/rights\=\"read\|write\" pattern\=\"PS\"/" /etc/ImageMagick-6/policy.xml
|
||||
sed -i "s/rights\=\"none\" pattern\=\"EPI\"/rights\=\"read\|write\" pattern\=\"EPI\"/" /etc/ImageMagick-6/policy.xml
|
||||
sed -i "s/rights\=\"none\" pattern\=\"PDF\"/rights\=\"read\|write\" pattern\=\"PDF\"/" /etc/ImageMagick-6/policy.xml
|
||||
sed -i "s/rights\=\"none\" pattern\=\"XPS\"/rights\=\"read\|write\" pattern\=\"XPS\"/" /etc/ImageMagick-6/policy.xml
|
||||
|
||||
service php7.3-fpm restart && service nginx restart
|
|
@ -0,0 +1,79 @@
|
|||
[client]
|
||||
default-character-set = utf8mb4
|
||||
port = 3306
|
||||
socket = /var/run/mysqld/mysqld.sock
|
||||
|
||||
[mysqld_safe]
|
||||
log_error=/var/log/mysql/mysql_error.log
|
||||
nice = 0
|
||||
socket = /var/run/mysqld/mysqld.sock
|
||||
|
||||
[mysqld]
|
||||
basedir = /usr
|
||||
bind-address = 127.0.0.1
|
||||
binlog_format = ROW
|
||||
bulk_insert_buffer_size = 16M
|
||||
character-set-server = utf8mb4
|
||||
collation-server = utf8mb4_general_ci
|
||||
concurrent_insert = 2
|
||||
connect_timeout = 5
|
||||
datadir = /var/lib/mysql
|
||||
default_storage_engine = InnoDB
|
||||
expire_logs_days = 10
|
||||
general_log_file = /var/log/mysql/mysql.log
|
||||
general_log = 0
|
||||
innodb_buffer_pool_size = 1024M
|
||||
innodb_buffer_pool_instances = 1
|
||||
innodb_flush_log_at_trx_commit = 2
|
||||
innodb_log_buffer_size = 32M
|
||||
innodb_max_dirty_pages_pct = 90
|
||||
innodb_large_prefix = on
|
||||
innodb_file_format = barracuda
|
||||
innodb_file_per_table = 1
|
||||
innodb_open_files = 400
|
||||
innodb_io_capacity = 4000
|
||||
innodb_flush_method = O_DIRECT
|
||||
key_buffer_size = 128M
|
||||
lc_messages_dir = /usr/share/mysql
|
||||
lc_messages = en_US
|
||||
log_bin = /var/log/mysql/mariadb-bin
|
||||
log_bin_index = /var/log/mysql/mariadb-bin.index
|
||||
log_error=/var/log/mysql/mysql_error.log
|
||||
log_slow_verbosity = query_plan
|
||||
log_warnings = 2
|
||||
long_query_time = 1
|
||||
max_allowed_packet = 16M
|
||||
max_binlog_size = 100M
|
||||
max_connections = 200
|
||||
max_heap_table_size = 64M
|
||||
myisam_recover_options = BACKUP
|
||||
myisam_sort_buffer_size = 512M
|
||||
port = 3306
|
||||
pid-file = /var/run/mysqld/mysqld.pid
|
||||
query_cache_limit = 2M
|
||||
query_cache_size = 64M
|
||||
query_cache_type = 1
|
||||
query_cache_min_res_unit = 2k
|
||||
read_buffer_size = 2M
|
||||
read_rnd_buffer_size = 1M
|
||||
skip-external-locking
|
||||
skip-name-resolve
|
||||
slow_query_log_file = /var/log/mysql/mariadb-slow.log
|
||||
slow-query-log = 1
|
||||
socket = /var/run/mysqld/mysqld.sock
|
||||
sort_buffer_size = 4M
|
||||
table_open_cache = 400
|
||||
thread_cache_size = 128
|
||||
tmp_table_size = 64M
|
||||
tmpdir = /tmp
|
||||
transaction_isolation = READ-COMMITTED
|
||||
user = mysql
|
||||
wait_timeout = 600
|
||||
|
||||
[mysqldump]
|
||||
max_allowed_packet = 16M
|
||||
quick
|
||||
quote-names
|
||||
|
||||
[isamchk]
|
||||
key_buffer = 16M
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
redis-cli -s /var/run/redis/redis-server.sock <<EOF
|
||||
FLUSHALL
|
||||
quit
|
||||
EOF
|
||||
sudo -u www-data php /var/www/nextcloud/occ files:scan --all
|
||||
sudo -u www-data php /var/www/nextcloud/occ files:scan-app-data
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,149 @@
|
|||
upstream php-handler {
|
||||
server unix:/var/run/php/php7.3-fpm.sock;
|
||||
}
|
||||
|
||||
server {
|
||||
listen NC_PORT;
|
||||
listen 443;
|
||||
listen [::]:443 ssl;
|
||||
server_name NC_DOMAIN;
|
||||
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
set_real_ip_from 192.168.9.1;
|
||||
set_real_ip_from 192.168.9.6;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/nextcloud/;
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# The following 2 rules are only needed for the user_webfinger app.
|
||||
# Uncomment it if you're planning to use this app.
|
||||
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
||||
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
|
||||
# last;
|
||||
|
||||
location = /.well-known/carddav {
|
||||
return 301 https://$host/remote.php/dav;
|
||||
}
|
||||
location = /.well-known/caldav {
|
||||
return 301 https://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
# set max upload size
|
||||
client_max_body_size 512M;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Uncomment if your server is build with the ngx_pagespeed module
|
||||
# This module is currently not supported.
|
||||
#pagespeed off;
|
||||
|
||||
location / {
|
||||
rewrite ^ /index.php;
|
||||
}
|
||||
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
deny all;
|
||||
}
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
|
||||
try_files $fastcgi_script_name =404;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
# Avoid sending the security headers twice
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
# Enable pretty urls
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
# Adding the cache control header for js and css files
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|woff2?|svg|gif)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
add_header Cache-Control "public, max-age=15778463";
|
||||
# Add headers to serve security related headers (It is intended to
|
||||
# have those duplicated to the ones above)
|
||||
# Before enabling Strict-Transport-Security headers please read into
|
||||
# this topic first.
|
||||
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
# Optional: Don't log access to other assets
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ^~ /apps/rainloop/app/data {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ \.(?:flv|mp4|mov|m4a)$ {
|
||||
# mp4;
|
||||
# mp4_buffer_size 100M;
|
||||
# mp4_max_buffer_size 1024M;
|
||||
fastcgi_split_path_info ^(.+?.php)(\/.*|)$;
|
||||
include fastcgi_params;
|
||||
include php_optimization.conf;
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_param HTTPS on;
|
||||
}
|
||||
|
||||
location ~ ^\/nextcloud/(?:updater|oc[ms]-provider)(?:$|\/) {
|
||||
try_files $uri/ =404;
|
||||
index index.php;
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,6 @@
|
|||
#/bin/bash
|
||||
|
||||
sudo -u www-data php /var/www/nextcloud/occ $@
|
||||
|
||||
exit 0
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
fastcgi_hide_header X-Powered-By;
|
||||
fastcgi_read_timeout 3600;
|
||||
fastcgi_send_timeout 3600;
|
||||
fastcgi_connect_timeout 3600;
|
||||
fastcgi_buffers 64 64K;
|
||||
fastcgi_buffer_size 256k;
|
||||
fastcgi_busy_buffers_size 3840K;
|
||||
fastcgi_cache_key $http_cookie$request_method$host$request_uri;
|
||||
fastcgi_cache_use_stale error timeout invalid_header http_500;
|
||||
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
gzip_disable "MSIE [1-6]\.";
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/bash
|
||||
find /var/www/ -type f -print0 | xargs -0 chmod 0640
|
||||
find /var/www/ -type d -print0 | xargs -0 chmod 0750
|
||||
chown -R www-data:www-data /var/www/
|
||||
chown -R www-data:www-data /var/nextcloud/
|
||||
chmod 0644 /var/www/nextcloud/.htaccess
|
||||
chmod 0644 /var/www/nextcloud/.user.ini
|
||||
exit 0
|
|
@ -0,0 +1,9 @@
|
|||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param modHeadersAvailable true;
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
fastcgi_cache_valid 404 1m;
|
||||
fastcgi_cache_valid any 1h;
|
||||
fastcgi_cache_methods GET HEAD;
|
|
@ -0,0 +1,16 @@
|
|||
ssl_session_timeout 4h;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CBC-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
add_header Strict-Transport-Security max-age=15768000;
|
||||
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
resolver 8.8.8.8 8.8.4.4 valid=86400;
|
||||
resolver_timeout 10;
|
||||
|
||||
ssl_session_tickets on;
|
|
@ -0,0 +1,26 @@
|
|||
#!/bin/bash
|
||||
|
||||
log="/var/log/ssl_renew.log"
|
||||
date=$(date +%d-%m-%Y)
|
||||
|
||||
renew=$(certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start")
|
||||
|
||||
echo "####################################################################################" >> $log
|
||||
echo "#################################### $date ####################################" >> $log
|
||||
echo "####################################################################################" >> $log
|
||||
|
||||
echo "$renew" >> $log
|
||||
|
||||
if [[ $renew = *"No hooks were run"* ]]; then
|
||||
echo "Rien n'a été fait" >> $log
|
||||
else
|
||||
sleep 5
|
||||
/etc/init.d/nginx stop
|
||||
sleep 1
|
||||
killall nginx
|
||||
sleep 3
|
||||
/etc/init.d/nginx restart &>> $log
|
||||
echo "Des certificats ont été renouvellés" >> $log
|
||||
fi
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,15 @@
|
|||
#!/bin/bash
|
||||
|
||||
/usr/sbin/service nginx stop
|
||||
sudo -u www-data php /var/www/nextcloud/updater/updater.phar
|
||||
sudo -u www-data php /var/www/nextcloud/occ status
|
||||
sudo -u www-data php /var/www/nextcloud/occ -V
|
||||
sudo -u www-data php /var/www/nextcloud/occ db:add-missing-indices
|
||||
sudo -u www-data php /var/www/nextcloud/occ db:convert-filecache-bigint
|
||||
sudo -u www-data sed -i "s/output_buffering=.*/output_buffering=O/" /var/www/nextcloud/.user.ini
|
||||
sudo -u www-data php /var/www/nextcloud/occ update:check
|
||||
sudo -u www-data php /var/www/nextcloud/occ app:update --all
|
||||
/usr/sbin/service php7.3-fpm restart
|
||||
/usr/sbin/service nginx restart
|
||||
|
||||
exit 0
|
Loading…
Reference in New Issue