├── nextcloud-debian-ins.sh ├── MOTD-EL ├── 15-name.sh ├── 60-admin.sh ├── 10-banner.sh ├── 55-docker.sh ├── 50-fail2ban.sh ├── 40-services.sh ├── 35-diskspace.sh ├── 20-sysinfo.sh ├── README.md └── motd-el.sh ├── ISPConfig ├── BackupMXServer │ ├── mail-maps-mx.sh │ ├── pf-dh.sh │ ├── mail-maps-mx.php │ ├── main-mx.cf │ └── README.md └── README.md ├── README.md ├── crtchk.sh ├── uisp-el.sh ├── centos-lamp.sh ├── make-kiosk.sh ├── make-kodi.sh └── nextcloud-ins.sh /nextcloud-debian-ins.sh: -------------------------------------------------------------------------------- 1 | MOVED TO https://github.com/nicrame/Linux-Scripts/blob/master/nextcloud-ins.sh 2 | -------------------------------------------------------------------------------- /MOTD-EL/15-name.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "Z$(ps o comm="" -p $(ps o ppid="" -p $$))" == "Zcron" -o \ 4 | "Z$(ps o comm="" -p $(ps o ppid="" -p $(ps o ppid="" -p $$)))" == "Zcron" ] 5 | then 6 | : 7 | else 8 | /usr/bin/env figlet "$(hostname)" | /usr/bin/env lolcat -f 9 | fi -------------------------------------------------------------------------------- /MOTD-EL/60-admin.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "Z$(ps o comm="" -p $(ps o ppid="" -p $$))" == "Zcron" -o \ 4 | "Z$(ps o comm="" -p $(ps o ppid="" -p $(ps o ppid="" -p $$)))" == "Zcron" ] 5 | then 6 | : 7 | else 8 | system=$(hostname) 9 | echo " 10 | SysOP: root@$system 11 | " | lolcat -f 12 | unset LC_ALL 13 | fi -------------------------------------------------------------------------------- /ISPConfig/BackupMXServer/mail-maps-mx.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Made for ISPConfig 3 v1.0 - 2019 4 | # 5 | 6 | cd /opt 7 | mkdir -p /opt/postfixmaps 8 | mkdir -p /opt/postfixmaps/maps 9 | php /opt/postfixmaps/mail-maps-mx.php 10 | 11 | # SCP files transfer 12 | scp -C /opt/postfixmaps/maps/* postfixmaps@backupmx.mydomain.com:/home/postfixmaps/maps/ 13 | -------------------------------------------------------------------------------- /MOTD-EL/10-banner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "Z$(ps o comm="" -p $(ps o ppid="" -p $$))" == "Zcron" -o \ 4 | "Z$(ps o comm="" -p $(ps o ppid="" -p $(ps o ppid="" -p $$)))" == "Zcron" ] 5 | then 6 | : 7 | else 8 | export LC_ALL=C 9 | user="$(whoami)" 10 | echo "- -- -- ------ Audaces Fortuna Iuvat ------ -- -- -" | lolcat -f 11 | echo -e "Welcome \e[38;5;214m$user \e[39;0mat:" 12 | fi -------------------------------------------------------------------------------- /ISPConfig/BackupMXServer/pf-dh.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd /etc/postfix 4 | openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem 5 | openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem 6 | openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem 7 | chmod 644 dh512.pem dh1024.pem dh2048.pem 8 | cp /home/postfixmaps/maps/* /etc/postfix/ 9 | systemctl restart postfix 10 | -------------------------------------------------------------------------------- /ISPConfig/README.md: -------------------------------------------------------------------------------- 1 | # ISPCOnfig 3 Scripts 2 | Those are scripts that i made for ISPConfig 3. 3 | 4 | Try to look inside script .sh file before use, there are some things to setup or configure that may interests you. 5 | 6 | License: 7 | 1. You use it at your own risk. Author is not responsible for any damage made with that scripts. 8 | 2. Any changes of scripts must be shared with author with authorization to implement them and share. 9 | 10 | Feel free to contact me: marcin@marcinwilk.eu 11 | https://www.marcinwilk.eu/ 12 | Marcin Wilk 13 | -------------------------------------------------------------------------------- /MOTD-EL/55-docker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "Z$(ps o comm="" -p $(ps o ppid="" -p $$))" == "Zcron" -o \ 4 | "Z$(ps o comm="" -p $(ps o ppid="" -p $(ps o ppid="" -p $$)))" == "Zcron" ] 5 | then 6 | : 7 | else 8 | if [ -e /usr/bin/docker ] 9 | then 10 | if [ -r /var/run/docker.sock ] 11 | then 12 | # set column width 13 | COLUMNS=2 14 | # colors 15 | green="\e[1;32m" 16 | red="\e[1;31m" 17 | undim="\e[0m" 18 | 19 | mapfile -t containers < <(docker ps -a --format '{{.Names}}\t{{.Status}}' | sort -k1 | awk '{ print $1,$2 }') 20 | 21 | out="" 22 | for i in "${!containers[@]}"; do 23 | IFS=" " read name status <<< ${containers[i]} 24 | # color green if service is active, else red 25 | if [[ "${status}" == "Up" ]]; then 26 | out+="${name}:,${green}${status,,}${undim}," 27 | else 28 | out+="${name}:,${red}${status,,}${undim}," 29 | fi 30 | # insert \n every $COLUMNS column 31 | if [ $((($i+1) % $COLUMNS)) -eq 0 ]; then 32 | out+="\n" 33 | fi 34 | done 35 | out+="\n" 36 | 37 | printf "\ndocker status:\n" 38 | printf "$out" | column -ts $',' | sed -e 's/^/ /' 39 | fi 40 | fi 41 | fi -------------------------------------------------------------------------------- /MOTD-EL/50-fail2ban.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "Z$(ps o comm="" -p $(ps o ppid="" -p $$))" == "Zcron" -o \ 4 | "Z$(ps o comm="" -p $(ps o ppid="" -p $(ps o ppid="" -p $$)))" == "Zcron" ] 5 | then 6 | : 7 | else 8 | if [ -e /var/log/fail2ban.log ] 9 | then 10 | if [ -r /var/log/fail2ban.log ] 11 | then 12 | logfile='/var/log/fail2ban.log*' 13 | mapfile -t lines < <(grep -hioP '(\[[a-z-]+\]) ?(?:restore)? (ban|unban)' $logfile | sort | uniq -c) 14 | jails=($(printf -- '%s\n' "${lines[@]}" | grep -oP '\[\K[^\]]+' | sort | uniq)) 15 | 16 | out="" 17 | for jail in ${jails[@]}; do 18 | bans=$(printf -- '%s\n' "${lines[@]}" | grep -iP "[[:digit:]]+ \[$jail\] ban" | awk '{print $1}') 19 | restores=$(printf -- '%s\n' "${lines[@]}" | grep -iP "[[:digit:]]+ \[$jail\] restore ban" | awk '{print $1}') 20 | unbans=$(printf -- '%s\n' "${lines[@]}" | grep -iP "[[:digit:]]+ \[$jail\] unban" | awk '{print $1}') 21 | bans=${bans:-0} # default value 22 | restores=${restores:-0} # default value 23 | unbans=${unbans:-0} # default value 24 | bans=$(($bans+$restores)) 25 | diff=$(($bans-$unbans)) 26 | out+=$(printf "$jail, %+3s bans, %+3s unbans, %+3s active" $bans $unbans $diff)"\n" 27 | done 28 | 29 | printf "\nfail2ban status (monthly):\n" 30 | printf "$out" | column -ts $',' | sed -e 's/^/ /' 31 | fi 32 | fi 33 | fi -------------------------------------------------------------------------------- /MOTD-EL/40-services.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "Z$(ps o comm="" -p $(ps o ppid="" -p $$))" == "Zcron" -o \ 4 | "Z$(ps o comm="" -p $(ps o ppid="" -p $(ps o ppid="" -p $$)))" == "Zcron" ] 5 | then 6 | : 7 | else 8 | # set column width 9 | COLUMNS=3 10 | # colors 11 | green="\e[1;32m" 12 | red="\e[1;31m" 13 | undim="\e[0m" 14 | 15 | services=("nginx" "httpd" "mariadb" "php74-php-fpm" "php80-php-fpm" "php-fpm" "named" "sshd" "smb" "nmb" "smartd" "postfix" "dovecot" "fail2ban" "pure-ftpd" "urbackup-server" "urbackupclientbackend" "docker") 16 | # sort services 17 | IFS=$'\n' services=($(sort <<<"${services[*]}")) 18 | unset IFS 19 | 20 | service_status=() 21 | # get status of all services 22 | for service in "${services[@]}"; do 23 | service_status+=($(systemctl is-active "$service")) 24 | done 25 | 26 | out="" 27 | for i in ${!services[@]}; do 28 | # color green if service is active, else red 29 | if [[ "${service_status[$i]}" == "active" ]]; then 30 | out+="${services[$i]}:,${green}${service_status[$i]}${undim}," 31 | else 32 | out+="${services[$i]}:,${red}${service_status[$i]}${undim}," 33 | fi 34 | # insert \n every $COLUMNS column 35 | if [ $((($i+1) % $COLUMNS)) -eq 0 ]; then 36 | out+="\n" 37 | fi 38 | done 39 | out+="\n" 40 | 41 | printf "\nservices:\n" 42 | printf "$out" | column -ts $',' | sed -e 's/^/ /' 43 | fi -------------------------------------------------------------------------------- /MOTD-EL/35-diskspace.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "Z$(ps o comm="" -p $(ps o ppid="" -p $$))" == "Zcron" -o \ 4 | "Z$(ps o comm="" -p $(ps o ppid="" -p $(ps o ppid="" -p $$)))" == "Zcron" ] 5 | then 6 | : 7 | else 8 | # config 9 | max_usage=90 10 | bar_width=50 11 | # colors 12 | white="\e[39m" 13 | green="\e[1;32m" 14 | red="\e[1;31m" 15 | dim="\e[2m" 16 | undim="\e[0m" 17 | 18 | # disk usage: ignore zfs, squashfs & tmpfs 19 | mapfile -t dfs < <(df -H -x zfs -x squashfs -x tmpfs -x devtmpfs -x overlay --output=target,pcent,used,size,avail | tail -n+2) 20 | printf "\ndisk usage:\n" 21 | 22 | for line in "${dfs[@]}"; do 23 | # get disk usage 24 | usage=$(echo "$line" | awk '{print $2}' | sed 's/%//') 25 | used_width=$((($usage*$bar_width)/100)) 26 | # color is green if usage < max_usage, else red 27 | if [ "${usage}" -ge "${max_usage}" ]; then 28 | color=$red 29 | else 30 | color=$green 31 | fi 32 | # print green/red bar until used_width 33 | bar="[${color}" 34 | for ((i=0; i<$used_width; i++)); do 35 | bar+="=" 36 | done 37 | # print dimmmed bar until end 38 | bar+="${white}${dim}" 39 | for ((i=$used_width; i<$bar_width; i++)); do 40 | bar+="=" 41 | done 42 | bar+="${undim}]" 43 | # print usage line & bar 44 | echo "${line}" | awk '{ printf("%-16s%+3s/%+4s used out of %+4s(%+4s free) \n", $1, $2, $3, $4, $5); }' | sed -e 's/^/ /' 45 | echo -e "${bar}" | sed -e 's/^/ /' 46 | done 47 | fi -------------------------------------------------------------------------------- /ISPConfig/BackupMXServer/mail-maps-mx.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /MOTD-EL/20-sysinfo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "Z$(ps o comm="" -p $(ps o ppid="" -p $$))" == "Zcron" -o \ 4 | "Z$(ps o comm="" -p $(ps o ppid="" -p $(ps o ppid="" -p $$)))" == "Zcron" ] 5 | then 6 | : 7 | else 8 | PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 9 | # get load averages 10 | IFS=" " read LOAD1 LOAD5 LOAD15 <<<$(cat /proc/loadavg | awk '{ print $1,$2,$3 }') 11 | # get free memory 12 | IFS=" " read USED AVAIL TOTAL <<<$(free -htm | grep "Mem" | awk {'print $3,$7,$2'}) 13 | # get processes 14 | PROCESS=`ps -eo user=|sort|uniq -c | awk '{ print $2 " " $1 }'` 15 | PROCESS_ALL=`echo "$PROCESS"| awk {'print $2'} | awk '{ SUM += $1} END { print SUM }'` 16 | PROCESS_ROOT=`echo "$PROCESS"| grep root | awk {'print $2'}` 17 | PROCESS_USER=`echo "$PROCESS"| grep -v root | awk {'print $2'} | awk '{ SUM += $1} END { print SUM }'` 18 | # get processors 19 | PROCESSOR_NAME=`grep "model name" /proc/cpuinfo | cut -d ' ' -f3- | awk {'print $0'} | head -1` 20 | PROCESSOR_COUNT=`grep -ioP 'processor\t:' /proc/cpuinfo | wc -l` 21 | 22 | W="\e[0;39m" 23 | G="\e[1;32m" 24 | Y="\e[38;5;214m" 25 | ipext=$(curl -s https://ipecho.net/plain) 26 | netdev=$(/usr/sbin/ip -o link show | awk -F': ' '{print $2" "}' | tr -d '\n') 27 | 28 | echo -e " 29 | ${W}system info: 30 | $W Distro......: $Y`cat /etc/*release | grep "PRETTY_NAME" | cut -d "=" -f 2- | sed 's/"//g'` 31 | $W Kernel......: $W`uname -sr` 32 | 33 | $W Uptime......: $W`uptime -p` 34 | $W Load........: $G$LOAD1$W (1m), $G$LOAD5$W (5m), $G$LOAD15$W (15m) 35 | $W Processes...:$W $G$PROCESS_ROOT$W (root), $G$PROCESS_USER$W (user), $G$PROCESS_ALL$W (total) 36 | 37 | $W CPU.........: $W$PROCESSOR_NAME ($G$PROCESSOR_COUNT$W vCPU) 38 | $W Memory......: $G$USED$W used, $G$AVAIL$W avail, $G$TOTAL$W total$W 39 | 40 | $W Local IP....: $W`hostname -I` 41 | $W External IP.: $W$ipext 42 | $W Net devices.: $W$netdev" 43 | fi 44 | -------------------------------------------------------------------------------- /ISPConfig/BackupMXServer/main-mx.cf: -------------------------------------------------------------------------------- 1 | 2 | mydestination = $myhostname, localhost 3 | smtpd_banner = $myhostname ESMTP Backup MX Server 4 | alias_maps = 5 | relay_domains = hash:/etc/postfix/relay_domains 6 | relay_recipient_maps = hash:/etc/postfix/relay_recipients 7 | queue_run_delay = 200s 8 | maximal_queue_lifetime = 30d 9 | 10 | smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, 11 | reject_non_fqdn_hostname, 12 | reject_non_fqdn_sender, 13 | reject_non_fqdn_recipient, 14 | reject_unauth_destination, 15 | reject_unauth_pipelining, 16 | reject_invalid_hostname, 17 | reject_unknown_recipient_domain, 18 | check_policy_service unix:private/policyd-spf, 19 | check_policy_service inet:127.0.0.1:10023, 20 | reject_rbl_client spam.spamrats.com, 21 | reject_rbl_client b.barracudacentral.org, 22 | reject_rbl_client cbl.abuseat.org, 23 | reject_rbl_client bl.spameatingmonkey.net, 24 | reject_rbl_client all.s5h.net 25 | 26 | smtpd_helo_required = yes 27 | disable_vrfy_command = yes 28 | smtpd_data_restrictions = 29 | reject_unauth_pipelining, 30 | permit 31 | 32 | smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4 33 | smtp_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4 34 | smtpd_delay_reject = yes 35 | strict_rfc821_envelopes = yes 36 | 37 | smtpd_use_tls = yes 38 | smtpd_tls_security_level = may 39 | smtpd_tls_cert_file = /etc/postfix/smtpd.cert 40 | smtpd_tls_key_file = /etc/postfix/smtpd.key 41 | 42 | smtp_tls_security_level = may 43 | smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 44 | smtpd_tls_protocols = !SSLv2,!SSLv3 45 | smtp_tls_protocols = !SSLv2,!SSLv3 46 | smtpd_tls_exclude_ciphers = RC4, aNULL 47 | smtp_tls_exclude_ciphers = RC4, aNULL 48 | smtpd_tls_CAfile = /etc/letsencrypt/live/$mydomain/fullchain.pem 49 | smtp_tls_CAfile = $smtpd_tls_CAfile 50 | 51 | # Perfect forwatd secrecy Prime Field Groups EDH 52 | smtpd_tls_dh2048_param_file = ${config_directory}/dh2048.pem 53 | smtpd_tls_dh1024_param_file = ${config_directory}/dh1024.pem 54 | smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem 55 | smtpd_tls_eecdh_grade = strong 56 | tls_eecdh_strong_curve = prime256v1 57 | tls_eecdh_ultra_curve = secp384r1 58 | smtpd_tls_loglevel = 1 59 | smtp_tls_loglevel = 1 60 | -------------------------------------------------------------------------------- /MOTD-EL/README.md: -------------------------------------------------------------------------------- 1 | #### MOTD for EL 2 | 3 | This will install colorful and nice motd (message of the day) with some system informations. 4 | MOTD is generated with scripts, that will be extracted to /etc/profile.d 5 | where you may modify them to suite your needs. 6 | fail2ban and docker stats will not be shown if user do not have correct permissions for that. 7 | Here is the main install script motd-el.sh - and the source files .sh used to create it. 8 | 9 | ![motd-el](https://user-images.githubusercontent.com/5872054/111041700-d7980a80-8439-11eb-850a-f8c99ef0d6e4.png) 10 | 11 | To install use this command: 12 | > sudo sh -c "wget -q https://raw.githubusercontent.com/nicrame/Linux-Scripts/master/MOTD-EL/motd-el.sh && chmod +x motd-el.sh && ./motd-el.sh" 13 | 14 | You may also add system administrator email address as argument, like that: 15 | > sudo sh -c "wget -q https://raw.githubusercontent.com/nicrame/Linux-Scripts/master/MOTD-EL/motd-el.sh && chmod +x motd-el.sh && ./motd-el.sh admin@email" 16 | 17 | Most of the work is done using scripts published here: https://github.com/yboetz/motd 18 | 19 | More info: 20 | [PL/ENG] https://www.marcinwilk.eu/projects/motd-dla-el/ 21 | 22 | Feel free to contact me: marcin@marcinwilk.eu 23 | www.marcinwilk.eu 24 | Marcin Wilk 25 | 26 | License: 27 | 1. You use it at your own risk. Author is not responsible for any damage made with that script. 28 | 2. Feel free to share and modify this as you like. 29 | 30 | Tested on: CentOS 7/8, RHEL 8, Fedora 33, RockyLinux 8, Debian 11 31 | Changelog: 32 | v 1.6 - 30.08.2022 33 | Detecting if running from cron job, and then skip any operation (so it will not mess cron logs). 34 | Download script files from GitHub instead of extracting from script file. 35 | v 1.5 - 08.06.2022 36 | Add Debian 11 support. 37 | Ingore user locale settings that may broke output. 38 | v 1.4 - 15.03.2021 39 | Add full file path for last command so it will work when sudo is used. 40 | Fix for correct EPEL repo installing on EL7. 41 | v 1.3 - 13.03.2021 42 | Add monthly stats of fail2ban script. 43 | Add docker containers list script. 44 | Changed some colors to work better on white background. 45 | Show more information while processing installer and system operator argument support. 46 | v 1.2 - 13.03.2021 47 | Little fixes. 48 | v 1.1 - 12.03.2021 49 | First release, tested on CentOS 7. 50 | v 1.0 - 11.03.2021 51 | Play at home, tested on RHEL 8 and CentOS 8. 52 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Linux-Scripts 2 | This is place for scripts that i made to help in installation or configuration of software on GNU/Linux (usually CentOS or Scientific Linux). Most of them are made because there was lack of some solution over the Internet. 3 | 4 | Try to look inside script .sh file before use, there are some things to setup or configure that may interests you. 5 | 6 | License: 7 | 1. You use it at your own risk. Author is not responsible for any damage made with that script. 8 | 2. Any changes of scripts must be shared with author with authorization to implement them and share. 9 | 10 | make-kiosk.sh - Scientific Linux/CentOS (versions 5 to 7) KIOSK generator 11 | It will make Your computer start directly to web browser with preconfigured URL, and will clean web history and settings after reboot. 12 | More info: https://www.marcinwilk.eu/projects/linux-scripts/scientific-linux-and-centos-kiosk/ 13 | 14 | crtchk.sh - Pure-FTPd + Let’s Encrypt 15 | It make Pure-FTPd server to work with certificates signed with Let’s Encrypt. The script compares the currently used Let’s Encrypt certificate with the one used by the FTP server. If it detects changes, the script creates a new file compatible with Pure-FTPd. Script should work in the cron and check certificates periodically. 16 | More info: https://www.marcinwilk.eu/projects/linux-scripts/pure-ftpd-lets-encrypt/ 17 | 18 | make-kodi.sh - HTPC on CentOS 8 Linux with KODI 19 | Script that automates the installation and configuration of CentOS 8 Linux with KODI (formerly XBMC) under HTPC (a computer for media playback). It will make Your computer starts directly to KODI after reboot. It use flatpak package by default, but You may configure it to use sources if you prefer. 20 | More info: https://www.marcinwilk.eu/projects/linux-scripts/htpc-on-centos-8-linux-with-kodi/ 21 | 22 | uisp-el.sh - UISP / UNMS installation script for EL Linux 23 | This takes the appropriate steps to install and run UISP/UNMS in EL Linux (Rocky Linux, CentOS, RHEL). It was prepared for clear OS installation. 24 | More info: https://www.marcinwilk.eu/projects/linux-scripts/unms-install-on-centos-linux/ 25 | 26 | centos-lamp.sh - EL LAMP Script 27 | It will make LAMP enviroment on clean EL8 (RockyLinux, CentOS, RHEL) system by downloading and configuring software and OS. 28 | More info: https://www.marcinwilk.eu/projects/linux-scripts/el-8-lamp/ 29 | 30 | nextcloud-ins.sh - Nextcloud install script (for Debian, EL, Fedora and Ubuntu distros) at x86_64 CPU architecture) 31 | It will update OS, install software packages, and preconfigure everything automagically to run Nextcloud easly. Just run it on fresh Linux install, and it will be ready in minutes. 32 | More info: https://www.marcinwilk.eu/projects/linux-scripts/nextcloud-debian-install/ 33 | 34 | Feel free to contact me: marcin@marcinwilk.eu 35 | https://www.marcinwilk.eu/ 36 | Marcin Wilk 37 | -------------------------------------------------------------------------------- /crtchk.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This is script made for Pure-FTPd compatibility with Let's Encrypt. 4 | # It search for difference between certificate currently used by pure-ftpd 5 | # and Let's Encrypt. If there is one, then it recreate the correct file. 6 | # 7 | ############################################################### 8 | #### Please do not delete crtchk.chk file after first use! #### 9 | ############################################################### 10 | # 11 | # More info: 12 | # [PL] https://www.marcinwilk.eu/pl/projects/pure-ftpd-lets-encrypt/ 13 | # [EMG] https://www.marcinwilk.eu/en/projects/pure-ftpd-lets-encrypt/ 14 | # 15 | # 06.07.2018 16 | # Feel free to contact me: marcin@marcinwilk.eu 17 | # www.marcinwilk.eu 18 | # Marcin Wilk 19 | # 20 | # License: 21 | # 1. You use it at your own risk. Author is not responsible for any damage made with that script. 22 | # 2. Any changes of scripts must be shared with author with authorization to implement them and share. 23 | # 24 | ################################################## 25 | # Configuration lines, please apply your settings. 26 | # 27 | # Certificate used by pure-ftpd (default is /etc/ssl/private/pure-ftpd.pem - path with file). 28 | crt= 29 | # 30 | # Letsencrypt certificate patch (default is /etc/letsencrypt/live/YOURDOMAIN - path only). 31 | lecrt=/etc/letsencrypt/live/YOURDOMAIN 32 | # 33 | # Default directory for keeping chk file. (default is /opt/pure-ftpd-chk - path only) 34 | chkdir=/opt/pure-ftpd-chk 35 | # 36 | # End of configuration. 37 | ################################################## 38 | 39 | echo "--------------------------- -------------- - -----" 40 | echo "Pure-FTPd Letsencrypt certificate creation script." 41 | date 42 | echo "" 43 | echo "You must have Let's Encrypt installed and configured before using this!" 44 | echo "" 45 | 46 | if [ -z "${crt}" ] 47 | then 48 | echo "Configuration is empty, please edit this file before use." 49 | exit 0 50 | fi 51 | 52 | echo "Looks like configuration is ready, let's work!" 53 | 54 | if [ -e $chkdir/crtchk.chk ] 55 | then 56 | echo "Check file has been found. Searching for differences." 57 | if diff $chkdir/crtchk.chk $lecrt/fullchain.pem > /dev/null 58 | then 59 | echo "Files are the same, no work to do now." 60 | exit 0 61 | else 62 | echo "Files are different. Creating new certificate for pure-ftpd." 63 | echo "------------------------------------- -------------- - -----" >> /var/log/pure-ftpd-crt.log 64 | echo "Files are different. Creating new certificate for pure-ftpd." >> /var/log/pure-ftpd-crt.log 65 | date >> /ver/log/pure-ftpd-crt.log 66 | rm $crt 67 | cat $lecrt/privkey.pem $lecrt/fullchain.pem > $crt 68 | rm $chkdir/crtchk.chk 69 | cp -L $lecrt/fullchain.pem $chkdir/crtchk.chk 70 | fi 71 | else 72 | echo "No check file found. Possible first run. Creating one..." 73 | mkdir -p $chkdir 74 | cp -L $lecrt/fullchain.pem $chkdir/crtchk.chk 75 | echo "File has been created. Do not delete it." 76 | echo "" 77 | echo "Creating new certificate for pure-ftpd. If there is certificate file," 78 | echo "it will be renamed into: $crt.old" 79 | if [ -e $crt ] 80 | then 81 | mv $crt $crt.old 82 | else 83 | echo "No file to be renamed." 84 | fi 85 | cat $lecrt/privkey.pem $lecrt/fullchain.pem > $crt 86 | fi 87 | -------------------------------------------------------------------------------- /MOTD-EL/motd-el.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # #### MOTD scripts for EL 4 | # Version 1.6 5 | # Testes on: CentOS 7/8, RHEL 8, Debian 11 6 | # 7 | # This will install colorful and nice motd (message of the day) with some system informations. 8 | # MOTD is generated with scripts, that will be extracted to /etc/profile.d 9 | # where you may modify them to suite your needs. 10 | # You may call this script with administrator email as argument: ./motd-el.sh admin@email.com 11 | # 12 | # Most of the work is done using scripts made and published here: https://github.com/yboetz/motd 13 | # 14 | # More info: 15 | # [PL/ENG] https://www.marcinwilk.eu/en/projects/motd-dla-el/ 16 | # 17 | # Feel free to contact me: marcin@marcinwilk.eu 18 | # www.marcinwilk.eu 19 | # Marcin Wilk 20 | # 21 | # License: 22 | # 1. You use it at your own risk. Author is not responsible for any damage made with that script. 23 | # 2. Feel free to share and modify this as you like. 24 | # 25 | # Changelog: 26 | # v 1.6 - 30.08.2022 27 | # Detecting if running from cron job, and then skip any operation (so it will not mess cron logs). 28 | # Download script files from GitHub instead of extracting from script file. 29 | # Checking if running user is root. 30 | # v 1.5 - 08.06.2022 31 | # Add Debian 11 support. 32 | # Ingore user locale settings that may broke output. 33 | # v 1.4 - 15.03.2021 34 | # Add full file path for last command so it will work when sudo is used. 35 | # Fix for correct EPEL repo installing on EL7. 36 | # v 1.3 - 13.03.2021 37 | # Add monthly stats of fail2ban script. 38 | # Add docker containers list script. 39 | # Changed some colors to work better on white background. 40 | # Show more information while processing installer and system operator argument support. 41 | # v 1.2 - 12.03.2021 42 | # Small fixes. 43 | # v 1.1 - 12.03.2021 44 | # First release, tested on CentOS 7. 45 | # v 1.0 - 11.03.2021 46 | # Play at home, tested on RHEL 8 and CentOS 8. 47 | 48 | user=$( whoami ) 49 | # User name that run the script. No reasons to change it. 50 | # Used only for testing. 51 | 52 | if [ $user != root ] 53 | then 54 | echo "You must be root. Mission aborted!" 55 | echo "You are trying to start this script as: $user" 56 | exit 0 57 | fi 58 | 59 | # Installing packages that are need to make world colorful and nice! 60 | echo -e "\e[38;5;214mMOTD for EL will make world colorful and nice!\e[39;0m" 61 | echo "" 62 | if [ $# -eq 0 ] 63 | then 64 | echo "You may call this script with administrator email as argument: ./motd-el.sh admin@email.com" 65 | fi 66 | echo "Adding colors to the system started!" 67 | echo "Updating system packages. It may take some time, be patient!" 68 | if [ -e /etc/redhat-release ] 69 | then 70 | yum update -y -q 71 | echo "Installing unzip and dnf." 72 | yum -y -q install dnf unzip wget 73 | echo "Enabling EPEL repo." 74 | yum -y -q install epel-release 75 | echo "Installing figlet and ruby packages." 76 | dnf -y -q install figlet ruby 77 | else 78 | echo "No EL detected, trying Debian...." 79 | if [ -e /etc/debian_version ] 80 | then 81 | apt install -y -qq curl lolcat figlet ruby wget unzip > /dev/null 82 | else 83 | echo "Debian is not detected either, exiting..." 84 | exit 0 85 | fi 86 | fi 87 | 88 | if [ -e /etc/redhat-release ] 89 | then 90 | if [ -e /usr/local/bin/lolcat ] 91 | then 92 | echo "Lolcat already installed, skipping..." 93 | else 94 | echo "Installing lolcat from sources." 95 | cd /tmp 96 | wget https://github.com/busyloop/lolcat/archive/master.zip 97 | unzip master.zip 98 | rm -rf master.zip 99 | cd lolcat-master/bin 100 | gem install lolcat 101 | cd /tmp 102 | rm -rf lolcast-master 103 | fi 104 | else 105 | echo "Skipping lolcat compiling from sources (already installed)." 106 | fi 107 | 108 | echo "" 109 | echo "Downloading script files to /etc/prfile.d/." 110 | cd /etc/profile.d/ 111 | wget -q https://github.com/nicrame/Linux-Scripts/raw/master/MOTD-EL/10-banner.sh 112 | wget -q https://github.com/nicrame/Linux-Scripts/raw/master/MOTD-EL/15-name.sh 113 | wget -q https://github.com/nicrame/Linux-Scripts/raw/master/MOTD-EL/20-sysinfo.sh 114 | wget -q https://github.com/nicrame/Linux-Scripts/raw/master/MOTD-EL/35-diskspace.sh 115 | wget -q https://github.com/nicrame/Linux-Scripts/raw/master/MOTD-EL/40-services.sh 116 | wget -q https://github.com/nicrame/Linux-Scripts/raw/master/MOTD-EL/50-fail2ban.sh 117 | wget -q https://github.com/nicrame/Linux-Scripts/raw/master/MOTD-EL/55-docker.sh 118 | wget -q https://github.com/nicrame/Linux-Scripts/raw/master/MOTD-EL/60-admin.sh 119 | 120 | if [ $# -eq 0 ] 121 | then 122 | : 123 | else 124 | sed -i 's/\SysOP: root@$system\b/SysOP: '"$1"'/g' /etc/profile.d/60-admin.sh 125 | fi 126 | 127 | if [ -e /etc/debian_version ] 128 | then 129 | sed -i 's/\blolcat -f\b/\/usr\/games\/lolcat -f/g' /etc/profile.d/10-banner.sh 130 | sed -i 's/\blolcat -f\b/\/usr\/games\/lolcat -f/g' /etc/profile.d/15-name.sh 131 | sed -i 's/\bhttpd\b/apache2/g' /etc/profile.d/40-services.sh 132 | if [ -e /etc/init.d/pure-ftpd-mysql ] 133 | then 134 | sed -i 's/\bpure-ftpd\b/pure-ftpd-mysql/g' /etc/profile.d/40-services.sh 135 | fi 136 | sed -i 's/\bphp80-php-fpm\b/php7.4-fpm/g' /etc/profile.d/40-services.sh 137 | sed -i 's/\bphp74-php-fpm\b/rspamd/g' /etc/profile.d/40-services.sh 138 | sed -i 's/\bphp-fpm\b/postgrey/g' /etc/profile.d/40-services.sh 139 | sed -i 's/\blolcat -f\b/\/usr\/games\/lolcat -f/g' /etc/profile.d/60-admin.sh 140 | fi 141 | 142 | if [ -e /etc/redhat-release ] 143 | then 144 | echo "Everything is ready. Have fun!" | /usr/local/bin/lolcat -f 145 | else 146 | echo "Everything is ready. Have fun!" | /usr/games/lolcat -f 147 | fi 148 | -------------------------------------------------------------------------------- /ISPConfig/BackupMXServer/README.md: -------------------------------------------------------------------------------- 1 | This is simple solution to make backup MX server using postfix. 2 | It will receive user account and domain informations from the primary (main) ISPConfig server. 3 | 4 | In this directory there are script files that will be used. Here is the instruction of how to make things work. 5 | 6 | !!! First are instructions to be made on new server that will work as backup MX !!! 7 | 8 | I'm using fresh install of Debian Linux v12, but for other distributions it will work similar (just use correct tools for apps installing and check files location). 9 | The things that must be alredy preconfigured are: Server connected to Internet with external IP address, domain name configured for that IP, ssh access enabled for users. All commands are made by root account. 10 | 11 | 1 - Use this command for updating and installing needed packages "apt update && apt -y upgrade && apt install -y net-tools cron certbot sudo openssl wget sed" 12 | 2 - Let's create new account that will be used for transfering data, with command "useradd -s /usr/sbin/nologin -m postfixmaps && sudo -u postfixmaps mkdir /home/postfixmaps/maps && sudo -u postfixmaps mkdir /home/postfixmaps/.ssh" 13 | 3 - make sure that command "hostname -f" will show current domain name as server hostname. If domain is backupmx.mydomain.com then "hostname -f" should show it. It it's not, fix Your /etc/hostsname file. 14 | 4 - Install and preconfigure postfix MTA with command: 15 | "echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections && echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && apt install -y postfix mailutils postfix-policyd-spf-python && systemctl stop postfix" 16 | 5 - Generating of certs for our domain name with command: "certbot certonly --standalone --agree-tos -d $(hostname -f)", it will ask You for email address! 17 | 6 - Link certificates for Postfix "ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem /etc/postfix/smtpd.cert && ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem /etc/postfix/smtpd.key" 18 | 7 - Download script files and do some preparing: "wget https://raw.githubusercontent.com/nicrame/Linux-Scripts/refs/heads/master/ISPConfig/BackupMXServer/pf-dh.sh -P /opt/" 19 | "chmod +x /opt/pf-dh.sh && wget https://raw.githubusercontent.com/nicrame/Linux-Scripts/refs/heads/master/ISPConfig/BackupMXServer/main-mx.cf -P /etc/postfix/ && cp main.cf main-org.cf && cat main-mx.cf >> main.cf" 20 | 8 - Make some changes in main/master.cf with commands: "cp /etc/postfix/master.cf /etc/postfix/master-org.cf && sed -i '/maildrop/s/^/#/' /etc/postfix/master.cf && sed -i '/uucp/s/^/#/' /etc/postfix/master.cf" 21 | "wiersze=$(wc -l < /etc/postfix/master.cf) && pozm=$((wiersze - 8 + 1)) && sed -i "${pozm},\$ s/^/#/" /etc/postfix/master.cf" 22 | "echo "policyd-spf unix - n n - 0 spawn" >> /etc/postfix/master.cf" 23 | "echo " user=policyd-spf argv=/usr/bin/policyd-spf" >> /etc/postfix/master.cf" 24 | "sed -i '/POSTGREY_OPTS/s/^/#/' /etc/default/postgrey && echo 'POSTGREY_OPTS="--inet=127.0.0.1:10023 --delay=60"' >> /etc/default/postgrey && systemctl restart postgrey" 25 | "sudo -u postfixmaps touch /home/postfixmaps/.ssh/authorized_keys" 26 | 9 - Edit crontab with "crontab -e", and add this new line "05 04 * * * /opt/pf-dh.sh" 27 | 10 - Change SSH server config: "cp /etc/ssh/sshd_config /etc/ssh/sshd_config-org && sed -i 's|/usr/lib/openssh/sftp-server|internal-sftp|g' /etc/ssh/sshd_config" 28 | "echo "Match User postfixmaps" >> /etc/ssh/sshd_config && echo " ForceCommand internal-sftp" >> /etc/ssh/sshd_config && echo " AllowTcpForwarding no" >> /etc/ssh/sshd_config" 29 | "echo " X11Forwarding no" >> /etc/ssh/sshd_config && echo " PasswordAuthentication no" >> /etc/ssh/sshd_config" 30 | 31 | !!! Now we must prepare our main server, where ISPC is running !!! 32 | 33 | 1 - Login as root, and if You do not have it, generate new SSH keys for files transfer between servers: "ssh-keygen -t rsa -b 4096". 34 | 2 - Copy the contents of the file /root/.ssh/id_rsa.pub on main server, into file /home/postfixmaps/.ssh/authorized_keys on backup MX server. 35 | 3 - Check if that worked by connecting from main server to backup one with command "ssh 'postfixmaps@backupmx.mydomain.com'" It should ask "Are you sure you want to continue connecting" - just hit "y" and enter. 36 | There should be information that "This service allows sftp connections only. Connection to backupmx.mydomain.com closed." 37 | 4 - Edit crontab with "crontab -e" and add this line "00 04 * * * /opt/postfixmaps/mail-maps-mx.sh > /dev/null". 38 | 5 - Download files: "wget https://raw.githubusercontent.com/nicrame/Linux-Scripts/refs/heads/master/ISPConfig/BackupMXServer/mail-maps-mx.sh -P /opt/postfixmaps/ && chmod +x /opt/postfixmaps/mail-maps-mx.sh" 39 | "wget https://raw.githubusercontent.com/nicrame/Linux-Scripts/refs/heads/master/ISPConfig/BackupMXServer/mail-maps-mx.php -P /opt/postfixmaps/ && chmod +x /opt/postfixmaps/mail-maps-mx.sh" 40 | 6 - Edit downloaded file and change domain name in last lite, to the one You are using for Your backup server (from backupmx.mydomain.com to correct one). 41 | 42 | !!! First run - checking is everything working correctly !!! 43 | 44 | 1 - Run on the main server "/opt/postfixmaps/mail-maps-mx.sh". The files should be generated and transfered to secondary server. 45 | 2 - Login on backup server and check if files are there "ls /home/postfixmaps/maps". There should be: relay_domains relay_domains.db relay_recipients relay_recipients.db. 46 | 3 - On the backup server run this command "/opt/pf-dh.sh". Now let's check postfix status with "systemctl status postfix" command. 47 | 48 | And that's all. This method do not use direct database connection that would make things much easier, because long time ago my server didn't have DB ports opened for the Internet. 49 | In today, it would be easier to make some wireguard tunel and use DB server this way instead. But maybe someone will like this complex and unfriendly solution :) 50 | And one more thing - You may try server configuration with that online tool: https://mxtoolbox.com/SuperTool.aspx?action=smtp 51 | 52 | 53 | -------------------------------------------------------------------------------- /uisp-el.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # UISP formerlny known as Ubiquiti Network Management System (UNMS) install script for EL8/9 variants (CentOS, RockyLinux, RHEL). 4 | # It will also start installer on Debian Linux. 5 | # Version 1.4 6 | # 7 | # This script is made to install UISP on EL8 and EL9 (clear minimal OS install) with disabled web servers (like httpd or nginx). 8 | # Also if You got docker installed, it will remove it and install current Docker CE version and composer. 9 | # Please check this file before use, you may unhash some options. 10 | # You use it at your own risk! 11 | # 12 | # More info: 13 | # [PL] https://www.marcinwilk.eu/pl/projects/unms-install-on-centos-8-linux/ 14 | # [EMG] https://www.marcinwilk.eu/en/projects/unms-install-on-centos-8-linux/ 15 | # 16 | # Feel free to contact me: marcin@marcinwilk.eu 17 | # www.marcinwilk.eu 18 | # Marcin Wilk 19 | # 20 | # License: 21 | # 1. You use it at your own risk. Author is not responsible for any damage made with that script. 22 | # 2. Any changes of scripts must be shared with author with authorization to implement them and share. 23 | # 24 | # Changelog: 25 | # v 1.5 - 06.02.2023 26 | # Changed the way ulimits are configured from UISP files, to docker service configuration. It's much more clean now and better for updates of UISP. 27 | # v 1.4 - 05.02.2023 28 | # Found fix for starting up on on EL9 / Stream distributions - rabbit-mq container had too high open files limit (ulimit -n 1073741816). 29 | # Revert SELinux change to not disabled. 30 | # Tested on RockyLinux 9, RockyLinux 8 and CentOS Stream 9. 31 | # v 1.3.2 - 03.02.2023 32 | # Just small tweaks. 33 | # Disabling SELinux on Stream distros. 34 | # Add some more infos. 35 | # v 1.3 - 01.02.2023 36 | # Added support for EL9 37 | # Added fallback for Debian installer if that OS is detected. 38 | # Tested on RockyLinux 9, RHEL 9 and RockyLinux 8. 39 | # Use Docker Compose from repo (so it will autoupdate correctly now with dnf update). 40 | # v 1.2.1 - 05.08.2021 41 | # Use Docker Compose v 1.29.2. 42 | # Tested (and working) on Rocky Linux 8.4. 43 | # v 1.2 - 02.03.2021 44 | # Added --allowerasing flag for installing docker (it resolved problems on test env). This will disable cockpit! 45 | # Firewall rules fixes. 46 | # Tested on CentOS 8.3 and RHEL 8.3. 47 | # v 1.1 - 29.08.2020 48 | # First public release. 49 | # Added yes to not ask when UNMS detect unsupported Linux distro. 50 | # v 1.0 - 28.08.2020 51 | # First version. 52 | 53 | # Disabling SELinux if problems occurs (EL8): 54 | # sudo sed --in-place=.bak 's/^SELINUX\=enforcing/SELINUX\=permissive/g' /etc/selinux/config 55 | 56 | addr=$( hostname -I ) 57 | 58 | export LC_ALL=C 59 | if [ -e /etc/redhat-release ] 60 | then 61 | echo "Reading OS and version:" 62 | cat /etc/redhat-release 63 | else 64 | echo "No EL detected, trying Debian...." 65 | if [ -e /etc/debian_version ] 66 | then 67 | echo "Running official installer procedure for Debian OS..." 68 | curl -fsSL https://uisp.ui.com/v1/install > /tmp/uisp_inst.sh && sudo bash /tmp/uisp_inst.sh --unattended 69 | exit 0 70 | else 71 | echo "Debian is not detected either, exiting..." 72 | exit 0 73 | fi 74 | fi 75 | 76 | el5=$( cat /etc/redhat-release | grep "release 5" ) 77 | el6=$( cat /etc/redhat-release | grep "release 6" ) 78 | el7=$( cat /etc/redhat-release | grep "release 7" ) 79 | el8=$( cat /etc/redhat-release | grep "release 8" ) 80 | el9=$( cat /etc/redhat-release | grep "release 9" ) 81 | str=$( cat /etc/redhat-release | grep "Stream" ) 82 | 83 | if [ -n "$el5" ] || [ -n "$el6" ] || [ -n "$el7" ] 84 | then 85 | echo "Too old EL version. Pleasu upgrade to EL 8 or 9." 86 | echo "Mission aborted!." 87 | exit 0 88 | fi 89 | 90 | #if [ -n "$str" ] 91 | #then 92 | # echo "DISABLING SELinux for Stream edition." 93 | # setenforce 0 94 | # grubby --update-kernel ALL --args selinux=0 95 | #fi 96 | 97 | if [ -n "$el9" ] || [ -n "$el8" ] 98 | then 99 | echo "Updating and installing additional packages. Some may be removed before reinstalling." 100 | # Updating OS, removing current Docker install files and installing needed packages: 101 | sudo dnf update -y --quiet 102 | sudo dnf remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine --quiet 103 | sudo dnf install -y device-mapper device-mapper-persistent-data device-mapper-event device-mapper-libs device-mapper-event-libs lvm2 curl net-tools wget --quiet 104 | 105 | # Installing Docker CE with Composer: 106 | sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo --quiet 107 | sudo dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin --allowerasing --nobest --quiet 108 | sudo systemctl enable --now docker 109 | sudo systemctl enable --now containerd 110 | sudo usermod -aG docker $USER 111 | 112 | # Opening Firewall ports: 113 | # Noticed that are opened, but Ubi do not say to open them: 114 | # sudo firewall-cmd --zone=public --add-port=24224/tcp --permanent 115 | # sudo firewall-cmd --zone=public --add-port=5140/tcp --permanent 116 | 117 | # Ports used only when using Reverse Proxy 118 | # sudo firewall-cmd --zone=public --add-port=8443/tcp --permanent 119 | # sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent 120 | 121 | echo "Configuring firewall." 122 | sudo firewall-cmd --zone=public --add-port=9000/tcp --permanent 123 | sudo firewall-cmd --zone=public --add-port=2055/udp --permanent 124 | sudo firewall-cmd --zone=public --add-port=443/tcp --permanent 125 | sudo firewall-cmd --zone=public --add-port=81/tcp --permanent 126 | sudo firewall-cmd --zone=public --add-port=80/tcp --permanent 127 | sudo firewall-cmd --zone=public --add-port=22/tcp --permanent 128 | sudo firewall-cmd --reload 129 | 130 | if [ -n "$el9" ] 131 | then 132 | echo "Configurind docker service for EL9/Stream distros to work correctly with UISP." 133 | sudo sed -i 's/containerd.sock/& --default-ulimit nofile=1048576:1048576/' /usr/lib/systemd/system/docker.service 134 | sudo systemctl daemon-reload 135 | sudo systemctl restart docker 136 | fi 137 | 138 | # Installing UISP/UNMS: 139 | sudo curl -fsSL https://uisp.ui.com/v1/install > /tmp/uisp_inst.sh && sudo bash /tmp/uisp_inst.sh --unattended 140 | 141 | # Adding Docker netowrk interfaces to trusted zone in firewall: 142 | sudo ip -o link show | awk -F': ' '{if ($2 ~/^br/) {print $2}}' >> brfaces.txt 143 | sudo xargs -I {} -n 1 firewall-cmd --permanent --zone=docker --change-interface={} < brfaces.txt 144 | # sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 4 -i docker0 -j ACCEPT 145 | sudo firewall-cmd --reload 146 | sudo rm -rf brfaces.txt 147 | echo "Waiting for UISP to preconfigure itself, two minutes please." 148 | sleep 121 149 | fi 150 | 151 | echo "Now it is possible to login using this computer hostname/ip in web browser. 152 | But give it few minutes before try, it take time for first run. 153 | Here is Your computer IP to use to connect with UISP: 154 | https://$addr 155 | " 156 | unset LC_ALL 157 | exit 0 158 | -------------------------------------------------------------------------------- /centos-lamp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # LAMP install script for EL (versions 8) 4 | # Version 1.2 for x86_64 5 | # 6 | # More info: 7 | # [PL/ENG] https://www.marcinwilk.eu/projects/skrypt-centos-8-lamp/ 8 | # 9 | # This script use Remi's repo for PHP packages. 10 | # Please support Remi by donations at https://rpms.remirepo.net/ !!!! 11 | # 12 | # Feel free to contact me: marcin@marcinwilk.eu 13 | # www.marcinwilk.eu 14 | # Marcin Wilk 15 | # 16 | # License: 17 | # 1. You use it at your own risk. Author is not responsible for any damage made with that script. 18 | # 2. Any changes of scripts must be shared with author with authorization to implement them and share. 19 | # 20 | # Changelog: 21 | # v 1.2 - 09.06.2021 22 | # Use MariaDB from OS repo as default install source. 23 | # Fixed some PowerTools installer (name has changed in repos). 24 | # Initial Let's Encrypt certbot (SSL) integration. 25 | # Tested on RockyLinux 8! 26 | # Tested on RHEL 8! 27 | # v 1.1 - 17.09.2020 28 | # Show summary. 29 | # Adminer is used as default database web administration panel. 30 | # Add phpdet.php file to check if PHP is working. 31 | # Add vsftpd as FTP server. 32 | # v 1.0 - 14.09.2020 33 | # First version, tested on CentOS 8. 34 | # 35 | # run script with: 36 | # dnf -y install wget ; rm -rf centos-lamp.sh ; wget marcinwilk.eu/centos-lamp.sh ; chmod +x centos-lamp.sh ; ./centos-lamp.sh 37 | 38 | # ############################################### Configuration ############################################################## 39 | # 40 | # You may choose installing Apache(httpd) web server or nginx(nginx). Apache is default. 41 | webserver=httpd 42 | # Replace CentOS default php version with remi(remi), or install it as secondary version(second). Second method is default. 43 | php=second 44 | # Install MariaDB from default OS repo(repodb), or use MariaDB repo(mariadb). OS repo is default. 45 | mariadb=repodb 46 | # ############################################### Configuration ############################################################## 47 | 48 | user=$(whoami) 49 | # User name that run the script. No reasons to change it. 50 | # Used only for testing. 51 | 52 | el5=$( cat /etc/redhat-release | grep "release 5" ) 53 | el6=$( cat /etc/redhat-release | grep "release 6" ) 54 | el7=$( cat /etc/redhat-release | grep "release 7" ) 55 | el8=$( cat /etc/redhat-release | grep "release 8" ) 56 | 57 | echo -e "Welcome in \e[93mLAMP install script \e[39mfor EL." 58 | echo -e "Version \e[91m1.2 \e[39msupporting EL version 8." 59 | echo "" 60 | echo "This script will install additional software and will make changes" 61 | echo "in system config files so web server with PHP and database will be ready to use." 62 | echo "" 63 | echo "Changes in the system:" 64 | echo "1. Checking user that runs script and OS version." 65 | echo "2. Disabling SELinux, add EPEL and Remi's repo, installing packages, configuring services and firewall." 66 | echo "" 67 | echo -e "\e[93mIMPORTANT\e[39m: Edit this script file to configure web server: apache(default) or nginx," 68 | echo "PHP running method: multipackage(default) using own directory, or as OS standard," 69 | echo "database: use older MariaDB from OS repo(default), or newer from MariaDB's repo." 70 | echo "" 71 | echo "To stop now and configure use CTRL+C," 72 | sleep 20 73 | 74 | if [ $user != root ] 75 | then 76 | echo "You must be root. Mission aborted!" 77 | echo "You are trying to start this script as: $user" 78 | exit 0 79 | else 80 | echo "You are root, this is good for me..." 81 | fi 82 | echo "------------------- ---------- -------- ----- -" 83 | 84 | if [ -n "$el5" ] 85 | then 86 | echo "Too old CentOS version. Pleasu upgrade to CentOS 8." 87 | echo "Mission aborted!." 88 | exit 0 89 | fi 90 | 91 | if [ -n "$el6" ] 92 | then 93 | echo "Too old CentOS version. Pleasu upgrade to CentOS 8." 94 | echo "Mission aborted!." 95 | exit 0 96 | fi 97 | 98 | if [ -n "$el7" ] 99 | then 100 | echo "Too old CentOS version. Pleasu upgrade to CentOS 8." 101 | echo "Mission aborted!." 102 | exit 0 103 | fi 104 | 105 | echo "This process will take some time, please be patient..." 106 | if [ ! -f /etc/redhat-release ] 107 | then 108 | echo "Your Linux distribution isn't supported by this script." 109 | echo "Mission aborted!" 110 | exit 0 111 | fi 112 | 113 | # Disabling SELinux problems 114 | echo "Disabling SELinux." 115 | setenforce 0 116 | sed --in-place=.bak 's/^SELINUX\=enforcing/SELINUX\=disabled/g' /etc/selinux/config 117 | echo "Add EPEL repo, enable PowerTools packages, installing chrony NTP client, curl, vim, vsftpd, wget, ImageMagick and lynx." 118 | dnf -y -d0 install --nogpgcheck https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm 119 | dnf config-manager -q --enable PowerTools 120 | subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms 121 | echo "If there is error above about PowerTools or codeready - don't worry!" 122 | dnf config-manager -q --set-enabled powertools 123 | dnf -y -d0 install yum-utils chrony curl vim vsftpd lynx wget ImageMagick 124 | dnf -y -d0 update 125 | 126 | hostname=$(hostname) 127 | ipaddr=$(hostname -I) 128 | ipext=$(curl -s https://ipecho.net/plain) 129 | 130 | systemctl --now enable chronyd 131 | 132 | # Setting up firewall 133 | echo "Configuring firewall and SELinux policies if someone want to enable it again." 134 | firewall-cmd --add-service=http --zone=public --permanent 135 | firewall-cmd --add-service=https --zone=public --permanent 136 | firewall-cmd --add-service=ftp --zone=public --permanent 137 | firewall-cmd --reload 138 | setsebool -P ftpd_full_access on 139 | setsebool -P httpd_can_network_connect on 140 | 141 | systemctl --now enable vsftpd 142 | 143 | echo "Installing web server." 144 | if [ $webserver = httpd ] 145 | then 146 | dnf -y -d0 install httpd 147 | systemctl --now enable httpd 148 | echo "At this pont default html website is stored in /var/www/html and server is working." 149 | else 150 | dnf -y -d0 install nginx 151 | systemctl --now enable nginx 152 | echo "At this pont default html website is stored in /usr/share/nginx/html and server is working." 153 | fi 154 | 155 | echo "Installing and configuring PHP." 156 | if [ $php = second ] 157 | then 158 | dnf -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -d0 159 | dnf -y install php74 -d0 160 | dnf -y install php74-php-fpm php74-php-mysql php74-php-pear php74-php-mysqlnd php74-php-pecl-zip php74-php-bcmath php74-php-xml php74-php-mbstring php74-php-gd php74-php-intl php74-php-process php74-php-imap php74-php-gmp php74-php-pecl-mcrypt php74-php-smbclient php74-php-imagick php74-php-pdo php74-php-recode php74-php-xmlrpc php74-php-pecl-lzf php74-php-zstd php74-php-geos php74-php-opcache -d0 161 | dnf -y install php74-php-phpiredis php74-php-pecl-redis5 hiredis php74-php-pecl-apcu -d0 162 | 163 | #Enable APCu command line support 164 | sed -i '/apc.enable_cli=0/aapc.enable_cli=1' /etc/opt/remi/php74/php.d/40-apcu.ini 165 | 166 | systemctl --now enable php74-php-fpm 167 | php74 --version 168 | echo "PHP is installed now and running as php74-php-fpm service. You may also use php74 command from terminal." 169 | if [ $webserver = httpd ] 170 | then 171 | touch /var/www/html/phpdet.php 172 | echo '> /var/www/html/phpdet.php 173 | echo 'phpinfo();' >> /var/www/html/phpdet.php 174 | echo '?>' >> /var/www/html/phpdet.php 175 | chown -R apache:apache /var/www/html/phpdet.php 176 | systemctl restart httpd 177 | else 178 | touch /etc/nginx/conf.d/php74-php-fpm.conf 179 | echo "upstream php74-php-fpm {" >> /etc/nginx/conf.d/php74-php-fpm.conf 180 | echo "server unix:/var/opt/remi/php74/run/php-fpm/www.sock;" >> /etc/nginx/conf.d/php74-php-fpm.conf 181 | echo "}" >> /etc/nginx/conf.d/php74-php-fpm.conf 182 | chown -R nginx:nginx /etc/nginx/conf.d/php74-php-fpm.conf 183 | touch /etc/nginx/default.d/php74-fpm.conf 184 | echo 'index index.php index.html index.htm;' >> /etc/nginx/default.d/php74-fpm.conf 185 | echo '' >> /etc/nginx/default.d/php74-fpm.conf 186 | echo 'location ~ \.php$ {' >> /etc/nginx/default.d/php74-fpm.conf 187 | echo 'try_files $uri =404;' >> /etc/nginx/default.d/php74-fpm.conf 188 | echo 'fastcgi_intercept_errors on;' >> /etc/nginx/default.d/php74-fpm.conf 189 | echo 'fastcgi_index index.php;' >> /etc/nginx/default.d/php74-fpm.conf 190 | echo 'include fastcgi_params;' >> /etc/nginx/default.d/php74-fpm.conf 191 | echo 'fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/default.d/php74-fpm.conf 192 | echo 'fastcgi_pass php74-php-fpm;' >> /etc/nginx/default.d/php74-fpm.conf 193 | echo '}' >> /etc/nginx/default.d/php74-fpm.conf 194 | chown -R nginx:nginx /etc/nginx/default.d/php74-fpm.conf 195 | sed -i 's/\bapache\b/nginx/g' /etc/opt/remi/php74/php-fpm.d/www.conf 196 | touch /usr/share/nginx/html/phpdet.php 197 | echo '> /usr/share/nginx/html/phpdet.php 198 | echo 'phpinfo();' >> /usr/share/nginx/html/phpdet.php 199 | echo '?>' >> /usr/share/nginx/html/phpdet.php 200 | chown -R nginx:nginx /usr/share/nginx/html/phpdet.php 201 | chown -R nginx:nginx /var/opt/remi/php74/lib/php 202 | echo "Installing incron to check /var/lib/php owner coz it change when php is upgraded breaking nginx." 203 | dnf -y -d0 install incron vim 204 | touch /var/spool/incron/root 205 | echo '/opt/remi/php74/root/usr/bin/php IN_MODIFY chown -R nginx:nginx /var/opt/remi/php74/lib/php' >> /var/spool/incron/root 206 | systemctl --now enable incrond 207 | systemctl restart php74-php-fpm 208 | systemctl restart nginx 209 | fi 210 | else 211 | dnf -y -d0 install https://rpms.remirepo.net/enterprise/remi-release-8.rpm 212 | dnf -y -d0 module reset php 213 | dnf -y -d0 module install php:remi-7.4 214 | dnf -y -d0 update 215 | dnf -y -d0 install php-mysql php-mysqlnd php-pecl-zip php-bcmath php-xml php-mbstring php-gd php-fpm php-intl php-process php-imap php-gmp php-pecl-mcrypt php-smbclient php-imagick php-pdo php-recode php-xmlrpc php-pecl-lzf php-zstd php-geos php-opcache 216 | dnf -y -d0 install php-phpiredis php-pecl-redis5 hiredis php-pecl-apcu 217 | 218 | #Enable APCu command line support 219 | sed -i '/apc.enable_cli=0/aapc.enable_cli=1' /etc/php.d/40-apcu.ini 220 | 221 | systemctl --now enable php-fpm 222 | php --version 223 | echo "PHP is installed now and running as php-fpm service. You may also use php command from terminal." 224 | if [ $webserver = httpd ] 225 | then 226 | touch /var/www/html/phpdet.php 227 | echo '> /var/www/html/phpdet.php 228 | echo 'phpinfo();' >> /var/www/html/phpdet.php 229 | echo '?>' >> /var/www/html/phpdet.php 230 | chown -R apache:apache /var/www/html/phpdet.php 231 | systemctl restart httpd 232 | else 233 | chmod 777 /var/lib/php 234 | chmod 777 /var/lib/php/session 235 | mkdir /var/lib/php/opcache 236 | chmod 777 /var/lib/php/opcache 237 | chmod 777 /var/lib/php/wsdlcache 238 | chown -R nginx:nginx /var/lib/php 239 | sed -i 's/\bapache\b/nginx/g' /etc/php-fpm.d/www.conf 240 | mkdir /run/php-fpm 241 | chmod 777 /run/php-fpm 242 | chown -R nginx:nginx /run/php-fpm 243 | sed -i 's/\blisten.acl_users = nginx,nginx\b/listen.acl_users = apache,nginx/g' /etc/php-fpm.d/www.conf 244 | touch /usr/share/nginx/html/phpdet.php 245 | echo '> /usr/share/nginx/html/phpdet.php 246 | echo 'phpinfo();' >> /usr/share/nginx/html/phpdet.php 247 | echo '?>' >> /usr/share/nginx/html/phpdet.php 248 | chown -R nginx:nginx /usr/share/nginx/html/phpdet.php 249 | systemctl restart nginx 250 | echo "Installing incron to check /var/lib/php owner coz it change when php is upgraded breaking nginx." 251 | dnf -y -d0 install incron vim 252 | touch /var/spool/incron/root 253 | echo '/usr/bin/php IN_MODIFY chown -R nginx:nginx /var/lib/php' >> /var/spool/incron/root 254 | systemctl --now enable incrond 255 | fi 256 | fi 257 | 258 | #LE 259 | echo "Installing Let's Encrypt certbot software that You may like to use for SSL generation purpose later." 260 | dnf install certbot mod_ssl -y -d0 261 | 262 | echo "Generating DHParam 2048 bit key." 263 | openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 264 | 265 | echo "Creating default Let's Encrypt directory location for refreshing certificates of every vhost." 266 | mkdir -p /var/lib/letsencrypt/.well-known 267 | chgrp apache /var/lib/letsencrypt 268 | chmod g+s /var/lib/letsencrypt 269 | touch /etc/httpd/conf.d/letsencrypt.conf 270 | echo 'Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/" 271 | 272 | AllowOverride None 273 | Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec 274 | Require method GET POST OPTIONS 275 | ' >> /etc/httpd/conf.d/letsencrypt.conf 276 | 277 | touch /etc/httpd/conf.d/ssl-params.conf 278 | echo 'SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH 279 | SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 280 | SSLHonorCipherOrder On 281 | # Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" 282 | Header always set X-Frame-Options SAMEORIGIN 283 | Header always set X-Content-Type-Options nosniff 284 | # Requires Apache >= 2.4 285 | SSLCompression off 286 | SSLUseStapling on 287 | SSLStaplingCache "shmcb:logs/stapling-cache(150000)" 288 | # Requires Apache >= 2.4.11 289 | SSLSessionTickets Off' >> /etc/httpd/conf.d/ssl-params.conf 290 | 291 | echo "Installing database." 292 | if [ $mariadb = repodb ] 293 | then 294 | dnf -y -d0 install mariadb-server 295 | systemctl --now enable mariadb 296 | echo "MariaDB from main repo is now installed." 297 | else 298 | cd /tmp 299 | wget -q https://downloads.mariadb.com/MariaDB/mariadb_repo_setup 300 | chmod +x mariadb_repo_setup 301 | ./mariadb_repo_setup 302 | dnf -y -d0 install perl-DBI libaio libsepol lsof boost-program-options rsync 303 | dnf check 304 | dnf -y -d0 module enable perl:5.26 305 | dnf -y -d0 install --repo="mariadb-main" MariaDB-server 306 | rm -rf mariadb_repo_setup 307 | mkdir /var/log/mysql 308 | chmod 777 /var/log/mysql 309 | systemctl --now enable mariadb 310 | mysql_upgrade 311 | echo "MariaDB from it's own repo is now installed." 312 | fi 313 | 314 | echo "- -- --- ------------------------- WARNING !!!! ------------------------- --- -- -" 315 | echo "Now MariaDB wizard will be started to make it secure. Please answer some questions." 316 | echo "Currently there is no database password - so hit enter on question:" 317 | echo "Enter current password for root (enter for none):" 318 | echo "" 319 | sleep 5 320 | mysql_secure_installation 321 | 322 | echo "Installing database administration package." 323 | cd /tmp 324 | wget -q https://github.com/vrana/adminer/releases/download/v4.7.7/adminer-4.7.7.php 325 | if [ $webserver = httpd ] 326 | then 327 | mkdir /var/www/html/db-adm/ 328 | mv /tmp/adminer-4.7.7.php /var/www/html/db-adm/index.php 329 | chown -R apache:apache /var/www/html/db-adm 330 | else 331 | mkdir /usr/share/nginx/html/db-adm/ 332 | mv /tmp/adminer-4.7.7.php /usr/share/nginx/html/db-adm/index.php 333 | chown -R nginx:nginx /usr/share/nginx/html/db-adm 334 | fi 335 | sleep 5 336 | clear 337 | echo "You may access Your services (www, ftp) using your local ip 127.0.0.1, or your hostname that is $hostname," 338 | echo "or Your local IP that is $ipaddr, or eternal IP if access is possible: $ipext." 339 | echo "" 340 | echo "Your default www location is:" 341 | if [ $webserver = httpd ] 342 | then 343 | echo "/var/www/html/" 344 | echo "Default Adminer (database administration website) location is:" 345 | echo "/var/www/html/db-adm" 346 | else 347 | echo "/usr/share/nginx/html" 348 | echo "Default Adminer (database administration website) location is:" 349 | echo "/usr/share/nginx/html/db-adm" 350 | fi 351 | echo "" 352 | echo "Here are examples of link to access services installed:" 353 | echo -e "Main website: --- Database Administration: --- PHP info script: " 354 | echo "http://127.0.0.1 --- http://127.0.0.1/db-adm/ --- http://127.0.0.1/phpdet.php" 355 | echo "http://$hostname --- http://$hostname/db-adm/ --- http://$hostname/phpdet.php" 356 | echo "http://$ipaddr --- http://$ipaddr/db-adm/ --- http://$ipaddr/phpdet.php" 357 | echo "http://$ipext --- http://$ipext/db-adm/ --- http://$ipext/phpdet.php" 358 | echo "" 359 | echo "Remember, if You want to serve web space for users, public_html directories must be created for each user, then chmod 711 /home/username directory and chmod 755 /home/username/public_html directory." 360 | echo "You will also have to enable it on your own in web server configuration (it is much easier and almost ready in Apache)." 361 | echo "FTP access must be configured before use, but service is up and running." 362 | echo "" 363 | echo "Everything is ready now, have fun!" 364 | -------------------------------------------------------------------------------- /make-kiosk.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # KIOSK generator for Scientific Linux and CentOS (versions 5; 6 and 7) 4 | # Created using Scientific Linux 5 | # Wasn't made and never tested on different distros than SL/CentOS/EL! 6 | # Version 1.4 for i386 and x86_64 7 | # 8 | # More info: 9 | # [PL] https://www.marcinwilk.eu/pl/projects/scientific-linux-and-centos-kiosk/ 10 | # [EMG] https://www.marcinwilk.eu/en/projects/scientific-linux-and-centos-kiosk/ 11 | # 12 | # Feel free to contact me: marcin@marcinwilk.eu 13 | # www.marcinwilk.eu 14 | # Marcin Wilk 15 | # 16 | # License: 17 | # 1. You use it at your own risk. Author is not responsible for any damage made with that script. 18 | # 2. Any changes of scripts must be shared with author with authorization to implement them and share. 19 | # 20 | # Changelog: 21 | # v 1.4 - 14.01.2016 22 | # +Make browser history and setting reset every reboot 23 | # -and after user inactivity of 15 minutes 24 | # -Use Chromium browser as main web browser in EL7 25 | # +Add Matchbox Window Manager to handle fullscreen of browsers windows 26 | # +Disable screen saver and blank screen 27 | # 28 | # v 1.3 - 12.01.2016 29 | # Added SL/CentOS 7 support 30 | # 31 | # v 1.2 - 06.06.2014 32 | # Added SL/CentOS 5 support (for older computers with low RAM) 33 | # 34 | # v 1.1 - 31.05.2014 35 | # Not released, no changes in code, tested on EL6 and Fedora 20 36 | # 37 | # v 1.0 - 30.05.2014 38 | # First release, tested on Scientific Linux 6 and CentOS 6 39 | # 40 | # Future plans: 41 | # From now on there are no future plans (done in v 1.3) 42 | # + Add support for 5.x tree (done in v 1.2) 43 | # + Add support for 7.x tree (done in v 1.3) 44 | # 45 | # + Opera do not show license window (done in v 1.3) 46 | # + Less controll on Opera browser by user (done in v 1.3) 47 | # + Add flash support (done in v 1.2) 48 | # + Add configuration options for users (first options in v 1.2) 49 | 50 | ############### Configuration 51 | 52 | mainsite=http://google.com 53 | #Site that will be loaded as default after KIOSK start. 54 | 55 | cpu=$( uname -i ) 56 | # Change it to cpu=i386 or cpu=x86_64 to force it to work when you got 57 | # non standard kernel or unknown CPU architecture. 58 | 59 | log=/var/log/make-kiosk.log 60 | # The directiry and file name where log output will be saved. 61 | # You may specify any location because script run from root account. 62 | 63 | user=$( whoami ) 64 | # User name that run the script. No reasons to change it. 65 | # Used only for testing. 66 | 67 | el5=$( cat /etc/redhat-release | grep "release 5" ) 68 | # Check if release version is 5. You may change it to el5=release 5 69 | # so it will use options prepared for that versions. 70 | 71 | el6=$( cat /etc/redhat-release | grep "release 6" ) 72 | el7=$( cat /etc/redhat-release | grep "release 7" ) 73 | # Same like above but checking for version 6 and 7. 74 | # You may force to use instructions for all releases by setting 75 | # them elX=release X in here. Where X is the EL version. 76 | 77 | flash=yes 78 | # Change it to flash=no, if you do not want to have flash installed. 79 | 80 | ############### End of configuration options 81 | 82 | echo -e "Welcome in \e[93mKIOSK generator \e[39mfor Scientific Linux and CentOS." 83 | echo -e "Version \e[91m1.4 \e[39msupporting EL/SL/CentOS version 5; 6 and 7." 84 | echo "" 85 | echo "This script will install additional software and will make changes" 86 | echo "in system config files to make it work in KIOSK mode after reboot" 87 | echo "with Opera started as web browser." 88 | echo "" 89 | echo "The log file will be created in /var/log/make-kiosk.log" 90 | echo "Please attach this file for error reports." 91 | echo "" 92 | if [ $user != root ] 93 | then 94 | echo "You must be root. Mission aborted!" 95 | echo "You are trying to start this script as: $user" 96 | echo "User $user didn't have root rights!" >> make-kiosk.log 97 | exit 0 98 | else 99 | echo "Kernel processor architecture detected: $cpu" 100 | fi 101 | echo "------------------- ---------- -------- ----- -" >> $log 102 | date >> $log 103 | echo "Generating detected CPU & Kernel log." 104 | cat /etc/*-release >> $log 105 | uname -a >> $log 106 | if [ -n "$el5" ] 107 | then 108 | echo "No lscpu in EL5, skipping CPU logging." >> $log 109 | else 110 | lscpu 1>> $log 2>> $log 111 | fi 112 | echo "This process will take some time, please be patient..." 113 | if [ ! -f /etc/redhat-release ] 114 | then 115 | echo "Your Linux distribution isn't supported by this script." 116 | echo "Mission aborted!" 117 | echo "Unsupported Linux distro!" >> $log 118 | exit 0 119 | fi 120 | if [ $cpu = x86_64 ] 121 | then 122 | echo "Detected Kernel CPU arch. is x86_64!" >> $log 123 | elif [ $cpu = i386 ] 124 | then 125 | echo "Detected Kernel CPU arch. is i386!" >> $log 126 | else 127 | echo "No supported kernel architecture. Aborting!" >> $log 128 | echo "I did not detected x86_64 or i386 kernel architecture." 129 | echo "It looks like your configuration isn't supported." 130 | echo "Mission aborted!" 131 | exit 0 132 | fi 133 | 134 | echo "Operation done in 5%" 135 | echo "Adding user kiosk." 136 | echo "Adding user kiosk." >> $log 137 | useradd kiosk 1>> $log 2>> $log 138 | echo "Installing wget." 139 | echo "Installing wget." >> $log 140 | yum -y install wget 1>> $log 2>> $log 141 | echo "Operation done in 10%" 142 | echo "Installing X Window system with GDM/Gnome/Matchbox. It will take very long!!! Be patient!!! Downloading up to ~300MB" 143 | echo "Installing X Window system with GDM/Gnome/Matchbox." >> $log 144 | yum -y groupinstall basic-desktop x11 fonts base-x 1>> $log 2>> $log 145 | yum -y install gdm 1>> $log 2>> $log 146 | if [ -n "$el5" ] 147 | then 148 | yum -y install make gawk gcc 1>> $log 2>> $log 149 | yum -y install libX11-devel 1>> $log 2>> $log 150 | yum -y install libXext-devel 1>> $log 2>> $log 151 | cd /root/ 1>> $log 2>> $log 152 | rm -f matchbox-window-manager-1.2.tar.gz 1>> $log 2>> $log 153 | wget http://downloads.yoctoproject.org/releases/matchbox/matchbox-window-manager/1.2/matchbox-window-manager-1.2.tar.gz 1>> $log 2>> $log 154 | tar xvf matchbox-window-manager-1.2.tar.gz 1>> $log 2>> $log 155 | cd matchbox-window-manager-1.2 1>> $log 2>> $log 156 | ./configure --enable-standalone 1>> $log 2>> $log 157 | make 1>> $log 2>> $log 158 | make install 1>> $log 2>> $log 159 | cd .. 1>> $log 2>> $log 160 | else 161 | yum -y install matchbox-window-manager 1>> $log 2>> $log 162 | fi 163 | yum -y install rsync 1>> $log 2>> $log 164 | echo "Operation done in 60%" 165 | echo "Checking EL version..." 166 | if [ -n "$el5" ] 167 | then 168 | echo "EL 5.x detected, using older Opera version." >> $log 169 | echo "EL 5.x detected, using older Opera version." 170 | if [ $cpu = x86_64 ] 171 | then 172 | echo "Downloading Opera for x86_64." 173 | rm -f opera-11.64-1403.x86_64.linux.tar 1>> $log 2>> $log 174 | wget http://get.geo.opera.com/pub/opera/linux/1164/opera-11.64-1403.x_86_64.linux.tar.bz2 1>> $log 2>> $log 175 | bzip2 -d opera-11.64-1403.x86_64.linux.tar.bz2 1>> $log 2>> $log 176 | tar xvf opera-11.64-1403.x86_64.linux.tar 1>> $log 2>> $log 177 | echo "Installing Opera." 178 | yum -y install cdparanoia-libs flac gstreamer gstreamer-plugins-base gstreamer-plugins-good gstreamer-tools libavc1394 libdv libiec61883 liboil libraw1394 libtheora speex 1>> $log 2>> $log 179 | opera-11.64-1403.x86_64.linux/install --unattended --system 1>> $log 2>> $log 180 | rm -rf opera-11.64-1403.x86_64.linux 1>> $log 2>> $log 181 | if [ $flash = yes ] 182 | then 183 | echo "Installing Flash." >> $log 184 | rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm 1>> $log 2>> $log 185 | rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux 1>> $log 2>> $log 186 | yum -y check-update 1>> $log 2>> $log 187 | yum -y groupinstall sound-and-video 1>> $log 2>> $log 188 | yum -y install flash-plugin nspluginwrapper curl 1>> $log 2>> $log 189 | else 190 | echo "Skipping flash install." >> $log 191 | fi 192 | elif [ $cpu = i386 ] 193 | then 194 | echo "Downloading Opera for i386." 195 | rm -f opera-11.64-1403.i386.linux.tar 1>> $log 2>> $log 196 | wget http://get.geo.opera.com/pub/opera/linux/1164/opera-11.64-1403.i386.linux.tar.bz2 1>> $log 2>> $log 197 | bzip2 -d opera-11.64-1403.i386.linux.tar.bz2 1>> $log 2>> $log 198 | tar xvf opera-11.64-1403.i386.linux.tar 1>> $log 2>> $log 199 | echo "Installing Opera." 200 | yum -y install cdparanoia-libs flac gstreamer gstreamer-plugins-base gstreamer-plugins-good gstreamer-tools libavc1394 libdv libiec61883 liboil libraw1394 libtheora speex 1>> $log 2>> $log 201 | opera-11.64-1403.i386.linux/install --unattended --system 1>> $log 2>> $log 202 | rm -rf opera-11.64-1403.i386.linux 1>> $log 2>> $log 203 | if [ $flash = yes ] 204 | then 205 | echo "Installing Flash." >> $log 206 | rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm 1>> $log 2>> $log 207 | rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux 1>> $log 2>> $log 208 | yum -y check-update 1>> $log 2>> $log 209 | yum -y groupinstall sound-and-video 1>> $log 2>> $log 210 | yum -y install flash-plugin nspluginwrapper curl 1>> $log 2>> $log 211 | else 212 | echo "Skipping flash install." >> $log 213 | fi 214 | else 215 | echo "No supported kernel architecture detected for Opera install. Mission aborted!" 216 | echo "Aborting Opera and Flash install, no x86_64 or i386!" >> $log 217 | fi 218 | else 219 | echo "EL 6/7 detected, using new Opera version." >> $log 220 | echo "EL 6/7 detected, using new Opera version." 221 | echo "Adding Xinit Session support." >> $log 222 | echo "Adding Xinit Session support." 223 | yum -y install gnome-session-xsession 1>> $log 2>> $log 224 | yum -y install xorg-x11-xinit-session 1>> $log 2>> $log 225 | if [ -n "$el6" ] 226 | then 227 | echo "EL 6.x detected, using correct Opera version." >> $log 228 | if [ $cpu = x86_64 ] 229 | then 230 | echo "Downloading Opera for x86_64." 231 | rm -f opera-12.16-1860.x86_64.rpm 1>> $log 2>> $log 232 | wget http://get.geo.opera.com/pub/opera/linux/1216/opera-12.16-1860.x86_64.rpm 1>> $log 2>> $log 233 | echo "Installing Opera." 234 | yum -y localinstall opera-12.16*.rpm 1>> $log 2>> $log 235 | if [ $flash = yes ] 236 | then 237 | echo "Installing Flash." >> $log 238 | rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm 1>> $log 2>> $log 239 | rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux 1>> $log 2>> $log 240 | yum -y check-update 1>> $log 2>> $log 241 | yum -y install flash-plugin nspluginwrapper alsa-plugins-pulseaudio libcurl 1>> $log 2>> $log 242 | else 243 | echo "Skipping flash install." >> $log 244 | fi 245 | elif [ $cpu = i386 ] 246 | then 247 | echo "Downloading Opera for i386." 248 | rm -f opera-12.16-1860.i386.rpm 1>> $log 2>> $log 249 | wget http://get.geo.opera.com/pub/opera/linux/1216/opera-12.16-1860.i386.rpm 1>> $log 2>> $log 250 | echo "Installing Opera." 251 | yum -y localinstall opera-12.16*.rpm 1>> $log 2>> $log 252 | if [ $flash = yes ] 253 | then 254 | echo "Installing Flash." >> $log 255 | rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm 1>> $log 2>> $log 256 | rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux 1>> $log 2>> $log 257 | yum -y check-update 1>> $log 2>> $log 258 | yum -y install flash-plugin nspluginwrapper alsa-plugins-pulseaudio libcurl 1>> $log 2>> $log 259 | else 260 | echo "Skipping flash install." >> $log 261 | fi 262 | else 263 | echo "No supported kernel architecture detected for Opera install. Mission aborted!" 264 | echo "Aborting Opera install, no x86_64 or i386!" >> $log 265 | fi 266 | fi 267 | if [ -n "$el7" ] 268 | then 269 | echo "EL 7.x detected, using correct Opera version." >> $log 270 | if [ $cpu = x86_64 ] 271 | then 272 | echo "Downloading Opera for x86_64." 273 | rm -f opera-12.16-1860.x86_64.rpm 1>> $log 2>> $log 274 | wget http://get.geo.opera.com/pub/opera/linux/1216/opera-12.16-1860.x86_64.rpm 1>> $log 2>> $log 275 | echo "Installing Opera." 276 | yum -y localinstall opera-12.16*.rpm 1>> $log 2>> $log 277 | if [ $flash = yes ] 278 | then 279 | echo "Installing Flash." >> $log 280 | rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm 1>> $log 2>> $log 281 | rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux 1>> $log 2>> $log 282 | yum -y check-update 1>> $log 2>> $log 283 | yum -y install flash-plugin nspluginwrapper alsa-plugins-pulseaudio libcurl 1>> $log 2>> $log 284 | else 285 | echo "Skipping flash install." >> $log 286 | fi 287 | elif [ $cpu = i386 ] 288 | then 289 | echo "Downloading Opera for i386." 290 | rm -f opera-12.16-1860.i386.rpm 1>> $log 2>> $log 291 | wget http://get.geo.opera.com/pub/opera/linux/1216/opera-12.16-1860.i386.rpm 1>> $log 2>> $log 292 | echo "Installing Opera." 293 | yum -y localinstall opera-12.16*.rpm 1>> $log 2>> $log 294 | if [ $flash = yes ] 295 | then 296 | echo "Installing Flash." >> $log 297 | rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm 1>> $log 2>> $log 298 | rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux 1>> $log 2>> $log 299 | yum -y check-update 1>> $log 2>> $log 300 | yum -y install flash-plugin nspluginwrapper alsa-plugins-pulseaudio libcurl 1>> $log 2>> $log 301 | else 302 | echo "Skipping flash install." >> $log 303 | fi 304 | else 305 | echo "No supported kernel architecture detected for Opera install. Mission aborted!" 306 | echo "Aborting Opera install, no x86_64 or i386!" >> $log 307 | fi 308 | fi 309 | fi 310 | echo "Operation done in 85%" 311 | echo "Configuring login manager (GDM), adding lines for autologin kiosk user." 312 | autologin=$( cat /etc/gdm/custom.conf | grep AutomaticLoginEnable=true ) 313 | loginname=$( cat /etc/gdm/custom.conf | grep AutomaticLogin=kiosk ) 314 | if [ -n "$autologin" ] 315 | then 316 | echo "File is already configured for automatic login." 317 | echo "Current automatic login config:" 318 | grep AutomaticLoginEnable /etc/gdm/custom.conf 319 | echo "" 320 | echo "Check the GDM file /etc/gdm/custom.conf." 321 | echo "Aborting adding AutomaticLoginEnable=true!" >> $log 322 | cat /etc/gdm/custom.conf 1>> $log 2>> $log 323 | else 324 | echo "Adding line to /etc/gdm/custom.conf for automatic login." 325 | echo "Adding line to /etc/gdm/custom.conf for automatic login." >> $log 326 | sed -i '/daemon]/aAutomaticLoginEnable=true' /etc/gdm/custom.conf 1>> $log 2>> $log 327 | fi 328 | if [ -n "$loginname" ] 329 | then 330 | echo "File is already configured for user kiosk to autologin." 331 | echo "Aborting adding AutomaticLogin=kiosk!" >> $log 332 | grep AutomaticLogin /etc/gdm/custom.conf 1>> $log 2>> $log 333 | else 334 | echo "Adding line to /etc/gdm/custom.conf for login user name." 335 | echo "Adding line to /etc/gdm/custom.conf for login user name." >> $log 336 | sed -i '/AutomaticLoginEnable=true/aAutomaticLogin=kiosk' /etc/gdm/custom.conf 1>> $log 2>> $log 337 | fi 338 | if [ -n "$el7" ] 339 | then 340 | echo "Adding line to /etc/gdm/custom.conf for default X Session in EL7." >> $log 341 | echo "And creating session file for specific user in /var/lib/AccountsService/users/kiosk." >> $log 342 | sed -i '/AutomaticLogin=kiosk/aDefaultSession=xinit-compat.desktop' /etc/gdm/custom.conf 1>> $log 2>> $log 343 | touch /var/lib/AccountsService/users/kiosk 344 | chmod 644 /var/lib/AccountsService/users/kiosk 345 | echo "[User]" >> /var/lib/AccountsService/users/kiosk 346 | echo "Language=" >> /var/lib/AccountsService/users/kiosk 347 | echo "XSession=xinit-compat" >> /var/lib/AccountsService/users/kiosk 348 | echo "SystemAccount=false" >> /var/lib/AccountsService/users/kiosk 349 | else 350 | echo "No need for default session in gdm.conf." >> $log 351 | fi 352 | echo "Operation done in 90%" 353 | echo "Configuring system to start in graphical mode." 354 | echo "Configuring system to start in graphical mode." >> $log 355 | if [ -n "$el7" ] 356 | then 357 | echo "Current starting mode in EL7 (text or graphical is:" >> $log 358 | systemctl get-default 1>> $log 2>> $log 359 | echo "Setting up graphical boot in EL7." >> $log 360 | systemctl set-default graphical.target 1>> $log 2>> $log 361 | else 362 | gfxboot=$( cat /etc/inittab | grep id:5:initdefault: ) 363 | if [ -n "$gfxboot" ] 364 | then 365 | echo "System is already configured for graphical boot." 366 | echo "Aborting configuring graphical boot. Already enabled!" >> $log 367 | else 368 | echo "Parsing /etc/inittab for graphical boot." 369 | echo "Parsing /etc/inittab for graphical boot." >> $log 370 | sed -i 's/id:1:initdefault:/id:5:initdefault:/g' /etc/inittab 1>> $log 2>> $log 371 | sed -i 's/id:2:initdefault:/id:5:initdefault:/g' /etc/inittab 1>> $log 2>> $log 372 | sed -i 's/id:3:initdefault:/id:5:initdefault:/g' /etc/inittab 1>> $log 2>> $log 373 | sed -i 's/id:4:initdefault:/id:5:initdefault:/g' /etc/inittab 1>> $log 2>> $log 374 | fi 375 | fi 376 | echo "Operation done in 93%" 377 | echo "Disabling firstboot." 378 | echo "Disabling firstboot." >> $log 379 | echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot 380 | echo "Operation done in 94%" 381 | if [ -n "$el5" ] 382 | then 383 | echo "Skipping .dmrc creation in current distribution version." 384 | echo "Generating Opera 11 browser startup config file." 385 | echo "Generating Opera 11 browser startup config file." >> $log 386 | echo "xset s off" > /home/kiosk/.xsession 387 | echo "xset -dpms" >> /home/kiosk/.xsession 388 | echo "matchbox-window-manager &" >> /home/kiosk/.xsession 389 | echo "while true; do" >> /home/kiosk/.xsession 390 | echo "rsync -qr --delete --exclude='.Xauthority' /opt/kiosk/ /home/kiosk/" >> /home/kiosk/.xsession 391 | echo "opera -nomail -noprint -noexit -nochangebuttons -nosave -nodownload -nomaillinks -nomenu -nominmaxbuttons -nocontextmenu -resetonexit -nosession $mainsite" >> /home/kiosk/.xsession 392 | echo "done" >> /home/kiosk/.xsession 393 | mkdir /home/kiosk/.opera 394 | touch /home/kiosk/.opera/operaprefs.ini 395 | echo "[State]" > /home/kiosk/.opera/operaprefs.ini 396 | echo "Accept License=1" >> /home/kiosk/.opera/operaprefs.ini 397 | chown kiosk:kiosk /home/kiosk/.opera 1>> $log 2>> $log 398 | chown kiosk:kiosk /home/kiosk/.opera/operaprefs.ini 1>> $log 2>> $log 399 | chmod +x /home/kiosk/.xsession 1>> $log 2>> $log 400 | chown kiosk:kiosk /home/kiosk/.xsession 1>> $log 2>> $log 401 | else 402 | echo "Generating Opera 12 browser startup config file." 403 | echo "Generating Opera 12 browser startup config file." >> $log 404 | echo "xset s off" > /home/kiosk/.xsession 405 | echo "xset -dpms" >> /home/kiosk/.xsession 406 | echo "matchbox-window-manager &" >> /home/kiosk/.xsession 407 | echo "while true; do" >> /home/kiosk/.xsession 408 | echo "rsync -qr --delete --exclude='.Xauthority' /opt/kiosk/ $HOME/" >> /home/kiosk/.xsession 409 | echo "opera -k -nomail -noprint -noexit -nochangebuttons -nosave -nodownload -nomaillinks -nomenu -nominmaxbuttons -nocontextmenu -resetonexit -nosession $mainsite" >> /home/kiosk/.xsession 410 | echo "done" >> /home/kiosk/.xsession 411 | mkdir /home/kiosk/.opera 412 | touch /home/kiosk/.opera/operaprefs.ini 413 | echo "[State]" >> /home/kiosk/.opera/operaprefs.ini 414 | echo "Accept License=1" >> /home/kiosk/.opera/operaprefs.ini 415 | chown kiosk:kiosk /home/kiosk/.opera 1>> $log 2>> $log 416 | chown kiosk:kiosk /home/kiosk/.opera/operaprefs.ini 1>> $log 2>> $log 417 | chmod +x /home/kiosk/.xsession 1>> $log 2>> $log 418 | ln -s /home/kiosk/.xsession /home/kiosk/.xinitrc 419 | chown kiosk:kiosk /home/kiosk/.xsession 1>> $log 2>> $log 420 | echo "Creating desktop profile session file." 421 | echo "Creating .dmrc desktop profile session file." >> $log 422 | echo "[Desktop]" > /home/kiosk/.dmrc 423 | echo "Session=xinit-compat" >> /home/kiosk/.dmrc 424 | echo "Language=$LANG" >> /home/kiosk/.dmrc 425 | chown kiosk:kiosk /home/kiosk/.dmrc 1>> $log 2>> $log 426 | fi 427 | echo "Operation done in 96%" 428 | echo "Copying files for reseting every user restart." >> $log 429 | echo "Copying files for reseting every user restart." 430 | cp -r /home/kiosk /opt/ 431 | chmod 755 /opt/kiosk 432 | chown kiosk:kiosk -R /opt/kiosk 433 | echo "Operation done in 100%" 434 | echo "Mission completed!" 435 | echo "" 436 | echo "If You got any comments or questions: marcin@marcinwilk.eu" 437 | echo "Remember that after reboot it should start directly in KIOSK." 438 | echo -e "\e[92mUse \e[93mCTRL+ALT+F2 \e[92mto go to console in KIOSK mode!!!" 439 | echo -e "\e[39mThank You." 440 | echo "Marcin Wilk" 441 | echo "Job done!" >> $log 442 | sleep 6 443 | -------------------------------------------------------------------------------- /make-kodi.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # KODI Standalone autostart install script for CentOS (versions 8) 4 | # Version 2.6 for x86_64 5 | # 6 | # More info: 7 | # [PL/ENG] https://www.marcinwilk.eu/projects/htpc-on-centos-8-linux-with-kodi/ 8 | # 9 | # Feel free to contact me: marcin@marcinwilk.eu 10 | # www.marcinwilk.eu 11 | # Marcin Wilk 12 | # 13 | # License: 14 | # 1. You use it at your own risk. Author is not responsible for any damage made with that script. 15 | # 2. Any changes of scripts must be shared with author with authorization to implement them and share. 16 | # 17 | # Changelog: 18 | # v 2.6.1 - 12.11.2020 19 | # HDMI/CEC file access for kodi is now fixed with every restart, so large system updates should not brake that. 20 | # v 2.6 - 09.10.2020 21 | # Removed double lines. 22 | # v 2.5 - 30.09.2020 23 | # Thanks to Thebes Knossos there are some fixes in the script - thank You! 24 | # Raven repo can be disabled in configuration (reported conflicts with VLC). 25 | # rapidjson package do not need compiling from sources anymore. 26 | # I prepared SRPM of phonon that works and is phonon-qt5 compatible! (Oryginal srpm stopped - don't know why - rebuilding, maybe some cmake changes or dunno). 27 | # I made script little less "loud" when taking actions (except when compiling from sources). 28 | # Added libcec srpm for CEC/HDMI support on compiled from source version of Kodi. 29 | # Fixed some errors in commands. 30 | # v 2.4 - 12.09.2020 31 | # Add HDMI/CEC fix (tested with Pulse-Eight CEC module on USB/HDMI for TV-remote control of KODI). 32 | # v 2.3 - 19.07.2020 33 | # Fixed some typos, finally releasing on the web. 34 | # v 2.2 - 07.07.2020 35 | # Add license info. 36 | # Fixed typos, and checked on core CentOS install. Ready to release on web. 37 | # v 2.1 - 03.07.2020 38 | # Added Avahi with it's daemon enabled. 39 | # v 2.0 - 26.06.2020 40 | # Another approach using flatpak instead of compiling many libraries and kodi itself from sources. 41 | # v 1.0 - 23.06.2020 42 | # First release, tested on CentOS 8 43 | 44 | user=$( whoami ) 45 | # User name that run the script. No reasons to change it. 46 | # Used only for testing. 47 | 48 | el5=$( cat /etc/redhat-release | grep "release 5" ) 49 | el6=$( cat /etc/redhat-release | grep "release 6" ) 50 | el7=$( cat /etc/redhat-release | grep "release 7" ) 51 | el8=$( cat /etc/redhat-release | grep "release 8" ) 52 | 53 | #Configuration 54 | 55 | # Installing (compiling) from sources - if yes then it will try to use not tested sources and repos 56 | # to compile of missing libraries and kodi then. 57 | # I strongly do not reommend changing that option. Most likely will not work! 58 | srcins=no 59 | 60 | # Plex Media Server install. 61 | # You can set this to yes so Plex Media Server will be installed. You may try it for fun. 62 | plex=no 63 | 64 | # Raven repo can be disabled here. According to Thebes there is conflict with VLC. 65 | raven=yes 66 | 67 | echo -e "Welcome in \e[93mKODI Standalone autostart install script \e[39mfor CentOS8." 68 | echo "" 69 | echo "This script will install additional software and will make changes" 70 | echo "in system config files to autologin and start KODI after reboot." 71 | echo "" 72 | echo "Changes in the system:" 73 | echo "1. Checking user that runs script and OS version." 74 | echo "2. Disabling SELinux, add RPMFusion and EPEL repos, adding kodi user, installing some X11 packages, configuring firewall." 75 | echo "3. IF CONFIGURED: Installing Plex, installing libraries, and compiling from sources some of them and kodi." 76 | echo "4. Installing flatpak and kodi flatpak package." 77 | echo "5. Configuring kodi user profile config, making OS to start with kodi user into X11 automatically." 78 | echo "" 79 | echo "If kodi crash, xterm terminall will be started, so You may restart it with command:" 80 | echo "flatpak run tv.kodi.Kodi" 81 | echo "or if you configured script to install from sources:" 82 | echo "kodi" 83 | echo "" 84 | sleep 10 85 | 86 | if [ $user != root ] 87 | then 88 | echo "You must be root. Mission aborted!" 89 | echo "You are trying to start this script as: $user" 90 | exit 0 91 | else 92 | echo "You are root, this is good for me..." 93 | fi 94 | echo "------------------- ---------- -------- ----- -" 95 | 96 | if [ -n "$el5" ] 97 | then 98 | echo "Too old CentOS version. Pleasu upgrade to CentOS 8." 99 | echo "Mission aborted!." 100 | exit 0 101 | fi 102 | 103 | if [ -n "$el6" ] 104 | then 105 | echo "Too old CentOS version. Pleasu upgrade to CentOS 8." 106 | echo "Mission aborted!." 107 | exit 0 108 | fi 109 | 110 | if [ -n "$el7" ] 111 | then 112 | echo "Too old CentOS version. Pleasu upgrade to CentOS 8." 113 | echo "Mission aborted!." 114 | exit 0 115 | fi 116 | 117 | echo "This process will take some time, please be patient..." 118 | if [ ! -f /etc/redhat-release ] 119 | then 120 | echo "Your Linux distribution isn't supported by this script." 121 | echo "Mission aborted!" 122 | exit 0 123 | fi 124 | 125 | # Disabling SELinux problems 126 | echo "Disabling SELinux in /etc/selinux/config and installing base software - please wait." 127 | sed --in-place=.bak 's/^SELINUX\=enforcing/SELINUX\=permissive/g' /etc/selinux/config 128 | dnf -y -q update 129 | dnf -y -q install --nogpgcheck https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm 130 | dnf -y -q install --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-8.noarch.rpm 131 | dnf config-manager --enable PowerTools 132 | dnf -y -q groupinstall "base-x" 133 | dnf -y -q install wget gdm matchbox-window-manager rsync xorg-x11-xinit-session xterm glibc-langpack-en flatpak avahi oclock xload ImageMagick langpacks-en glibc-all-langpacks 134 | 135 | echo "Enabling avahi, creating kodi user." 136 | systemctl enable avahi-daemon 137 | 138 | # Adding kodi user to some groups used for hardware acceleration 139 | useradd kodi 140 | usermod kodi -a -G audio 141 | usermod kodi -a -G video 142 | 143 | echo "Firewall setup." 144 | # Setting up firewall 145 | firewall-cmd --zone=public --add-port=32469/tcp --permanent 146 | firewall-cmd --zone=public --add-port=32414/udp --permanent 147 | firewall-cmd --zone=public --add-port=32413/udp --permanent 148 | firewall-cmd --zone=public --add-port=32412/udp --permanent 149 | firewall-cmd --zone=public --add-port=32410/udp --permanent 150 | firewall-cmd --zone=public --add-port=32400/tcp --permanent 151 | firewall-cmd --zone=public --add-port=12374/udp --permanent 152 | firewall-cmd --zone=public --add-port=9090/tcp --permanent 153 | firewall-cmd --zone=public --add-port=9090/udp --permanent 154 | firewall-cmd --zone=public --add-port=9777/udp --permanent 155 | firewall-cmd --zone=public --add-port=8080/tcp --permanent 156 | firewall-cmd --zone=public --add-port=8324/tcp --permanent 157 | firewall-cmd --zone=public --add-port=5353/udp --permanent 158 | firewall-cmd --zone=public --add-port=3005/tcp --permanent 159 | firewall-cmd --zone=public --add-port=1900/tcp --permanent 160 | firewall-cmd --zone=public --add-port=1900/udp --permanent 161 | firewall-cmd --zone=public --add-port=1414/tcp --permanent 162 | firewall-cmd --zone=public --add-port=1414/udp --permanent 163 | firewall-cmd --zone=public --add-port=1131/tcp --permanent 164 | firewall-cmd --zone=public --add-port=1131/udp --permanent 165 | firewall-cmd --zone=public --add-port=1308/tcp --permanent 166 | firewall-cmd --zone=public --add-port=1308/udp --permanent 167 | firewall-cmd --zone=public --add-port=1084/tcp --permanent 168 | firewall-cmd --zone=public --add-port=1084/udp --permanent 169 | firewall-cmd --zone=public --add-port=80/tcp --permanent 170 | firewall-cmd --reload 171 | setsebool httpd_can_network_connect on -P 172 | 173 | # Installing Plex Media Server 174 | if [ $plex = yes ] 175 | then 176 | echo "Installing Plex." 177 | touch /etc/yum.repos.d/plex.repo 178 | echo "[Plex]" >> /etc/yum.repos.d/plex.repo 179 | echo "name=Plex" >> /etc/yum.repos.d/plex.repo 180 | echo "baseurl=https://downloads.plex.tv/repo/rpm/$basearch/" >> /etc/yum.repos.d/plex.repo 181 | echo "enabled=1" >> /etc/yum.repos.d/plex.repo 182 | echo "gpgkey=https://downloads.plex.tv/plex-keys/PlexSign.key" >> /etc/yum.repos.d/plex.repo 183 | echo "gpgcheck=1" >> /etc/yum.repos.d/plex.repo 184 | echo "" >> /etc/yum.repos.d/plex.repo 185 | dnf -y -q install plexmediaserver 186 | dnf -y reinstall glibc-common 187 | systemctl enable plexmediaserver 188 | systemctl start plexmediaserver 189 | else 190 | echo "Skipping Plex Media Server installation." 191 | fi 192 | 193 | echo "Installing KODI!" 194 | 195 | if [ $srcins = no ] 196 | then 197 | echo "Configuring flatpak for kodi install." 198 | flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo 199 | flatpak -y install flathub tv.kodi.Kodi 200 | sudo -u kodi flatpak override --user --share=network --share=ipc --socket=x11 --socket=wayland --socket=fallback-x11 --socket=pulseaudio --socket=system-bus --socket=session-bus --device=all --device=dri --device=shm --allow=devel --allow=multiarch --allow=bluetooth --allow=canbus --filesystem=host tv.kodi.Kodi 201 | else 202 | cd /root 203 | # Adding Raven REPO for QT install 204 | if [ $raven = yes ] 205 | then 206 | echo "Installing KODI from source - this will take VERY long time, be patient!" 207 | touch /etc/yum.repos.d/raven.repo 208 | echo "[raven]" >> /etc/yum.repos.d/raven.repo 209 | echo "name=Raven packages" >> /etc/yum.repos.d/raven.repo 210 | echo "baseurl=https://pkgs.dyn.su/el8/base/x86_64/" >> /etc/yum.repos.d/raven.repo 211 | echo "gpgcheck=0" >> /etc/yum.repos.d/raven.repo 212 | echo "enabled=1 " >> /etc/yum.repos.d/raven.repo 213 | echo "" >> /etc/yum.repos.d/raven.repo 214 | echo "[raven-extras]" >> /etc/yum.repos.d/raven.repo 215 | echo "name=Raven extra packages" >> /etc/yum.repos.d/raven.repo 216 | echo "baseurl=https://pkgs.dyn.su/el8/extras/x86_64/" >> /etc/yum.repos.d/raven.repo 217 | echo "gpgcheck=0" >> /etc/yum.repos.d/raven.repo 218 | echo "enabled=0" >> /etc/yum.repos.d/raven.repo 219 | echo "" >> /etc/yum.repos.d/raven.repo 220 | echo "[raven-multimedia]" >> /etc/yum.repos.d/raven.repo 221 | echo "name=Raven multimedia packages" >> /etc/yum.repos.d/raven.repo 222 | echo "baseurl=https://pkgs.dyn.su/el8/multimedia/x86_64/" >> /etc/yum.repos.d/raven.repo 223 | echo "gpgcheck=0" >> /etc/yum.repos.d/raven.repo 224 | echo "enabled=0" >> /etc/yum.repos.d/raven.repo 225 | echo "" >> /etc/yum.repos.d/raven.repo 226 | dnf config-manager --set-enabled raven 227 | # dnf config-manager --set-enabled raven-extras 228 | # dnf config-manager --set-enabled raven-multimedia 229 | dnf -y install qt-4.8.7 qt-devel-4.8.7 230 | else 231 | echo "Raven's repo disabled." 232 | fi 233 | 234 | echo "Because source install method is unstable (link to source files can disappear, newr lib version may brake things, there will be more details on the screen about the proccess." 235 | sleep 5 236 | dnf config-manager --set-enabled epel-testing 237 | dnf -y -q install unixODBC-devel bzip2-devel cmake curl dbus-devel fmt-devel fontconfig-devel freetype-devel fribidi-devel gawk gcc gcc-c++ gettext gettext-devel giflib-devel gperf gtest java-11-openjdk-headless jre lcms2-devel libao-devel libass-devel libcap-devel libcdio-devel libcurl-devel libidn2-devel libjpeg-turbo-devel libmicrohttpd-devel libmpc-devel libnfs-devel libplist-devel libsmbclient-devel libtool libtool-ltdl-devel libudev-devel libunistring libunistring-devel libusb-devel libuuid-devel libva-devel libvdpau-devel libxml2-devel libXmu-devel libXrandr-devel libxslt-devel libXt-devel lirc-devel lzo-devel make mariadb-devel mesa-libEGL-devel mesa-libGL-devel mesa-libGLU-devel mesa-libGLw-devel mesa-libOSMesa-devel nasm openssl-devel openssl-libs patch pcre-devel pulseaudio-libs-devel python3-devel python3-pillow sqlite-devel swig taglib-devel tinyxml-devel trousers-devel uuid-devel yasm zlib-devel qt5-qtdeclarative-devel 238 | dnf -y -q install gtk2-devel libXv-devel libXcursor-devel cups-devel firebird-devel freetds-devel libmng-devel libpq-devel tk-devel python2-numpy python2-tkinter python3-numpy python3-qt5 python3-sphinx python3-sphinx_rtd_theme python3-tkinter libimagequant-devel libwebp-devel openjpeg2-devel pixman-devel python2-devel tre-devel wavpack-devel yajl-devel libsamplerate-devel libtiff-devel libvorbis-devel mesa-libgbm-devel ninja-build libmad-devel libmms-devel libmodplug-devel libmpcdec-devel libmpeg2-devel libogg-devel librtmp-devel libXinerama-devel libXtst-devel libcrystalhd-devel libdca-devel fontpackages-devel glew-devel jasper-devel lame-devel faad2-devel flac-devel enca-devel e2fsprogs-devel boost-devel afpfs-ng-devel qt5-devel extra-cmake-modules kde-filesystem kf5-rpm-macros gtest-devel libpng12 lockdev-devel ncurses-devel platform-devel ant doxygen texlive-latex libevent-devel git make gcc glib2-devel gcc-c++ groff ghostscript alsa-lib-devel autoconf automake avahi-compat-libdns_sd-devel avahi-devel bluez-libs-devel 239 | dnf -y -q install kf5-rpm-macros libxml2-devel libxcb-devel pulseaudio-libs-devel glib2-devel qt5-qtbase-devel qt5-qttools-devel kde-filesystem 240 | 241 | wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/30/Everything/source/tree/Packages/f/fstrcmp-0.7.D001-11.fc30.src.rpm 242 | rpmbuild --rebuild fstrcmp-0.7.D001-11.fc30.src.rpm 243 | dnf -y install /root/rpmbuild/RPMS/x86_64/fstrcmp-0.7.D001-11.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/fstrcmp-devel-0.7.D001-11.el8.x86_64.rpm 244 | 245 | wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/30/Everything/source/tree/Packages/l/libbluray-1.1.0-1.fc30.src.rpm 246 | rpmbuild --rebuild libbluray-1.1.0-1.fc30.src.rpm 247 | dnf -y install /root/rpmbuild/RPMS/x86_64/libbluray-1.1.0-1.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/libbluray-devel-1.1.0-1.el8.x86_64.rpm 248 | 249 | wget http://vault.centos.org/8.1.1911/AppStream/Source/SPackages/libpng12-1.2.57-5.el8.src.rpm 250 | rpmbuild --rebuild libpng12-1.2.57-5.el8.src.rpm 251 | dnf -y install /root/rpmbuild/RPMS/x86_64/libpng12-devel-1.2.57-5.el8.x86_64.rpm 252 | 253 | dnf -y install valgrind rapidjson rapidjson-devel 254 | # wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/30/Everything/source/tree/Packages/r/rapidjson-1.1.0-9.fc30.src.rpm 255 | # rpmbuild --rebuild rapidjson-1.1.0-9.fc30.src.rpm 256 | # dnf -y install /root/rpmbuild/RPMS/noarch/rapidjson-devel-1.1.0-9.el8.noarch.rpm /root/rpmbuild/RPMS/noarch/rapidjson-doc-1.1.0-9.el8.noarch.rpm 257 | 258 | wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/30/Everything/source/tree/Packages/f/flatbuffers-1.10.0-4.fc30.src.rpm 259 | rpmbuild --rebuild flatbuffers-1.10.0-4.fc30.src.rpm 260 | dnf -y install /root/rpmbuild/RPMS/x86_64/flatbuffers-1.10.0-4.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/flatbuffers-devel-1.10.0-4.el8.x86_64.rpm 261 | 262 | wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/30/Everything/source/tree/Packages/a/a52dec-0.7.4-35.fc30.src.rpm 263 | rpmbuild --rebuild a52dec-0.7.4-35.fc30.src.rpm 264 | dnf -y install /root/rpmbuild/RPMS/x86_64/a52dec-0.7.4-35.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/liba52-0.7.4-35.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/liba52-devel-0.7.4-35.el8.x86_64.rpm 265 | 266 | wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/30/Everything/source/tree/Packages/c/crossguid-0-0.11.20160908gitfef89a4.fc30.src.rpm 267 | rpmbuild --rebuild crossguid-0-0.11.20160908gitfef89a4.fc30.src.rpm 268 | dnf -y install /root/rpmbuild/RPMS/x86_64/crossguid-0-0.11.20160908gitfef89a4.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/crossguid-devel-0-0.11.20160908gitfef89a4.el8.x86_64.rpm 269 | 270 | wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/30/Everything/source/tree/Packages/p/python-olefile-0.46-2.fc30.src.rpm 271 | rpmbuild --rebuild python-olefile-0.46-2.fc30.src.rpm 272 | dnf -y install /root/rpmbuild/RPMS/noarch/python2-olefile-0.46-2.el8.noarch.rpm /root/rpmbuild/RPMS/noarch/python3-olefile-0.46-2.el8.noarch.rpm 273 | 274 | dnf -y install python3-cffi 275 | wget https://download-ib01.fedoraproject.org/pub/fedora/linux/updates/30/Everything/SRPMS/Packages/p/python-pillow-5.4.1-4.fc30.src.rpm 276 | rpmbuild --rebuild python-pillow-5.4.1-4.fc30.src.rpm 277 | dnf -y install /root/rpmbuild/RPMS/x86_64/python2-pillow-5.4.1-4.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/python2-pillow-devel-5.4.1-4.el8.x86_64.rpm 278 | dnf -y install /root/rpmbuild/RPMS/x86_64/python2-pillow-tk-5.4.1-4.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/python3-pillow-5.4.1-4.el8.x86_64.rpm 279 | dnf -y install /root/rpmbuild/RPMS/x86_64/python3-pillow-devel-5.4.1-4.el8.x86_64.rpm /root/rpmbuild/RPMS/noarch/python3-pillow-doc-5.4.1-4.el8.noarch.rpm 280 | dnf -y install /root/rpmbuild/RPMS/x86_64/python3-pillow-tk-5.4.1-4.el8.x86_64.rpm 281 | 282 | # automoc needs qt4-devel 283 | wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/30/Everything/source/tree/Packages/a/automoc-1.0-0.34.rc3.fc30.src.rpm 284 | rpmbuild --rebuild automoc-1.0-0.34.rc3.fc30.src.rpm 285 | dnf -y install /root/rpmbuild/RPMS/x86_64/automoc-1.0-0.34.rc3.el8.x86_64.rpm 286 | 287 | # wget https://dl.fedoraproject.org/pub/fedora/linux/updates/30/Everything/SRPMS/Packages/p/phonon-4.10.2-3.fc30.src.rpm 288 | # rpmbuild --rebuild phonon-4.10.2-3.fc30.src.rpm 289 | # dnf -y install /root/rpmbuild/RPMS/x86_64/phonon-4.10.2-3.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/phonon-4.10.2-3.el8.x86_64.rpm phonon-devel-4.10.2-3.el8.x86_64.rpm 290 | 291 | # !!! Something is broken and rebuilding from srpm STOPPED working (few weeks ago there was no problem with that), 292 | # !!! so i "fixed/broken" that by editing spec files, and removing everything related to qt5, prepared own srpm that will be downloaded here and installed. 293 | # !!! Also that should be "compatible" with -qt5 rpm from epel repo. This thime i backed up all rebuilt rpms in case they broke something again somewhere. 294 | 295 | wget https://www.marcinwilk.eu/SRPMS/phonon-4.10.2-3.el8.src.rpm 296 | rpmbuild --rebuild phonon-4.10.2-3.el8.src.rpm 297 | dnf -y install /root/rpmbuild/RPMS/x86_64/phonon-4.10.2-3.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/phonon-devel-4.10.2-3.el8.x86_64.rpm 298 | dnf -y install phonon-qt5 phonon-qt5-devel 299 | 300 | wget https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/30/Everything/source/tree/Packages/s/shairplay-0.9.0-12.20160101gitce80e00.fc30.src.rpm 301 | rpmbuild --rebuild shairplay-0.9.0-12.20160101gitce80e00.fc30.src.rpm 302 | dnf -y install /root/rpmbuild/RPMS/x86_64/shairplay-0.9.0-12.20160101gitce80e00.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/shairplay-libs-0.9.0-12.20160101gitce80e00.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/shairplay-devel-0.9.0-12.20160101gitce80e00.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/airtv-0.9.0-12.20160101gitce80e00.el8.x86_64.rpm 303 | 304 | # Added libcec and libcec-devel package for CEC support. 305 | wget https://www.marcinwilk.eu/SRPMS/libcec-4.0.4-4.el8.src.rpm 306 | rpmbuild --rebuild libcec-4.0.4-4.el8.src.rpm 307 | dnf -y install /root/rpmbuild/RPMS/x86_64/libcec-4.0.4-4.el8.x86_64.rpm /root/rpmbuild/RPMS/x86_64/libcec-devel-4.0.4-4.el8.x86_64.rpm 308 | 309 | cd $HOME 310 | git clone https://github.com/xbmc/xbmc kodi 311 | cd $HOME/kodi 312 | make -C tools/depends/target/crossguid PREFIX=/usr/local 313 | make -C tools/depends/target/flatbuffers PREFIX=/usr/local 314 | make -C tools/depends/target/libfmt PREFIX=/usr/local 315 | make -C tools/depends/target/libspdlog PREFIX=/usr/local 316 | make -C tools/depends/target/wayland-protocols PREFIX=/usr/local 317 | make -C tools/depends/target/waylandpp PREFIX=/usr/local 318 | mkdir $HOME/kodi-build 319 | cd $HOME/kodi-build 320 | cmake ../kodi -DCMAKE_INSTALL_PREFIX=/usr/local -DX11_RENDER_SYSTEM=gl 321 | cmake --build . -- VERBOSE=1 -j$(getconf _NPROCESSORS_ONLN) 322 | sudo make install 323 | cd $HOME/kodi 324 | make -j$(getconf _NPROCESSORS_ONLN) -C tools/depends/target/binary-addons PREFIX=/usr/local 325 | fi 326 | 327 | echo "Configuring login manager (GDM), adding lines for autologin kodi user." 328 | autologin=$( cat /etc/gdm/custom.conf | grep AutomaticLoginEnable=true ) 329 | loginname=$( cat /etc/gdm/custom.conf | grep AutomaticLogin=kodi ) 330 | if [ -n "$autologin" ] 331 | then 332 | echo "File is already configured for automatic login." 333 | echo "Current automatic login config:" 334 | grep AutomaticLoginEnable /etc/gdm/custom.conf 335 | echo "" 336 | echo "Check the GDM file /etc/gdm/custom.conf." 337 | else 338 | echo "Adding line to /etc/gdm/custom.conf for automatic login." 339 | sed -i '/daemon]/aAutomaticLoginEnable=true' /etc/gdm/custom.conf 340 | fi 341 | 342 | if [ -n "$loginname" ] 343 | then 344 | echo "File is already configured for user to autologin." 345 | echo "Check the GDM file /etc/gdm/custom.conf." 346 | else 347 | echo "Adding line to /etc/gdm/custom.conf for login user name." 348 | sed -i '/AutomaticLoginEnable=true/aAutomaticLogin=kodi' /etc/gdm/custom.conf 349 | fi 350 | 351 | echo "Adding line to /etc/gdm/custom.conf for default X Session in EL7." 352 | echo "And creating session file for specific user in /var/lib/AccountsService/users/kodi." 353 | sed -i '/AutomaticLogin=kodi/aDefaultSession=xinit-compat.desktop' /etc/gdm/custom.conf 354 | touch /var/lib/AccountsService/users/kodi 355 | chmod 644 /var/lib/AccountsService/users/kodi 356 | echo "[User]" >> /var/lib/AccountsService/users/kodi 357 | echo "Language=" >> /var/lib/AccountsService/users/kodi 358 | echo "XSession=xinit-compat" >> /var/lib/AccountsService/users/kodi 359 | echo "SystemAccount=false" >> /var/lib/AccountsService/users/kodi 360 | echo "Setting up graphical boot." 361 | 362 | systemctl set-default graphical.target 363 | 364 | echo "xset s off ; xset -dpms" > /home/kodi/.xsession 365 | echo "exec matchbox-window-manager &" >> /home/kodi/.xsession 366 | if [ $srcins = yes ] 367 | then 368 | echo "kodi" >> /home/kodi/.xsession 369 | echo "" >> /home/kodi/.xsession 370 | else 371 | echo "flatpak run tv.kodi.Kodi" >> /home/kodi/.xsession 372 | echo "" >> /home/kodi/.xsession 373 | fi 374 | echo "xterm" >> /home/kodi/.xsession 375 | ln -s /home/kodi/.xsession /home/kodi/.xinitrc 376 | chown kodi:kodi /home/kodi/.xsession 377 | chmod 777 /home/kodi/.xsession 378 | 379 | echo "[Desktop]" > /home/kodi/.dmrc 380 | echo "Session=xinit-compat" >> /home/kodi/.dmrc 381 | echo "Language=$LANG" >> /home/kodi/.dmrc 382 | chown kodi:kodi /home/kodi/.dmrc 383 | chmod 766 /home/kodi/.dmrc 384 | 385 | echo "Adopting HDMI/CEC fix (tested with Pulse-Eight CEC module)." 386 | if [ -f /dev/ttyACM0 ] 387 | then 388 | chmod a+rw /dev/ttyACM0 389 | echo 'chmod a+rw /dev/ttyACM0' >> /etc/rc.local 390 | fi 391 | 392 | echo "You may now restart this computer to experience Kodi." 393 | -------------------------------------------------------------------------------- /nextcloud-ins.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Nextcloud Install Script 4 | # Made for freshly installed, server Linux distributions using AMD64(x86_64) architecture: 5 | # Debian (11 - 13), Enterprise Linux (9 - 10), Ubuntu Server (22 - 24), Fedora Server (39 - 42). 6 | # 7 | # It will update OS, preconfigure everything, install neeeded packages and Nextcloud. 8 | # There is also support for upgrading Nextcloud and OS packages - just download and run latest version of this script again. 9 | # It will create backup of current Nextcloud (but without users files) with it's database, 10 | # and then it will upgrade OS, software packages, and Nextcloud to the newest major version. 11 | # 12 | # This Nextcloud installer allows Nextcloud to work locally and thru Internet: 13 | # - by local IP address with and without SSL (it use self signed SSL certificate for https protocol), 14 | # - or using domain name (local and over Internet), if domain is already configured correctly (it will use free Let's Encrypt service for certificate signing). 15 | # Software packages that are installed are Apache (web server), MariaDB (database server), PHP (programming language with interpreter), 16 | # NTP (time synchronization service), and Redis/Valkey (cache server). 17 | # Some other software is also installed for better preview/thumbnails generation by Nextcloud like LibreOffice, Krita, ImageMagick etc. 18 | # Also new service for Nextcloud "cron" is generated that starts every 5 minutes so Nextcloud can do some work while users are not connected. 19 | # 20 | # To use it just use this command (as root): 21 | # "wget -q https://github.com/nicrame/Linux-Scripts/raw/master/nextcloud-ins.sh && chmod +x nextcloud-ins.sh && ./nextcloud-ins.sh" 22 | # 23 | # You may also add specific variables (lang, mail, dns) that will be used, by adding them to command above, e.g: 24 | # "wget -q https://github.com/nicrame/Linux-Scripts/raw/master/nextcloud-ins.sh && chmod +x nextcloud-ins.sh && ./nextcloud-ins.sh -lang=pl -mail=my@email.com -dm=domain.com -nv=24 -fdir=/mnt/sdc5/nextcloud-data" 25 | # -lang (for language) variable will install additional packages specific for choosed language and setup Nextcloud default language. 26 | # Currently supported languages are: none (default value is none/empty that will use web browser language), Arabic (ar), Chinese (zh), French (fr), Hindi (hi), Polish (pl), Spanish (es) and Ukrainian (uk), 27 | # -mail variable is for information about Your email address, that will be presented to let's encrypt, so you'll be informed if domain name SSL certificate couldn't be refreshed (default value is empty), 28 | # -dm variable is used when you got (already prepared and configured) domain name, it will be configured for Nextcloud server and Let's encrypt SSL (default value is empty), 29 | # -nv variable allows You to choose older version to install, supported version are: 24-28, empty (it will install newest, currently v28), 30 | # -fdir variable gives possibility to specify where user files and nextcloud.log files are stored, by default this settings will leave default location that is /var/www/nextcloud/data. 31 | # selecting different location will not change Nextcloud configuration, but will bind (using mount) default Nextcloud location, to the specified one, 32 | # so using security mechanism like chroot/jail/SELinux etc. will work correctly without additional configuration for them, web server etc. 33 | # For example if option -fdir=/mnt/sdc5/nextcloud-data will be used, then entering directory /var/www/nextcloud/data will actually show content of /mnt/sdc5/nextcloud-data. 34 | # If you want to use spaces between words in directory name, then put path inside double quotes, eg. -fdir="/mnt/sdx/users data folder" 35 | # To remember data directory settings, and mount them each OS start /etc/fstab file is modified. 36 | # -restore argument is used for recovering older Nextcloud files/database. Since v 1.11 this script generate backup of Nextcloud files (excluding users data) and database, 37 | # when it's started for upgrade process (which is default scenario when script is started another time after first use). 38 | # You may use -restore=list to check the list of previously created backups, or -restore=filename.tar.bz2 to select one of those files, and use them to restore Nextcloud. 39 | # IMPORTANT: When -restore argument is used with any kind of parameters, then any other is ignored. It means You can't use -restore variable with others. 40 | # -backup argument starts backup process without doing any other tasks. It will just create backup of current Nextcloud install with database, excluding users files. 41 | # Similar to -restore, -backup argument must be used by itself (any other one used with it will be ignored). 42 | # -purge is used as standalone argument - it will remove all software installed by this script, and it's configuration. Also it will remove Nextcloud, with all files (also user data files), and database. 43 | # It should be used only when first run didn't work correctly somehow - so this will do something like "revert" changes, so it is possible to start again. 44 | # 45 | # After install You may use Your web browser to access Nextcloud using local IP address, 46 | # or domain name, if You have configured it before (DNS settings and router configuration should be done earlier by You). 47 | # Both HTTP and HTTPS protocols are enabled by default. Localhost, self signed certificate is generated by default. 48 | # For additional domain name certificate is made with Let's encrypt service (if You use -dns command variable). 49 | # 50 | # It was tested with many Nextcloud versions since v24. 51 | # 52 | # Updates of Nextcloud after using this script: 53 | # By default this script disable "updatenotification" app that allow You to update Nextcloud using its own administration panel. 54 | # The main reason is that such updates sometimes leave files that shouldn't stay, which brakes their update system at some points (i had many such problems in the past). 55 | # So, to update Your Nextcloud there are two options: 56 | # 1. You may start the script again, so it will upgrade OS with software packages and Nextcloud to the newest version (it will update between major releases too), 57 | # so for example if You have version 28.0.3, it will update it to 31.0.4(that was newest version when this text was edited). 58 | # But if You selected version to install with "-nv" argument (eg. -nv=28) when script was used for the first time, then starting script again will not update anything, 59 | # and leave You with selected version, without updating minor release. 60 | # So if You got 28.0.3 it will not update to 28.0.9 (because when this script is released, i do not know how many minor releases will be in the future). 61 | # 2. You may also enable updatenotification app using Nextcloud GUI - go to Apps -> Disabled apps -> click on Enable button near "Update notification" app. 62 | # Then go to "Administration settings" -> Overview, where will be information about new version available for updating. 63 | # 64 | # In case of problems, LOG output is generated at /var/log/nextcloud-installer.log. 65 | # Attach it if You want to report errors with installation process. 66 | # 67 | # If You want to report errors that You think may be made by the script, please add logs of Apache web server, PHP and Nextcloud. 68 | # This script was never tested, and not reccommended to be used on containerization environment (like Docker, LXC etc.), 69 | # but it was working well on virtual machines under KVM and Virtualbox. 70 | # 71 | # More info: 72 | # [PL/ENG] https://www.marcinwilk.eu/pl/projects/linux-scripts/nextcloud-debian-install/ 73 | # 74 | # Feel free to contact me: marcin@marcinwilk.eu 75 | # www.marcinwilk.eu 76 | # Marcin Wilk 77 | # 78 | # License: 79 | # 1. You use it at your own risk. Author is not responsible for any damage made with that script. 80 | # 2. Any changes of scripts must be shared with author with authorization to implement them and share. 81 | # 82 | # V 1.12.4 - 24.11.2025 83 | # - backup argument checks if Nextcloud was already installed 84 | # - tweaks regarding the way script is started and running 85 | # - check for firewalld and if it is installed in Debian, then do not add UFW, just it's own rules 86 | # V 1.12.3 - 23.11.2025 87 | # - Nextcloud Hub 25 (v32) support 88 | # - little documentation changes 89 | # - check if script is started in full login shell 90 | # - new -purge option added that will remove software installed by this script with NC and whole database, so it's possible to start install process again with fresh data 91 | # V 1.12.2 - 09.09.2025 92 | # - fixes for better upgrade process from older NC versions 93 | # V 1.12.1 - 09.09.2025 94 | # - small tewaks and fixes 95 | # V 1.12 - 07.09.2025 96 | # - make PHP 8.4 the default version 97 | # - change the way PHP configuration is stored (new, different config file instead of changing installed by packages) 98 | # - Debian 13 support added 99 | # - EL 10 support added (uses Valkey instead of Redis, tested on Rocky and RHEL) 100 | # - Fedora 42 Server support added 101 | # - Ubuntu 24 LTS Server support added 102 | # V 1.11.5 - 25.05.2025 103 | # - another portion of small tweaks 104 | # V 1.11.4 - 24.05.2025 105 | # - Nextcloud Hub 10 (v31) is now default/latest 106 | # - small tweaks 107 | # V 1.11.3 - 12.09.2024 108 | # - Nextcloud Hub 9 (v30) is now default/latest 109 | # - updated default versions to newest releases when using -nv parameter 110 | # - add few commands to be sure that PHP 8.3 is used as default version 111 | # - small tweaks and fixes 112 | # V 1.11.2 - 16.05.2024 113 | # - new arguments: -backup (create backup) and -restore (that can be used with "list" argument to show previously created backups, or with filename to be used to restore from it) 114 | # - modify backup file names to show more data (date, time and Nextcloud version that is backed up) 115 | # V 1.11 - 16.05.2024 116 | # - update documentation inside script 117 | # - first attempt to backup/restore feature 118 | # V 1.10 - 19.04.2024 119 | # - Nextcloud Hub 8 (v29) is now default/latest 120 | # - PHP 8.3 is used as default PHP version 121 | # - Fixed error that didn't allow installing older versions of NC (and PHP 7.4) 122 | # V 1.9.2 - 13.03.2024 123 | # - checking if "fdir" parameter is configured for already existing directory and inform if not 124 | # - fix spaces in directory names saved in fstab, configured with -fdir argument (fstab do not support spaces in directory names) 125 | # V 1.9.1 - 12.03.2024 126 | # - some description update, and few code changes that do not affect the way script is working 127 | # - add PHP 8.3 install code (currently disabled) for future NC versions 128 | # V 1.9 - 04.03.2024 129 | # - new argument that allow to configure location of "data" directory, where user files are stored (it use mount/fstab for security mechanisms compatibility) 130 | # V 1.8.1 - 07.02.2024 131 | # - first release with Fedora Server 39, and Ubuntu Server LTS (22) distributions support 132 | # V 1.8 - 04.02.2024 133 | # - first release with Rocky Linux (9), and other Enterprise Linux distributions support 134 | # - a little more code optimizations 135 | # V 1.7.1 - 01.02.2024 136 | # - code cleanup 137 | # - add maintenance window start time configuration (for 28.0.2 released today) 138 | # V 1.7 - 30.01.2024 139 | # - tweaks for thumbnails/preview generation 140 | # - disabe sleep/hibernate modes in OS 141 | # - add HTTP2 protocol support 142 | # - small security fix 143 | # - description improvements 144 | # - packages installer will now wait for background jobs (started by OS) to finish 145 | # V 1.6.4 - 04.01.2024 146 | # - add bz2 module for PHP (for Nextcloud Hub 7) 147 | # - Happy New Year! 148 | # V 1.6.3 - 04.11.2023 149 | # - more tests and fixes 150 | # V 1.6.2 - 04.08.2023 151 | # - few more languages are now supported with -lang= parameter (Arabic (ar), Chinese (zh), French (fr), Hindi (hi), Polish (pl), Spanish (es) and Ukrainian (uk)) 152 | # V 1.6.1 - 03.08.2023 153 | # - small tweaks 154 | # V 1.6 - 03.08.2023 155 | # - new variable that allows installing older version of Nextcloud (users reported problems with NC27) 156 | # - the script rename itself after finished work (so installer command always refer to newest version) 157 | # - script is prepared now for few future updates (up to Nextcloud v28) 158 | # V 1.5.5 - 12.07.2023 159 | # - better description of variables use on error 160 | # V 1.5.4 - 07.07.2023 161 | # - fixed some logical problem 162 | # - add support for Debian 12 163 | # - add support for Nextcloud Hub 5 (v27) 164 | # V 1.5.3 - 15.04.2023 165 | # - using older PHP (8.1) version for upgrade process before removing it (Nextcloud do not finish upgrade process on never PHP version) 166 | # - check for currently installed Nextcloud version and update it so many times it needs (till version 26) - when upgrading from script version 1.4 or older 167 | # V 1.5.2 - 05.04.2023 168 | # - twofactor_webauthn app installing and enabling for more security (tested with Yubikey) 169 | # V 1.5.1 - 05.04.2023 170 | # - upgrading from 1.4 and lower added to the script 171 | # V 1.5 - 25.03.2023 172 | # - use Nextcloud Hub 4 (v26) 173 | # - enable opcache again (it looks it's working fine now) 174 | # - use PHP version 8.2 175 | # - install ddclient (dynamic DNS client - https://ddclient.net/) 176 | # - install miniupnpc ans start it for port 80 and 443 to open ports (it should be unncessary) 177 | # - added more variables to use (language, e_mail) 178 | # - installer is now creating file with it's version number for future upgrades 179 | # - installer detects if older versions of script were used, and in the next release it will upgrade everything (nextcloud included) 180 | # V 1.4.3 - 24.02.2023 181 | # - allow self-signed certificate config option in nextcloud (it may be needed sometimes) 182 | # V 1.4.2 - 10.02.2023 183 | # - completely disable opcache because of many segfaults even when JIT is completely disabled 184 | # V 1.4.1 - 08.02.2023 185 | # - opcache jit cache in php has been disabled because of many segfaults reported 186 | # V 1.4 - 31.01.2023 187 | # - fixes thanks to "maybe" user from hejto.pl portal (ufw, redis, chmods etc.) Thank You! 188 | # V 1.3 - 30.01.2023 189 | # - fix PHP 8.1 installing 190 | # - more data stored to log for better error handling 191 | # V 1.2 - 23.01.2023 192 | # - some performance fixes (better support for large files) 193 | # V 1.1 - 04.08.2022 194 | # - added support for adding domain name as command line variable (with let's ecnrypt support) 195 | # - added crontab job for certbot (Let's encrypt) and some more description 196 | # V 1.0 - 20.06.2022 197 | # - initial version based on private install script (for EL) 198 | # 199 | # Future plans: 200 | # - add option to delete very old backups 201 | # - add High Performance Backend (HPB) for Nextcloud (Push Service) 202 | # - make backup of Nextcloud script (excluding users files) and database for recovery before upgrade (done with v1.11) 203 | # - add option to restore previosly created backup (done with v1.11). 204 | 205 | export LC_ALL=C 206 | 207 | ver=1.12 208 | cpu=$( uname -m ) 209 | user=$( whoami ) 210 | debvf=/etc/debian_version 211 | ubuvf=/etc/dpkg/origins/ubuntu 212 | 213 | if [[ $EUID -ne 0 ]]; then 214 | echo -e "You must be \e[38;5;214mroot\e[39;0m. Mission aborted!" 215 | echo -e "You are trying to start this script as: \e[1;31m$user\e[39;0m" 216 | unset LC_ALL 217 | exit 0 218 | fi 219 | 220 | if [ -e $debvf ] 221 | then 222 | if [ -e $ubuvf ] 223 | then 224 | ubuv=$( cat /etc/lsb-release | grep "Ubuntu " | awk -F '"' '{print $2}' ) 225 | unset debv 226 | debv=$ubuv 227 | ubu19=$( cat /etc/lsb-release | grep "Ubuntu 19" ) 228 | ubu20=$( cat /etc/lsb-release | grep "Ubuntu 20" ) 229 | ubu21=$( cat /etc/lsb-release | grep "Ubuntu 21" ) 230 | ubu22=$( cat /etc/lsb-release | grep "Ubuntu 22" ) 231 | ubu23=$( cat /etc/lsb-release | grep "Ubuntu 23" ) 232 | ubu24=$( cat /etc/lsb-release | grep "Ubuntu 24" ) 233 | ubu25=$( cat /etc/lsb-release | grep "Ubuntu 25" ) 234 | ubu26=$( cat /etc/lsb-release | grep "Ubuntu 26" ) 235 | ubu27=$( cat /etc/lsb-release | grep "Ubuntu 27" ) 236 | ubu28=$( cat /etc/lsb-release | grep "Ubuntu 28" ) 237 | else 238 | debv=$( cat $debvf ) 239 | fi 240 | fi 241 | elvf=/etc/redhat-release 242 | fedvf=/etc/fedora-release 243 | if [ -e $elvf ] 244 | then 245 | elv=$( cat $elvf ) 246 | rhel=$( cat /etc/redhat-release | grep "Red Hat Enterprise Linux" ) 247 | el6=$( cat /etc/redhat-release | grep "release 6" ) 248 | el7=$( cat /etc/redhat-release | grep "release 7" ) 249 | el8=$( cat /etc/redhat-release | grep "release 8" ) 250 | el9=$( cat /etc/redhat-release | grep "release 9" ) 251 | el10=$( cat /etc/redhat-release | grep "release 10" ) 252 | rhel10=$( cat /etc/redhat-release | grep "Red Hat Enterprise Linux release 10" ) 253 | el11=$( cat /etc/redhat-release | grep "release 11" ) 254 | rhel11=$( cat /etc/redhat-release | grep "Red Hat Enterprise Linux release 11" ) 255 | if [ -e $fedvf ] 256 | then 257 | fed36=$( cat /etc/redhat-release | grep "release 36" ) 258 | fed37=$( cat /etc/redhat-release | grep "release 37" ) 259 | fed38=$( cat /etc/redhat-release | grep "release 38" ) 260 | fed39=$( cat /etc/redhat-release | grep "release 39" ) 261 | fed40=$( cat /etc/redhat-release | grep "release 40" ) 262 | fed41=$( cat /etc/redhat-release | grep "release 41" ) 263 | fed42=$( cat /etc/redhat-release | grep "release 42" ) 264 | fed43=$( cat /etc/redhat-release | grep "release 43" ) 265 | fed44=$( cat /etc/redhat-release | grep "release 44" ) 266 | fi 267 | fi 268 | 269 | TTY=$(tty 2>/dev/null || echo "notty") 270 | TTY_SAN=$(echo "$TTY" | tr '/ ' '__') 271 | FNAME=$(basename "$0") 272 | MARKER="/tmp/.${FNAME}_rl_${TTY_SAN}" 273 | 274 | if [ ! -f "$MARKER" ]; then 275 | ORIG_CWD=$(pwd) 276 | 277 | case "$0" in 278 | /*) SCRIPT_PATH="$0" ;; 279 | *) SCRIPT_PATH="$ORIG_CWD/$0" ;; 280 | esac 281 | 282 | : > "$MARKER" || { 283 | echo "Error - cannot create file /tmp/$MARKER" >&2 284 | exit 1 285 | } 286 | 287 | exec su - root -c ' 288 | ORIG_CWD=$1 289 | SCRIPT_PATH=$2 290 | shift 2 291 | 292 | cd "$ORIG_CWD" || { 293 | echo "Error - cannot access $ORIG_CWD directory." >&2 294 | exit 1 295 | } 296 | 297 | exec "$SCRIPT_PATH" "$@" 298 | ' dummy "$ORIG_CWD" "$SCRIPT_PATH" -- "$@" 299 | fi 300 | 301 | trap 'rm -f "$MARKER"' EXIT 302 | trap 'rm -f "$MARKER"; exit 130' INT 303 | trap 'rm -f "$MARKER"; exit 143' TERM 304 | 305 | addr=$( hostname -I ) 306 | addr1=$( hostname -I | awk '{print $1}' ) 307 | cdir=$( pwd ) 308 | 309 | if [ -e $debvf ] 310 | then 311 | websrv_usr=www-data 312 | fi 313 | if [ -e $elvf ] 314 | then 315 | websrv_usr=apache 316 | fi 317 | lang="" 318 | mail="" 319 | dm="" 320 | nv="" 321 | fdir="" 322 | restore="" 323 | insl=/var/log/nextcloud-installer.log 324 | rstl=/var/log/nextcloud-ins-rst.log 325 | ver_file=/var/local/nextcloud-installer.ver 326 | nbckd=/var/local/nextcloud-installer-backups 327 | nbckf=nextcloud.tar 328 | scrpt=nextcloud-ins 329 | backup=false 330 | purge=false 331 | 332 | while [ "$#" -gt 0 ]; do 333 | case "$1" in 334 | -lang=*) lang="${1#*=}" ;; 335 | -mail=*) mail="${1#*=}" ;; 336 | -dm=*) dm="${1#*=}" ;; 337 | -nv=*) nv="${1#*=}" ;; 338 | -fdir=*) fdir="${1#*=}" ;; 339 | -restore=*) restore="${1#*=}" ;; 340 | -backup) backup=true ;; 341 | -purge) purge=true ;; 342 | *) 343 | echo "Unknown parameter: $1" >&2; 344 | echo "Remember to add one, or more variables after equals sign:"; 345 | echo -e "Eg. \e[1;32m-\e[39;0mmail\e[1;32m=\e[39;0mmail@example.com \e[1;32m-\e[39;0mlang\e[1;32m=\e[39;0mpl \e[1;32m-\e[39;0mdm\e[1;32m=\e[39;0mdomain.com \e[1;32m-\e[39;0mnv\e[1;32m=\e[39;0m24 \e[1;32m-\e[39;0mfdir\e[1;32m=\e[39;0m/mnt/sdc5/nextcloud-data"; 346 | echo "or in case of backup, restore and purge argument (used individually):"; 347 | echo -e "\e[1;32m-\e[39;0mbackup"; 348 | echo -e "\e[1;32m-\e[39;0mrestore\e[1;32m=\e[39;0mlist"; 349 | echo -e "\e[1;32m-\e[39;0mrestore\e[1;32m=\e[39;0mfilename-from-list.tar.bz2"; 350 | echo -e "\e[1;32m-\e[39;0m\e[1;31mpurge\e[39;0m"; 351 | exit 1 352 | ;; 353 | esac 354 | shift 355 | done 356 | 357 | # More complex tasks are functions now: 358 | function restart_websrv { 359 | if [ -e $debvf ] 360 | then 361 | systemctl stop apache2 >> $insl 2>&1 362 | fi 363 | if [ -e $elvf ] 364 | then 365 | systemctl stop httpd >> $insl 2>&1 366 | if [ -d /etc/opt/remi/php74 ] 367 | then 368 | systemctl stop php74-php-fpm >> $insl 2>&1 369 | rm -rf /var/opt/remi/php74/lib/php/opcache/* >> $insl 2>&1 370 | systemctl start php74-php-fpm >> $insl 2>&1 371 | fi 372 | fi 373 | if [ -d /etc/opt/remi/php81 ] 374 | then 375 | systemctl stop php81-php-fpm >> $insl 2>&1 376 | rm -rf /var/opt/remi/php81/lib/php/opcache/* >> $insl 2>&1 377 | systemctl start php81-php-fpm >> $insl 2>&1 378 | fi 379 | if [ -d /etc/opt/remi/php82 ] 380 | then 381 | systemctl stop php82-php-fpm >> $insl 2>&1 382 | rm -rf /var/opt/remi/php82/lib/php/opcache/* >> $insl 2>&1 383 | systemctl start php82-php-fpm >> $insl 2>&1 384 | fi 385 | if [ -d /etc/opt/remi/php83 ] 386 | then 387 | systemctl stop php83-php-fpm >> $insl 2>&1 388 | rm -rf /var/opt/remi/php83/lib/php/opcache/* >> $insl 2>&1 389 | systemctl start php83-php-fpm >> $insl 2>&1 390 | fi 391 | if [ -d /etc/opt/remi/php84 ] 392 | then 393 | systemctl stop php84-php-fpm >> $insl 2>&1 394 | rm -rf /var/opt/remi/php84/lib/php/opcache/* >> $insl 2>&1 395 | systemctl start php84-php-fpm >> $insl 2>&1 396 | fi 397 | if [ -d /etc/opt/remi/php85 ] 398 | then 399 | systemctl stop php85-php-fpm >> $insl 2>&1 400 | rm -rf /var/opt/remi/php85/lib/php/opcache/* >> $insl 2>&1 401 | systemctl start php85-php-fpm >> $insl 2>&1 402 | fi 403 | if [ -d /etc/opt/remi/php86 ] 404 | then 405 | systemctl stop php86-php-fpm >> $insl 2>&1 406 | rm -rf /var/opt/remi/php86/lib/php/opcache/* >> $insl 2>&1 407 | systemctl start php86-php-fpm >> $insl 2>&1 408 | fi 409 | if [ -e $elvf ] 410 | then 411 | systemctl start httpd >> $insl 2>&1 412 | fi 413 | if [ -e $debvf ] 414 | then 415 | systemctl start apache2 >> $insl 2>&1 416 | fi 417 | } 418 | 419 | function maintenance_window_setup { 420 | if grep -q "maintenance_window_start" "/var/www/nextcloud/config/config.php" 421 | then 422 | echo "!!!!!!! Maintenance window time already configured." >> $insl 2>&1 423 | else 424 | echo "!!!!!!! Adding maintenance window time inside NC config." >> $insl 2>&1 425 | sed -i "/installed' => true,/a\ \ 'maintenance_window_start' => '1'," /var/www/nextcloud/config/config.php 426 | fi 427 | } 428 | 429 | # Check if Nextcloud was updated with nv variable, and if yes, skip doing anything to not brake it. 430 | # This is version made for newer version of script, so it report that it was running under $ver_file. 431 | function nv_check_upd { 432 | echo "Older version of Nextcloud configured, skipping updates and exit." 433 | echo "Older version of Nextcloud configured, skipping updates and exit." >> $insl 2>&1 434 | echo -e "pver=$ver lang=$lang mail=$mail dm=$dm nv=$nv fdir=$fdir\n$( $ver_file 435 | echo -e "Version $ver was succesfully installed at $(date +%d-%m-%Y_%H:%M:%S)\n$( $ver_file 436 | mv $cdir/$scrpt.sh $scrpt-$(date +"%FT%H%M").sh 437 | unset LC_ALL 438 | exit 0 439 | } 440 | 441 | function nv_check_upd_cur { 442 | echo "Older version of Nextcloud configured, skipping updates and exit." 443 | echo "Older version of Nextcloud configured, skipping updates and exit." >> $insl 2>&1 444 | mv $cdir/$scrpt.sh $scrpt-$(date +"%FT%H%M").sh 445 | unset LC_ALL 446 | exit 0 447 | } 448 | 449 | function nv_upd_simpl { 450 | rm -rf /var/www/nextcloud/composer.lock >> $insl 2>&1 451 | rm -rf /var/www/nextcloud/package-lock.json >> $insl 2>&1 452 | rm -rf /var/www/nextcloud/package.json >> $insl 2>&1 453 | rm -rf /var/www/nextcloud/composer.json >> $insl 2>&1 454 | sudo -u $websrv_usr php /var/www/nextcloud/occ db:add-missing-indices >> $insl 2>&1 455 | sudo -u $websrv_usr php /var/www/nextcloud/updater/updater.phar --no-interaction >> $insl 2>&1 456 | sudo -u $websrv_usr php /var/www/nextcloud/occ upgrade >> $insl 2>&1 457 | sudo -u $websrv_usr php /var/www/nextcloud/occ maintenance:mode --off >> $insl 2>&1 458 | } 459 | 460 | function update_os { 461 | if [ -e $debvf ] 462 | then 463 | apt-get update -o DPkg::Lock::Timeout=-1 >> $insl 2>&1 && DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --force-yes -o Dpkg::Options::="--force-confold" -o DPkg::Lock::Timeout=-1 >> $insl 2>&1 && apt-get autoremove -y >> $insl 2>&1 464 | fi 465 | if [ -e $elvf ] 466 | then 467 | dnf update -y -q >> $insl 2>&1 468 | fi 469 | } 470 | 471 | function install_soft { 472 | echo "!!!!!!! Installing all needed standard packages." >> $insl 2>&1 473 | if [ -e $debvf ] 474 | then 475 | DEBIAN_FRONTEND=noninteractive apt-get install -y -o DPkg::Lock::Timeout=-1 git lbzip2 unzip zip lsb-release locales-all rsync wget curl sed screen gawk mc sudo net-tools ethtool vim nano apt-transport-https ca-certificates miniupnpc jq libfontconfig1 libfuse2 socat tree ffmpeg imagemagick webp libreoffice ghostscript bindfs >> $insl 2>&1 476 | # Package below do not appear in Debian 13 anymore 477 | DEBIAN_FRONTEND=noninteractive apt-get install -y -o DPkg::Lock::Timeout=-1 software-properties-common >> $insl 2>&1 478 | yes | sudo DEBIAN_FRONTEND=noninteractive apt-get -yqq -o DPkg::Lock::Timeout=-1 install ddclient >> $insl 2>&1 479 | fi 480 | if [ -e $elvf ] 481 | then 482 | if [ -e $fedvf ] 483 | then 484 | dnf install -y -q https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm >> $insl 2>&1 485 | dnf config-manager -y --enable fedora-cisco-openh264 >> $insl 2>&1 486 | else 487 | if [ -n "rhel" ] 488 | then 489 | subscription-manager repos --enable codeready-builder-for-rhel-$(rpm -E %rhel)-$(arch)-rpms >> $insl 2>&1 490 | dnf install -y -q https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm -E %rhel).noarch.rpm >> $insl 2>&1 491 | /usr/bin/crb enable >> $insl 2>&1 492 | dnf install -q --nogpgcheck https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm -y >> $insl 2>&1 493 | dnf install -q --nogpgcheck https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm -y >> $insl 2>&1 494 | else 495 | dnf -q config-manager --set-enabled crb >> $insl 2>&1 496 | dnf install -y -q epel-release >> $insl 2>&1 497 | dnf install -q --nogpgcheck https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm -y >> $insl 2>&1 498 | dnf install -q --nogpgcheck https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm -y >> $insl 2>&1 499 | fi 500 | fi 501 | dnf install -y -q git unzip bzip2 zip lsb-release rsync wget curl sed screen gawk mc sudo net-tools ethtool vim nano ca-certificates miniupnpc jq fontconfig-devel socat tree ffmpeg ImageMagick libwebp ghostscript >> $insl 2>&1 502 | dnf install -y -q dnf-utils dnf-plugins-core >> $insl 2>&1 503 | dnf update -y -q >> $insl 2>&1 504 | dnf install -y -q libreoffice >> $insl 2>&1 505 | dnf install -y -q ddclient >> $insl 2>&1 506 | dnf install -y -q lbzip2 >> $insl 2>&1 507 | dnf install -y -q openssl >> $insl 2>&1 508 | fi 509 | } 510 | 511 | function ins_php { 512 | if [ -e $debvf ] 513 | then 514 | if [ -e $ubuvf ] 515 | then 516 | add-apt-repository -y ppa:ondrej/php >> $insl 2>&1 517 | DEBIAN_FRONTEND=noninteractive 518 | else 519 | curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg >> $insl 2>&1 520 | sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' >> $insl 2>&1 521 | fi 522 | apt-get update >> $insl 2>&1 523 | apt-get install -y -o DPkg::Lock::Timeout=-1 php$dpv libapache2-mod-php$dpv php$dpv-mysql php$dpv-common php$dpv-redis php$dpv-dom php$dpv-curl php$dpv-exif php$dpv-fileinfo php$dpv-bcmath php$dpv-gmp php$dpv-imagick php$dpv-mbstring php$dpv-xml php$dpv-zip php$dpv-iconv php$dpv-intl php$dpv-simplexml php$dpv-xmlreader php$dpv-ftp php$dpv-ssh2 php$dpv-sockets php$dpv-gd php$dpv-imap php$dpv-soap php$dpv-xmlrpc php$dpv-apcu php$dpv-dev php$dpv-cli >> $insl 2>&1 524 | apt-get install -y -o DPkg::Lock::Timeout=-1 libmagickcore-6.q16-6-extra >> $insl 2>&1 525 | apt-get install -y -o DPkg::Lock::Timeout=-1 libmagickcore-7.q16-10-extra >> $insl 2>&1 526 | apt-get install -y -o DPkg::Lock::Timeout=-1 php$dpv-bz2 >> $insl 2>&1 527 | fi 528 | if [ -e $elvf ] 529 | then 530 | if [ "$epv" = "81" ] 531 | then 532 | dnf remove -y -q php74-syspaths php74-mod_php >> $insl 2>&1 533 | fi 534 | if [ "$epv" = "82" ] 535 | then 536 | dnf remove -y -q php74-syspaths php74-mod_php >> $insl 2>&1 537 | dnf remove -y -q php81-syspaths php81-mod_php >> $insl 2>&1 538 | fi 539 | if [ "$epv" = "83" ] 540 | then 541 | dnf remove -y -q php74-syspaths php74-mod_php >> $insl 2>&1 542 | dnf remove -y -q php81-syspaths php81-mod_php >> $insl 2>&1 543 | dnf remove -y -q php82-syspaths php82-mod_php >> $insl 2>&1 544 | fi 545 | if [ "$epv" = "84" ] 546 | then 547 | dnf remove -y -q php74-syspaths php74-mod_php >> $insl 2>&1 548 | dnf remove -y -q php81-syspaths php81-mod_php >> $insl 2>&1 549 | dnf remove -y -q php82-syspaths php82-mod_php >> $insl 2>&1 550 | dnf remove -y -q php82-syspaths php83-mod_php >> $insl 2>&1 551 | fi 552 | if [ -e $fedvf ] 553 | then 554 | dnf install -y -q https://rpms.remirepo.net/fedora/remi-release-$(rpm -E %fedora).rpm >> $insl 2>&1 555 | dnf config-manager --set-enabled remi >> $insl 2>&1 556 | else 557 | dnf install -y -q https://rpms.remirepo.net/enterprise/remi-release-$(rpm -E %rhel).rpm >> $insl 2>&1 558 | fi 559 | dnf install -y -q php$epv php$epv-php-apcu php$epv-php-opcache php$epv-php-mysql php$epv-php-bcmath php$epv-php-common php$epv-php-geos php$epv-php-gmp php$epv-php-pecl-imagick-im7 php$epv-php-pecl-lzf php$epv-php-pecl-mcrypt php$epv-php-pecl-recode php$epv-php-process php$epv-php-zstd php$epv-php-redis php$epv-php-dom php$epv-php-curl php$epv-php-exif php$epv-php-fileinfo php$epv-php-mbstring php$epv-php-xml php$epv-php-zip php$epv-php-iconv php$epv-php-intl php$epv-php-simplexml php$epv-php-xmlreader php$epv-php-ftp php$epv-php-ssh2 php$epv-php-sockets php$epv-php-gd php$epv-php-imap php$epv-php-soap php$epv-php-xmlrpc php$epv-php-apcu php$epv-php-cli php$epv-php-ast php$epv-php-brotli php$epv-php-enchant php$epv-php-ffi php$epv-php-lz4 php$epv-php-phalcon5 php$epv-php-phpiredis php$epv-php-smbclient php$epv-php-tidy php$epv-php-xz >> $insl 2>&1 560 | dnf install -y -q php$epv-syspaths php$epv-mod_php >> $insl 2>&1 561 | ln -s /var/opt/remi/php$epv/log/php-fpm /var/log/php$epv-fpm >> $insl 2>&1 562 | fi 563 | unset dpv 564 | unset epv 565 | } 566 | 567 | function install_php74 { 568 | dpv=7.4 569 | epv=74 570 | ins_php 571 | } 572 | 573 | function install_php81 { 574 | dpv=8.1 575 | epv=81 576 | ins_php 577 | } 578 | 579 | function install_php82 { 580 | dpv=8.2 581 | epv=82 582 | ins_php 583 | } 584 | 585 | function install_php83 { 586 | dpv=8.3 587 | epv=83 588 | ins_php 589 | } 590 | 591 | function install_php84 { 592 | dpv=8.4 593 | epv=84 594 | ins_php 595 | } 596 | 597 | function install_php85 { 598 | dpv=8.5 599 | epv=85 600 | ins_php 601 | } 602 | 603 | function install_php86 { 604 | dpv=8.6 605 | epv=86 606 | ins_php 607 | } 608 | 609 | # This is function for installing currently used latest version of PHP. 610 | function install_php { 611 | install_php84 612 | } 613 | 614 | # Check and add http2 support to Apache. 615 | function add_http2 { 616 | if [ -e $debvf ] 617 | then 618 | if grep -q "Protocols" "/etc/apache2/sites-available/nextcloud.conf" 619 | then 620 | echo "!!!!!!! HTTP2 already inside vhost config." >> $insl 2>&1 621 | else 622 | echo "!!!!!!! HTTP2 adding to vhost." >> $insl 2>&1 623 | sed -i "/LimitRequestBody 0/a\ \ H2WindowSize 5242880" /etc/apache2/sites-available/nextcloud.conf 624 | sed -i "/LimitRequestBody 0/a\ \ ProtocolsHonorOrder Off" /etc/apache2/sites-available/nextcloud.conf 625 | sed -i "/LimitRequestBody 0/a\ \ Protocols h2 h2c http/1.1" /etc/apache2/sites-available/nextcloud.conf 626 | fi 627 | fi 628 | } 629 | 630 | function preview_tweaks { 631 | echo "!!!!!!! Preview thumbnails tweaking in NC." >> $insl 2>&1 632 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\PNG" >> $insl 2>&1 633 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 1 --value="OC\\Preview\\JPEG" >> $insl 2>&1 634 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 2 --value="OC\\Preview\\GIF" >> $insl 2>&1 635 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 3 --value="OC\\Preview\\BMP" >> $insl 2>&1 636 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 4 --value="OC\\Preview\\XBitmap" >> $insl 2>&1 637 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 5 --value="OC\\Preview\\MP3" >> $insl 2>&1 638 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 6 --value="OC\\Preview\\TXT" >> $insl 2>&1 639 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 7 --value="OC\\Preview\\MarkDown" >> $insl 2>&1 640 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 8 --value="OC\\Preview\\OpenDocument" >> $insl 2>&1 641 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 9 --value="OC\\Preview\\Krita" >> $insl 2>&1 642 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 10 --value="OC\\Preview\\Illustrator" >> $insl 2>&1 643 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 11 --value="OC\\Preview\\HEIC" >> $insl 2>&1 644 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 12 --value="OC\\Preview\\HEIF" >> $insl 2>&1 645 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 13 --value="OC\\Preview\\Movie" >> $insl 2>&1 646 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 14 --value="OC\\Preview\\MSOffice2003" >> $insl 2>&1 647 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 15 --value="OC\\Preview\\MSOffice2007" >> $insl 2>&1 648 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 16 --value="OC\\Preview\\MSOfficeDoc" >> $insl 2>&1 649 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 17 --value="OC\\Preview\\PDF" >> $insl 2>&1 650 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 18 --value="OC\\Preview\\Photoshop" >> $insl 2>&1 651 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 19 --value="OC\\Preview\\Postscript" >> $insl 2>&1 652 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 20 --value="OC\\Preview\\StarOffice" >> $insl 2>&1 653 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 21 --value="OC\\Preview\\SVG" >> $insl 2>&1 654 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 22 --value="OC\\Preview\\TIFF" >> $insl 2>&1 655 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 23 --value="OC\\Preview\\WEBP" >> $insl 2>&1 656 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 24 --value="OC\\Preview\\EMF" >> $insl 2>&1 657 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 25 --value="OC\\Preview\\Font" >> $insl 2>&1 658 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enabledPreviewProviders 26 --value="OC\\Preview\\Image" >> $insl 2>&1 659 | if [ -e $debvf ] 660 | then 661 | if [ -e /etc/ImageMagick-6/policy.xml ] 662 | then 663 | sed -i 's/\(^ *\)/\1read|write\3/1' /etc/ImageMagick-6/policy.xml 664 | sed -i 's/\(^ *\)/\1read|write\3/1' /etc/ImageMagick-6/policy.xml 665 | sed -i 's/\(^ *\)/\1read|write\3/1' /etc/ImageMagick-6/policy.xml 666 | sed -i 's/\(^ *\)/\1read|write\3/1' /etc/ImageMagick-6/policy.xml 667 | sed -i 's/\(^ *\)/\1read|write\3/1' /etc/ImageMagick-6/policy.xml 668 | fi 669 | if [ -e /etc/ImageMagick-7/policy.xml ] 670 | then 671 | sed -i 's/\(^ *\)/\1read|write\3/1' /etc/ImageMagick-7/policy.xml 672 | sed -i 's/\(^ *\)/\1read|write\3/1' /etc/ImageMagick-7/policy.xml 673 | sed -i 's/\(^ *\)/\1read|write\3/1' /etc/ImageMagick-7/policy.xml 674 | sed -i 's/\(^ *\)/\1read|write\3/1' /etc/ImageMagick-7/policy.xml 675 | sed -i 's/\(^ *\)/\1read|write\3/1' /etc/ImageMagick-7/policy.xml 676 | fi 677 | fi 678 | } 679 | 680 | function gen_phpini { 681 | echo ";Configuration for Nextcloud 682 | ;Made by Nextcloud Installer Script - https://www.marcinwilk.eu/projects/linux-scripts/nextcloud-debian-install/ 683 | apc.enable_cli=1 684 | opcache.enable_cli=1 685 | opcache.interned_strings_buffer=64 686 | opcache.max_accelerated_files=20000 687 | opcache.memory_consumption=256 688 | opcache.save_comments=1 689 | opcache.enable=1 690 | mysqli.cache_size = 2000 691 | 692 | memory_limit = 1024M 693 | upload_max_filesize = 16G 694 | post_max_size = 16G 695 | max_file_uploads = 200 696 | max_input_vars = 3000 697 | max_input_time = 3600 698 | max_execution_time = 3600 699 | default_socket_timeout = 3600 700 | output_buffering = Off" >> $php_ini 701 | unset dpvi 702 | unset epvi 703 | } 704 | 705 | function pvi { 706 | echo "!!!!!!! PHP $dpvi config create." >> $insl 2>&1 707 | if [ -e $debvf ] 708 | then 709 | touch /etc/php/$dpvi/mods-available/nextcloud-cfg.ini 710 | php_ini=/etc/php/$dpvi/mods-available/nextcloud-cfg.ini 711 | ln -s /etc/php/$dpvi/mods-available/nextcloud-cfg.ini /etc/php/$dpvi/apache2/conf.d/90-nextcloud-cfg.ini >> $insl 2>&1 712 | ln -s /etc/php/$dpvi/mods-available/nextcloud-cfg.ini /etc/php/$dpvi/cli/conf.d/90-nextcloud-cfg.ini >> $insl 2>&1 713 | fi 714 | if [ -e $elvf ] 715 | then 716 | touch /etc/opt/remi/php$epvi/php.d/90-nextcloud-cfg.ini 717 | php_ini=/etc/opt/remi/php$epvi/php.d/90-nextcloud-cfg.ini 718 | fi 719 | } 720 | 721 | function php74_tweaks { 722 | dpvi=7.4 723 | epvi=74 724 | pvi 725 | gen_phpini 726 | restart_websrv 727 | } 728 | 729 | function php81_tweaks { 730 | dpvi=8.1 731 | epvi=81 732 | pvi 733 | gen_phpini 734 | a2dismod php7.4 >> $insl 2>&1 735 | a2enmod php8.1 >> $insl 2>&1 736 | restart_websrv 737 | } 738 | 739 | function php82_tweaks { 740 | dpvi=8.2 741 | epvi=82 742 | pvi 743 | gen_phpini 744 | a2dismod php7.4 >> $insl 2>&1 745 | a2dismod php8.1 >> $insl 2>&1 746 | a2enmod php8.2 >> $insl 2>&1 747 | restart_websrv 748 | } 749 | 750 | function php83_tweaks { 751 | dpvi=8.3 752 | epvi=83 753 | pvi 754 | gen_phpini 755 | a2dismod php7.4 >> $insl 2>&1 756 | a2dismod php8.1 >> $insl 2>&1 757 | a2dismod php8.2 >> $insl 2>&1 758 | a2enmod php8.3 >> $insl 2>&1 759 | restart_websrv 760 | } 761 | 762 | function php84_tweaks { 763 | dpvi=8.4 764 | epvi=84 765 | pvi 766 | gen_phpini 767 | a2dismod php7.4 >> $insl 2>&1 768 | a2dismod php8.1 >> $insl 2>&1 769 | a2dismod php8.2 >> $insl 2>&1 770 | a2dismod php8.3 >> $insl 2>&1 771 | a2enmod php8.4 >> $insl 2>&1 772 | restart_websrv 773 | } 774 | 775 | function php85_tweaks { 776 | dpvi=8.5 777 | epvi=85 778 | pvi 779 | gen_phpini 780 | a2dismod php7.4 >> $insl 2>&1 781 | a2dismod php8.1 >> $insl 2>&1 782 | a2dismod php8.2 >> $insl 2>&1 783 | a2dismod php8.3 >> $insl 2>&1 784 | a2dismod php8.4 >> $insl 2>&1 785 | a2enmod php8.5 >> $insl 2>&1 786 | restart_websrv 787 | } 788 | 789 | function php86_tweaks { 790 | dpvi=8.6 791 | epvi=86 792 | pvi 793 | gen_phpini 794 | a2dismod php7.4 >> $insl 2>&1 795 | a2dismod php8.1 >> $insl 2>&1 796 | a2dismod php8.2 >> $insl 2>&1 797 | a2dismod php8.3 >> $insl 2>&1 798 | a2dismod php8.4 >> $insl 2>&1 799 | a2dismod php8.5 >> $insl 2>&1 800 | a2enmod php8.6 >> $insl 2>&1 801 | restart_websrv 802 | } 803 | 804 | # This are tweaks for currently latest verion used. 805 | function php_tweaks { 806 | php84_tweaks 807 | } 808 | 809 | function save_version_info { 810 | echo -e "pver=$ver lang=$lang mail=$mail dm=$dm nv=$nv fdir=$fdir\n$( $ver_file 811 | echo -e "Version $ver was succesfully installed at $(date +%d-%m-%Y_%H:%M:%S)\n$( $ver_file 812 | } 813 | 814 | function save_upg_info { 815 | echo -e "pver=$ver lang=$lang mail=$mail dm=$dm nv=$nv fdir=$fdir\n$( $ver_file 816 | echo -e "Succesfully upgraded to $ver at $(date +%d-%m-%Y_%H:%M:%S)\n$( $ver_file 817 | } 818 | 819 | function disable_sleep { 820 | echo "!!!!!!! Disabling sleep states." >> $insl 2>&1 821 | echo "Disabling sleep states." 822 | systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target >> $insl 2>&1 823 | } 824 | 825 | # Check if nv option was used for every version, and exit without progress. 826 | function nv_verify { 827 | if [ "$nv" = "24" ] 828 | then 829 | nv_check_upd 830 | fi 831 | if [ "$nv" = "25" ] 832 | then 833 | nv_check_upd 834 | fi 835 | if [ "$nv" = "26" ] 836 | then 837 | nv_check_upd 838 | fi 839 | if [ "$nv" = "27" ] 840 | then 841 | nv_check_upd 842 | fi 843 | if [ "$nv" = "28" ] 844 | then 845 | maintenance_window_setup 846 | nv_check_upd 847 | fi 848 | if [ "$nv" = "29" ] 849 | then 850 | nv_check_upd 851 | fi 852 | if [ "$nv" = "30" ] 853 | then 854 | nv_check_upd 855 | fi 856 | if [ "$nv" = "31" ] 857 | then 858 | nv_check_upd 859 | fi 860 | if [ "$nv" = "32" ] 861 | then 862 | nv_check_upd 863 | fi 864 | if [ "$nv" = "33" ] 865 | then 866 | nv_check_upd 867 | fi 868 | if [ "$nv" = "34" ] 869 | then 870 | nv_check_upd 871 | fi 872 | } 873 | 874 | # Unset nver variable and read fresh value 875 | function sncver { 876 | unset ncver 877 | ncver=$( sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:get version | awk -F '.' '{print $1}' ) 878 | } 879 | 880 | function ncverf { 881 | unset ncverf 882 | ncverf=$( sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:get version ) 883 | } 884 | 885 | # Check for every version and update it one by one. 886 | function nv_update { 887 | sncver 888 | if [ "$ncver" = "24" ] 889 | then 890 | nv_upd_simpl 891 | fi 892 | sncver 893 | if [ "$ncver" = "24" ] 894 | then 895 | nv_upd_simpl 896 | fi 897 | sncver 898 | if [ "$ncver" = "24" ] 899 | then 900 | nv_upd_simpl 901 | fi 902 | sncver 903 | if [ "$ncver" = "25" ] 904 | then 905 | nv_upd_simpl 906 | fi 907 | sncver 908 | if [ "$ncver" = "25" ] 909 | then 910 | install_php81 911 | php81_tweaks 912 | nv_upd_simpl 913 | fi 914 | sncver 915 | if [ "$ncver" = "25" ] 916 | then 917 | nv_upd_simpl 918 | fi 919 | sncver 920 | if [ "$ncver" = "26" ] 921 | then 922 | nv_upd_simpl 923 | fi 924 | sncver 925 | if [ "$ncver" = "26" ] 926 | then 927 | nv_upd_simpl 928 | fi 929 | sncver 930 | if [ "$ncver" = "26" ] 931 | then 932 | nv_upd_simpl 933 | fi 934 | sncver 935 | if [ "$ncver" = "27" ] 936 | then 937 | install_php82 938 | php82_tweaks 939 | nv_upd_simpl 940 | fi 941 | sncver 942 | if [ "$ncver" = "27" ] 943 | then 944 | nv_upd_simpl 945 | fi 946 | sncver 947 | if [ "$ncver" = "27" ] 948 | then 949 | nv_upd_simpl 950 | fi 951 | sncver 952 | if [ "$ncver" = "28" ] 953 | then 954 | install_php82 955 | php82_tweaks 956 | nv_upd_simpl 957 | fi 958 | sncver 959 | if [ "$ncver" = "28" ] 960 | then 961 | nv_upd_simpl 962 | fi 963 | sncver 964 | if [ "$ncver" = "28" ] 965 | then 966 | nv_upd_simpl 967 | fi 968 | sncver 969 | if [ "$ncver" = "29" ] 970 | then 971 | install_php83 972 | php83_tweaks 973 | nv_upd_simpl 974 | fi 975 | sncver 976 | if [ "$ncver" = "29" ] 977 | then 978 | nv_upd_simpl 979 | fi 980 | sncver 981 | if [ "$ncver" = "29" ] 982 | then 983 | nv_upd_simpl 984 | fi 985 | sncver 986 | if [ "$ncver" = "30" ] 987 | then 988 | nv_upd_simpl 989 | fi 990 | sncver 991 | if [ "$ncver" = "30" ] 992 | then 993 | install_php83 994 | php83_tweaks 995 | nv_upd_simpl 996 | fi 997 | sncver 998 | if [ "$ncver" = "30" ] 999 | then 1000 | nv_upd_simpl 1001 | fi 1002 | sncver 1003 | if [ "$ncver" = "30" ] 1004 | then 1005 | nv_upd_simpl 1006 | fi 1007 | sncver 1008 | if [ "$ncver" = "30" ] 1009 | then 1010 | nv_upd_simpl 1011 | fi 1012 | sncver 1013 | if [ "$ncver" = "31" ] 1014 | then 1015 | install_php84 1016 | php84_tweaks 1017 | nv_upd_simpl 1018 | fi 1019 | sncver 1020 | if [ "$ncver" = "31" ] 1021 | then 1022 | nv_upd_simpl 1023 | fi 1024 | sncver 1025 | if [ "$ncver" = "31" ] 1026 | then 1027 | nv_upd_simpl 1028 | fi 1029 | sncver 1030 | if [ "$ncver" = "32" ] 1031 | then 1032 | install_php84 1033 | php84_tweaks 1034 | nv_upd_simpl 1035 | fi 1036 | sncver 1037 | if [ "$ncver" = "32" ] 1038 | then 1039 | nv_upd_simpl 1040 | fi 1041 | sncver 1042 | if [ "$ncver" = "32" ] 1043 | then 1044 | nv_upd_simpl 1045 | fi 1046 | sncver 1047 | if [ "$ncver" = "32" ] 1048 | then 1049 | nv_upd_simpl 1050 | fi 1051 | sncver 1052 | if [ "$ncver" = "33" ] 1053 | then 1054 | nv_upd_simpl 1055 | fi 1056 | sncver 1057 | if [ "$ncver" = "33" ] 1058 | then 1059 | nv_upd_simpl 1060 | fi 1061 | sncver 1062 | if [ "$ncver" = "33" ] 1063 | then 1064 | nv_upd_simpl 1065 | fi 1066 | sncver 1067 | if [ "$ncver" = "34" ] 1068 | then 1069 | nv_upd_simpl 1070 | fi 1071 | sncver 1072 | if [ "$ncver" = "34" ] 1073 | then 1074 | nv_upd_simpl 1075 | fi 1076 | sncver 1077 | if [ "$ncver" = "34" ] 1078 | then 1079 | nv_upd_simpl 1080 | fi 1081 | } 1082 | 1083 | # Office Package Installing 1084 | # Currently disabled since no multiple domains support 1085 | function collab_inst { 1086 | echo "!!!!!!! Collabora Office installing." >> $insl 2>&1 1087 | echo "Installing Collabora CODE and Nextcloud Office application." >> $insl 2>&1 1088 | wget https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg --directory-prefix=/usr/share/keyrings/ >> $insl 2>&1 1089 | echo "Types: deb 1090 | URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb 1091 | Suites: ./ 1092 | Signed-By: /usr/share/keyrings/collaboraonline-release-keyring.gpg" >> /etc/apt/sources.list.d/collaboraonline.sources 1093 | echo "deb http://deb.debian.org/debian bookworm contrib non-free" > /etc/apt/sources.list.d/contrib.list 1094 | apt-get update >> $insl 2>&1 1095 | apt-get install -y -o DPkg::Lock::Timeout=-1 ttf-mscorefonts-installer coolwsd code-brand collaboraoffice-dict-en collaboraofficebasis-pl collaboraoffice-dict-pl >> $insl 2>&1 1096 | 1097 | mkdir -p /opt/collaborassl/ >> $insl 2>&1 1098 | openssl genrsa -out /opt/collaborassl/root.key.pem 2048 >> $insl 2>&1 1099 | openssl req -x509 -new -nodes -key /opt/collaborassl/root.key.pem -days 9131 -out /opt/collaborassl/root.crt.pem -subj "/C=NX/ST=Internet/L=Unknown/O=Nextcloud/CN=Office Service" >> $insl 2>&1 1100 | 1101 | openssl genrsa -out "/opt/collaborassl/privkey.pem" 2048 1102 | openssl req -key "/opt/collaborassl/privkey.pem" -new -sha256 -out "/opt/collaborassl/privkey.csr.pem" -subj "/C=NX/ST=Internet/L=Unknown/O=Nextcloud/CN=Office Service" >> $insl 2>&1 1103 | openssl x509 -req -in /opt/collaborassl/privkey.csr.pem -CA /opt/collaborassl/root.crt.pem -CAkey /opt/collaborassl/root.key.pem -CAcreateserial -out /opt/collaborassl/cert.pem -days 9131 >> $insl 2>&1 1104 | chown cool:cool /opt/collaborassl/* >> $insl 2>&1 1105 | mv /opt/collaborassl/privkey.pem /etc/coolwsd/key.pem >> $insl 2>&1 1106 | mv /opt/collaborassl/cert.pem /etc/coolwsd/cert.pem >> $insl 2>&1 1107 | mv /opt/collaborassl/root.crt.pem /etc/coolwsd/ca-chain.cert.pem >> $insl 2>&1 1108 | 1109 | coolconfig set ssl.ssl_verififcation false >> $insl 2>&1 1110 | coolconfig set ssl.termination true >> $insl 2>&1 1111 | coolconfig set logging.disable_server_audit true >> $insl 2>&1 1112 | coolconfig set admin_console.username SuperAdmin >> $insl 2>&1 1113 | coolconfig set admin_console.password $mp2 >> $insl 2>&1 1114 | # coolconfig set admin_console.password testingconsole 1115 | # coolconfig set ssl.enable true >> $insl 2>&1 1116 | # coolconfig set storage.wopi.host $(hostname) >> $insl 2>&1 1117 | coolconfig set net.post_allow.host "192\.168\.[0-9]{1,3}\.[0-9]{1,3}" >> $insl 2>&1 1118 | coolconfig update-system-template >> $insl 2>&1 1119 | ufw allow 9980/tcp >> $insl 2>&1 1120 | systemctl enable coolwsd >> $insl 2>&1 1121 | systemctl restart coolwsd >> $insl 2>&1 1122 | echo "!!!!!!! Collabora Office checking." >> $insl 2>&1 1123 | curl -v https://127.0.0.1:9980/hosting/discovery >> $insl 2>&1 1124 | 1125 | # Debian (nie ma na razie wersji RH) 1126 | # a2enmod proxy 1127 | # a2enmod proxy_http 1128 | # a2enmod proxy_connect 1129 | # a2enmod proxy_wstunnel 1130 | # echo ' AllowEncodedSlashes NoDecode 1131 | # SSLProxyEngine On 1132 | # ProxyPreserveHost On 1133 | # SSLProxyVerify None 1134 | # SSLProxyCheckPeerCN Off 1135 | # SSLProxyCheckPeerName Off 1136 | # 1137 | # ProxyPass /browser https://127.0.0.1:9980/browser retry=0 1138 | # ProxyPassReverse /browser https://127.0.0.1:9980/browser 1139 | 1140 | # ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0 1141 | # ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery 1142 | 1143 | # ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0 1144 | # ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities 1145 | 1146 | # ProxyPassMatch "/cool/(.*)/ws$" ws://127.0.0.1:9980/cool/$1/ws nocanon 1147 | # ProxyPass /cool/adminws ws://127.0.0.1:9980/cool/adminws 1148 | 1149 | # ProxyPass /cool https://127.0.0.1:9980/cool 1150 | # ProxyPassReverse /cool https://127.0.0.1:9980/cool 1151 | 1152 | # ProxyPass /lool https://127.0.0.1:9980/cool 1153 | # ProxyPassReverse /lool https://127.0.0.1:9980/cool' >> /etc/apache2/conf-available/coolwsd-nc-ssl.conf 1154 | # sed -i "/SSLCertificateKeyFile/a \\ Include \"conf-available/coolwsd-nc-ssl.conf\"" /etc/apache2/sites-available/nextcloud.conf 1155 | systemctl restart apache2 1156 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:install richdocuments >> $insl 2>&1 1157 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:app:set --value="yes" richdocuments disable_certificate_verification >> $insl 2>&1 1158 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:app:set --value="https://$addr1:9980" richdocuments wopi_url >> $insl 2>&1 1159 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:app:set --value="https://$addr1:9980" richdocuments public_wopi_url >> $insl 2>&1 1160 | } 1161 | 1162 | function ooffice_inst { 1163 | echo "Docker installation processing." >> $insl 2>&1 1164 | for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg >> $insl 2>&1; done 1165 | install -m 0755 -d /etc/apt/keyrings 1166 | curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc 1167 | chmod a+r /etc/apt/keyrings/docker.asc 1168 | echo \ 1169 | "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ 1170 | $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ 1171 | tee /etc/apt/sources.list.d/docker.list >> $insl 2>&1 1172 | apt-get update >> $insl 2>&1 && apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin >> $insl 2>&1 1173 | echo "Installing OO" >> $insl 2>&1 1174 | docker pull ghcr.io/thomisus/onlyoffice-documentserver-unlimited:latest 1175 | mkdir /root/onlyoffice 1176 | touch /root/onlyoffice/.env 1177 | echo "SSL_VERIFY_CLIENT=FALSE" >> /root/onlyoffice/.env 1178 | echo "SECURE_LINK_SECRET=RandomSecretKey" >> /root/onlyoffice/.env 1179 | echo "JWT_SECRET=RandomSecretKey" >> /root/onlyoffice/.env 1180 | echo "USE_UNAUTHORIZED_STORAGE=TRUE" >> /root/onlyoffice/.env 1181 | 1182 | touch /opt/open_ssl2.conf 1183 | echo '[req] 1184 | distinguished_name = req_distinguished_name 1185 | prompt = no 1186 | [req_distinguished_name] 1187 | C = NX 1188 | ST = Internet 1189 | L = Unknown 1190 | O = Nextcloud 1191 | OU = NAS 1192 | CN = Office Service' >> /opt/open_ssl2.conf 1193 | mkdir -p /app/onlyoffice/DocumentServer/data/certs 1194 | openssl genrsa -out /app/onlyoffice/DocumentServer/data/certs/tls.key 2048 1195 | openssl req -new -config /opt/open_ssl2.conf -key /app/onlyoffice/DocumentServer/data/certs/tls.key -out /app/onlyoffice/DocumentServer/data/certs/tls.csr 1196 | openssl x509 -req -days 4096 -in /app/onlyoffice/DocumentServer/data/certs/tls.csr -signkey /app/onlyoffice/DocumentServer/data/certs/tls.key -out /app/onlyoffice/DocumentServer/data/certs/tls.crt 1197 | openssl dhparam -out /app/onlyoffice/DocumentServer/data/certs/dhparam.pem 2048 1198 | ufw allow 9080/tcp >> $insl 2>&1 1199 | ufw allow 9443/tcp >> $insl 2>&1 1200 | # docker run -i -t -d -p 9443:443 --env-file /root/onlyoffice/.env -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice ghcr.io/thomisus/onlyoffice-documentserver-unlimited 1201 | docker run -i -t -d -p 9443:443 -p 9080:80 -e ssl_verify_client='false' -e use_unauthorized_storage='true' -e allow_private_ip_address='true' -e secure_link_secret='sekret' -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice ghcr.io/thomisus/onlyoffice-documentserver-unlimited 1202 | # wget https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/docker-compose.yml 1203 | # 1204 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:install onlyoffice >> $insl 2>&1 1205 | } 1206 | 1207 | function ncbackup { 1208 | if [ -e "/var/www/nextcloud" ]; then 1209 | echo "!!!!!!! Creating backup." >> $rstl 2>&1 1210 | echo "Creating backup - it may take some time, please wait." 1211 | echo "Check if directory for backup exist, and create it if not." >> $rstl 2>&1 1212 | mkdir $nbckd >> $rstl 2>&1 1213 | ncverf 1214 | echo "Backing up database." >> $rstl 2>&1 1215 | echo "Backing up database." 1216 | dbname=$(grep "dbname" "/var/www/nextcloud/config/config.php" | awk -F"'" '{print $4}') 1217 | dbpassword=$(grep "dbpassword" "/var/www/nextcloud/config/config.php" | awk -F"'" '{print $4}') 1218 | dbuser=$(grep "dbuser" "/var/www/nextcloud/config/config.php" | awk -F"'" '{print $4}') 1219 | mysqldump -u $dbuser -p$dbpassword $dbname > /var/www/nextcloud/nextcloud.sql 1220 | 1221 | echo "Backing up Nextcloud directory - excluding files stored by users!" >> $rstl 2>&1 1222 | echo "Backing up Nextcloud directory - excluding files stored by users!" 1223 | rm -rf $nbckd/$nbckf >> $rstl 2>&1 1224 | tar -pcf $nbckd/$nbckf --exclude="/var/www/nextcloud/data" /var/www/nextcloud >> $rstl 2>&1 1225 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/.h* >> $rstl 2>&1 1226 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/.o* >> $rstl 2>&1 1227 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/audit.log >> $rstl 2>&1 1228 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/index.* >> $rstl 2>&1 1229 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/nextcloud.log >> $rstl 2>&1 1230 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/updater.log >> $rstl 2>&1 1231 | tar -rpf $nbckd/$nbckf --exclude="preview" /var/www/nextcloud/data/appdata_* >> $rstl 2>&1 1232 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/bridge-bot >> $rstl 2>&1 1233 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/files_external >> $rstl 2>&1 1234 | tar -rpf $nbckd/$nbckf --exclude="backups" /var/www/nextcloud/data/updater-* >> $rstl 2>&1 1235 | 1236 | echo "Compressing backup." >> $rstl 2>&1 1237 | echo "Compressing backup." 1238 | lbzip2 -k -z -9 $nbckd/$nbckf 1239 | rm -rf $nbckd/$nbckf 1240 | if $purge; then 1241 | mv $nbckd/nextcloud.tar.bz2 $nbckd/$(date +%Y-%m-%d-at-%H:%M:%S)-PURGED-nc-v$ncverf.tar.bz2 1242 | else 1243 | mv $nbckd/nextcloud.tar.bz2 $nbckd/$(date +%Y-%m-%d-at-%H:%M:%S)-nc-v$ncverf.tar.bz2 1244 | fi 1245 | rm -rf /var/www/nextcloud/nextcloud.sql >> $rstl 2>&1 1246 | echo "Backup creation finished." >> $rstl 2>&1 1247 | echo "Backup creation finished." 1248 | else 1249 | echo "No Nextcloud found to backup. Exiting." 1250 | fi 1251 | } 1252 | 1253 | function ncrestore { 1254 | echo "Nextcloud installer $ver (www.marcinwilk.eu) started. RESTORE MODE." >> $rstl 2>&1 1255 | date >> $rstl 2>&1 1256 | echo "---------------------------------------------------------------------------" >> $rstl 2>&1 1257 | if [ "$restore" = "list" ]; then 1258 | echo "Backup files that can be used as argument to do restore (eg. nextcloud-ins.sh -restore=filename.tar.bz2):" 1259 | mkdir $nbckd >> $rstl 2>&1 1260 | ls -1 $nbckd/ 1261 | echo "Listing files for restore process:" >> $rstl 2>&1 1262 | ls -1 $nbckd/ >> $rstl 2>&1 1263 | else 1264 | if [ -e "$nbckd/$restore" ]; then 1265 | echo "Printing informations for user." >> $rstl 2>&1 1266 | echo "Trying to restore Nextcloud files and it's database from selected backup file." 1267 | echo "It will not restore users data or software upgraded inside operating system (like PHP vetrsion)." 1268 | echo "So you may need to revert some changes in operating system by yourself." 1269 | echo "" 1270 | echo "You may now cancel this script with CRTL+C," 1271 | echo "or wait 20 seconds so it will try to restore files" 1272 | echo "from backup file that you've selected as restore argument." 1273 | echo "" 1274 | sleep 21 1275 | echo "First the backup of current Nextcloud install will be made. It will take time, be patient!" 1276 | echo "Backing up database." 1277 | echo "Backup current Nextcloud started. First database." >> $rstl 2>&1 1278 | dbname=$(grep "dbname" "/var/www/nextcloud/config/config.php" | awk -F"'" '{print $4}') 1279 | dbpassword=$(grep "dbpassword" "/var/www/nextcloud/config/config.php" | awk -F"'" '{print $4}') 1280 | dbuser=$(grep "dbuser" "/var/www/nextcloud/config/config.php" | awk -F"'" '{print $4}') 1281 | mysqldump -u $dbuser -p$dbpassword $dbname > /var/www/nextcloud/nextcloud.sql 1282 | echo "Backing up files (excluding users files)." 1283 | echo "Creating Nextcloud files backup." >> $rstl 2>&1 1284 | rm -rf $nbckd/$nbckf >> $rstl 2>&1 1285 | cp /var/www/nextcloud/config/config.php $nbckd/config.php >> $rstl 2>&1 1286 | tar -pcf $nbckd/$nbckf --exclude="/var/www/nextcloud/data" /var/www/nextcloud >> $rstl 2>&1 1287 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/.h* >> $rstl 2>&1 1288 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/.o* >> $rstl 2>&1 1289 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/audit.log >> $rstl 2>&1 1290 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/index.* >> $rstl 2>&1 1291 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/nextcloud.log >> $rstl 2>&1 1292 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/updater.log >> $rstl 2>&1 1293 | tar -rpf $nbckd/$nbckf --exclude="preview" /var/www/nextcloud/data/appdata_* >> $rstl 2>&1 1294 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/bridge-bot >> $rstl 2>&1 1295 | tar -rpf $nbckd/$nbckf /var/www/nextcloud/data/files_external >> $rstl 2>&1 1296 | tar -rpf $nbckd/$nbckf --exclude="backups" /var/www/nextcloud/data/updater-* >> $rstl 2>&1 1297 | echo "Compressing backup." 1298 | echo "Compressing backup." >> $rstl 2>&1 1299 | lbzip2 -k -z -9 $nbckd/$nbckf 1300 | rm -rf $nbckd/$nbckf 1301 | ncverf 1302 | mv $nbckd/nextcloud.tar.bz2 $nbckd/$(date +%Y-%m-%d-at-%H:%M:%S)-nc-v$ncverf.tar.bz2 1303 | echo "Clearing(deleting) old NC files." >> $rstl 2>&1 1304 | find /var/www/nextcloud/* -not -path "*/var/www/nextcloud/data*" -delete >> $rstl 2>&1 1305 | rm -rf /var/www/nextcloud/.* >> $rstl 2>&1 1306 | rm -rf /var/www/nextcloud/data/.* >> $rstl 2>&1 1307 | rm -rf /var/www/nextcloud/data/*.log >> $rstl 2>&1 1308 | rm -rf /var/www/nextcloud/data/index.* >> $rstl 2>&1 1309 | rm -rf /var/www/nextcloud/data/bridge-bot >> $rstl 2>&1 1310 | rm -rf /var/www/nextcloud/data/files_external >> $rstl 2>&1 1311 | rm -rf /var/www/nextcloud/data/appdata_*/preview >> $rstl 2>&1 1312 | rm -rf /var/www/nextcloud/data/updater-*/backups >> $rstl 2>&1 1313 | echo "Backup finished, restoring Nextcloud." 1314 | echo "Backup finished, restoring Nextcloud." >> $rstl 2>&1 1315 | tar -xf $nbckd/$restore --directory / 1316 | echo "Files extracting completed. Restoring database." 1317 | echo "Files extracting completed. Restoring database." >> $rstl 2>&1 1318 | dbname=$(grep "dbname" "$nbckd/config.php" | awk -F"'" '{print $4}') 1319 | dbpassword=$(grep "dbpassword" "$nbckd/config.php" | awk -F"'" '{print $4}') 1320 | dbuser=$(grep "dbuser" "$nbckd/config.php" | awk -F"'" '{print $4}') 1321 | mysql -u$dbuser -p$dbpassword -e "drop database $dbname" >> $rstl 2>&1 1322 | mysql -u$dbuser -p$dbpassword -e "create database $dbname" >> $rstl 2>&1 1323 | mysql -u$dbuser -p$dbpassword $dbname < /var/www/nextcloud/nextcloud.sql >> $rstl 2>&1 1324 | rm -rf /var/www/nextcloud/nextcloud.sql >> $rstl 2>&1 1325 | rm -rf $nbckd/config.php >> $rstl 2>&1 1326 | echo "Doing Nextcloud maintenance tasks." >> $rstl 2>&1 1327 | echo "Doing Nextcloud maintenance tasks." 1328 | sudo -u $websrv_usr php /var/www/nextcloud/occ maintenance:repair --include-expensive >> $rstl 2>&1 1329 | sudo -u $websrv_usr php /var/www/nextcloud/occ db:add-missing-indices >> $rstl 2>&1 1330 | echo "Rescanning and updating users files." >> $rstl 2>&1 1331 | echo "Rescanning and updating users files." 1332 | sudo -u $websrv_usr php /var/www/nextcloud/occ files:scan-app-data >> $rstl 2>&1 1333 | sudo -u $websrv_usr php /var/www/nextcloud/occ files:scan --all >> $rstl 2>&1 1334 | echo "Nextcloud restoration process finished." >> $rstl 2>&1 1335 | echo "Nextcloud restoration process finished." 1336 | echo "" 1337 | echo "You may try to login and check if everything is fine now." 1338 | else 1339 | echo "Wrong argument used for restore variable." >> $rstl 2>&1 1340 | echo "An incorrect file name was entered, or an invalid value for the restore argument." 1341 | echo "Please verify entered data and start again." 1342 | echo "Use restore=list to find out available restore files." 1343 | fi 1344 | fi 1345 | } 1346 | 1347 | function ncpurge { 1348 | echo "---------------------------------------------------------------------------" >> $rstl 2>&1 1349 | echo "Nextcloud installer $ver (www.marcinwilk.eu) started. PURGE MODE." >> $rstl 2>&1 1350 | date >> $rstl 2>&1 1351 | echo "---------------------------------------------------------------------------" >> $rstl 2>&1 1352 | echo -e "\e[1;31mDANGER !!!\e[39;0m \e[1;32mPURGE MODE ACTIVE\e[39;0m \e[1;31mDANGER !!!\e[39;0m"; 1353 | echo "It will create initial backup of only Nextcloud files installed by this script." 1354 | echo -e "\e[1;31mEXCLUDING USER DATA FILES!!!\e[39;0m"; 1355 | echo -e "Then every Nextcloud file, software packages and configuration files," 1356 | echo -e "used by it, including whole database will be \e[1;31mDELETED!!!\e[39;0m" 1357 | echo "" 1358 | echo "If You made any own changes to Apache, PHP or database, alle that will be lost!" 1359 | echo "" 1360 | echo "Main purpose of this option, is to allow installing Nextcloud again using this script," 1361 | echo "in cleane enviroment, if errors appeared when it was used for the first time." 1362 | echo "" 1363 | echo "If You are still want to do that, wait 30 seconds so the process will begin." 1364 | echo "But if You have dubts, cancel this script with CTRL+C now!" 1365 | echo -e "\e[1;31mDANGER !!!\e[39;0m \e[1;32mPURGE MODE ACTIVE\e[39;0m \e[1;31mDANGER !!!\e[39;0m"; 1366 | sleep 45 1367 | echo "" 1368 | ncbackup 1369 | echo "Removing software. Please wait..." 1370 | systemctl stop nextcloudcron.timer >> $rstl 2>&1 1371 | systemctl disable nextcloudcron.timer >> $rstl 2>&1 1372 | rm -rf /etc/systemd/system/nextcloudcron.service >> $rstl 2>&1 1373 | rm -rf /etc/systemd/system/nextcloudcron.timer >> $rstl 2>&1 1374 | systemctl stop mariadb >> $rstl 2>&1 1375 | systemctl stop redis-server >> $rstl 2>&1 1376 | systemctl stop redis >> $rstl 2>&1 1377 | systemctl stop valkey >> $rstl 2>&1 1378 | systemctl stop apache2 >> $rstl 2>&1 1379 | systemctl stop httpd >> $rstl 2>&1 1380 | ufw disable >> $rstl 2>&1 1381 | systemctl disable ufw >> $rstl 2>&1 1382 | if [ -e $debvf ] 1383 | then 1384 | DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y -o DPkg::Lock::Timeout=-1 php* >> $rstl 2>&1 1385 | DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y -o DPkg::Lock::Timeout=-1 libapache2-mod-php* >> $rstl 2>&1 1386 | DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y -o DPkg::Lock::Timeout=-1 libmagickcore-6.q16-6-extra >> $rstl 2>&1 1387 | DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y -o DPkg::Lock::Timeout=-1 libmagickcore-7.q16-10-extra >> $rstl 2>&1 1388 | DEBIAN_FRONTEND=noninteractive apt-get autoremove -y >> $rstl 2>&1 1389 | DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y -o DPkg::Lock::Timeout=-1 apache2 >> $rstl 2>&1 1390 | DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y -o DPkg::Lock::Timeout=-1 apache2-utils >> $rstl 2>&1 1391 | DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y -o DPkg::Lock::Timeout=-1 python3-certbot-apache >> $rstl 2>&1 1392 | DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y -o DPkg::Lock::Timeout=-1 mariadb-server >> $rstl 2>&1 1393 | DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y -o DPkg::Lock::Timeout=-1 redis-server >> $rstl 2>&1 1394 | DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y -o DPkg::Lock::Timeout=-1 ufw >> $rstl 2>&1 1395 | DEBIAN_FRONTEND=noninteractive apt-get autoremove -y >> $rstl 2>&1 1396 | fi 1397 | if [ -e $elvf ] 1398 | then 1399 | dnf remove -y php* >> $rstl 2>&1 1400 | dnf remove -y libapache2-mod-php* >> $rstl 2>&1 1401 | dnf remove -y httpd httpd-tools >> $rstl 2>&1 1402 | dnf remove -y mod_ssl >> $rstl 2>&1 1403 | dnf remove -y python3-certbot-apache >> $rstl 2>&1 1404 | dnf remove -y mariadb-server mariadb >> $rstl 2>&1 1405 | dnf remove -y valkey >> $rstl 2>&1 1406 | fi 1407 | rm -rf /var/log/nextcloud-installer.log 1408 | rm -rf /var/local/nextcloud-installer.ver 1409 | rm -rf /var/log/php* 1410 | rm -rf /var/opt/remi 1411 | rm -rf /var/opt/remi 1412 | rm -rf /etc/mysql 1413 | rm -rf /etc/my.cnf.d 1414 | rm -rf /var/lib/mysql 1415 | rm -rf /var/lib/mariadb 1416 | rm -rf /etc/apache2 1417 | rm -rf /etc/php/ 1418 | rm -rf /var/www/nextcloud 1419 | rm -rf /etc/httpd 1420 | rm -rf /etc/opt/remi 1421 | rm -rf /var/www/nextcloud 1422 | rm -rf /etc/certbot 1423 | rm -rf /etc/letsencrypt 1424 | rm -rf /etc/redis 1425 | echo "Job done. For best results, reboot operating system." 1426 | } 1427 | 1428 | function fwcmd { 1429 | firewall-cmd --permanent --add-service=http >> $insl 2>&1 1430 | firewall-cmd --permanent --add-service=https >> $insl 2>&1 1431 | firewall-cmd --permanent --add-service=ssh >> $insl 2>&1 1432 | firewall-cmd --permanent --add-port=20/tcp >> $insl 2>&1 1433 | firewall-cmd --permanent --add-port=21/tcp >> $insl 2>&1 1434 | firewall-cmd --permanent --add-port=22/tcp >> $insl 2>&1 1435 | firewall-cmd --permanent --add-port=989/tcp >> $insl 2>&1 1436 | firewall-cmd --permanent --add-port=990/tcp >> $insl 2>&1 1437 | firewall-cmd --permanent --add-port=7867/tcp >> $insl 2>&1 1438 | firewall-cmd --permanent --add-port=3389/tcp >> $insl 2>&1 1439 | firewall-cmd --permanent --add-port=3389/udp >> $insl 2>&1 1440 | firewall-cmd --reload >> $insl 2>&1 1441 | } 1442 | 1443 | function ncfirewall { 1444 | echo "Setting up firewall." 1445 | echo "Setting up firewall." >> $insl 2>&1 1446 | if [ -e $debvf ] 1447 | then 1448 | firewalld_running() { 1449 | ps ax 2>/dev/null | grep '[f]irewalld' >/dev/null 1450 | } 1451 | 1452 | if firewalld_running; then 1453 | echo "Firewalld already running detected!!! Using fwcmd instructions" >> $insl 2>&1 1454 | fwcmd 1455 | else 1456 | DEBIAN_FRONTEND=noninteractive apt-get install -y -o DPkg::Lock::Timeout=-1 ufw >> $insl 2>&1 1457 | ufw default allow >> $insl 2>&1 1458 | ufw --force enable >> $insl 2>&1 1459 | ufw allow OpenSSH >> $insl 2>&1 1460 | ufw allow FTP >> $insl 2>&1 1461 | ufw allow 'WWW Full' >> $insl 2>&1 1462 | ufw allow 20/tcp >> $insl 2>&1 1463 | ufw allow 21/tcp >> $insl 2>&1 1464 | ufw allow 22/tcp >> $insl 2>&1 1465 | ufw allow 989/tcp >> $insl 2>&1 1466 | ufw allow 990/tcp >> $insl 2>&1 1467 | ufw allow 7867/tcp >> $insl 2>&1 1468 | ufw allow 3389/tcp >> $insl 2>&1 1469 | ufw allow 3389/udp >> $insl 2>&1 1470 | ufw default deny >> $insl 2>&1 1471 | ufw show added >> $insl 2>&1 1472 | fi 1473 | fi 1474 | if [ -e $elvf ] 1475 | then 1476 | fwcmd 1477 | fi 1478 | } 1479 | 1480 | function upd_p1 { 1481 | echo "Detected installer already used, checking versions." >> $insl 2>&1 1482 | echo "$pverr1" >> $insl 2>&1 1483 | echo "$pverr2" >> $insl 2>&1 1484 | echo "Doing some updates if they are available." 1485 | nv_verify 1486 | ncbackup 1487 | echo "Continue with upgrade process, please wait..." 1488 | update_os 1489 | echo "It can take a lot of time, be patient!" 1490 | nv_update 1491 | } 1492 | 1493 | function upd_p5 { 1494 | sudo -u $websrv_usr php /var/www/nextcloud/occ db:add-missing-indices >> $insl 2>&1 1495 | sudo -u $websrv_usr php /var/www/nextcloud/occ maintenance:repair --include-expensive >> $rstl 2>&1 1496 | maintenance_window_setup 1497 | restart_websrv 1498 | echo "Upgrade process finished." 1499 | echo "Job done!" 1500 | save_upg_info 1501 | mv $cdir/$scrpt.sh $scrpt-$(date +"%FT%H%M").sh 1502 | unset LC_ALL 1503 | exit 0 1504 | } 1505 | 1506 | echo -e "\e[38;5;214mNextcloud Install Script\e[39;0m 1507 | Version $ver for x86_64, for popular server Linux distributions. 1508 | by marcin@marcinwilk.eu - www.marcinwilk.eu" 1509 | echo "---------------------------------------------------------------------------" 1510 | 1511 | if [ -z "$restore" ] 1512 | then 1513 | echo "" > /dev/null 1514 | else 1515 | echo -e "Restore argument was used! \e[1;32mSkipping install/upgrade process!\e[39;0m" 1516 | ncrestore 1517 | unset LC_ALL 1518 | exit 0 1519 | fi 1520 | 1521 | if $backup; then 1522 | echo -e "Backup argument was used! \e[1;32mForcing backup generation now!\e[39;0m" 1523 | ncbackup 1524 | unset LC_ALL 1525 | exit 0 1526 | else 1527 | echo "" > /dev/null 1528 | fi 1529 | 1530 | if $purge; then 1531 | echo -e "Purge argument was used! \e[1;32mPreparing destruction!\e[39;0m" 1532 | echo "" 1533 | ncpurge 1534 | unset LC_ALL 1535 | exit 0 1536 | else 1537 | echo "" > /dev/null 1538 | fi 1539 | 1540 | 1541 | if [ -e $insl ] || [ -e $ver_file ] 1542 | then 1543 | echo "Nextcloud installer - $ver (www.marcinwilk.eu) started." >> $insl 2>&1 1544 | date >> $insl 2>&1 1545 | echo "---------------------------------------------------------------------------" >> $insl 2>&1 1546 | echo "This script will try to upgrade Nextcloud and all needed services," 1547 | echo "based on what was done by it's previous version." 1548 | echo "" 1549 | echo "Trying to find preceding installer version." 1550 | if [ -e $ver_file ] 1551 | then 1552 | echo "Detected previous install:" 1553 | pverr1=$(sed -n '1p' $ver_file) 1554 | echo "$pverr1" 1555 | echo "With parameters:" 1556 | pverr2=$(sed -n '2p' $ver_file) 1557 | echo "$pverr2" 1558 | echo "" 1559 | pver=$(echo $pverr2 | awk -F'[ =]' '/ver/ {print $2}') 1560 | lang=$(echo $pverr2 | awk -F'[ =]' '/lang/ {print $4}') 1561 | mail=$(echo $pverr2 | awk -F'[ =]' '/mail/ {print $6}') 1562 | dm=$(echo $pverr2 | awk -F'[ =]' '/dm/ {print $8}') 1563 | nv=$(echo $pverr2 | awk -F'[ =]' '/nv/ {print $10}') 1564 | fdir=$(echo $pverr2 | awk -F'[ =]' '/fdir/ {print $12}') 1565 | if [ "$pver" = "1.5" ] 1566 | then 1567 | upd_p1 1568 | # Installing additional packages added with v1.7 1569 | echo "Installing additional packages added with v1.7 upgrade" >> $insl 2>&1 1570 | install_soft 1571 | a2enmod http2 >> $insl 2>&1 1572 | preview_tweaks 1573 | add_http2 1574 | sudo -u $websrv_usr php /var/www/nextcloud/occ db:convert-filecache-bigint --no-interaction >> $insl 2>&1 1575 | disable_sleep 1576 | rm -rf /opt/latest.zip 1577 | rm -rf /var/www/nextcloud/config/autoconfig.php 1578 | upd_p5 1579 | fi 1580 | if [ "$pver" = "1.6" ] 1581 | then 1582 | upd_p1 1583 | sudo -u $websrv_usr php /var/www/nextcloud/occ db:add-missing-indices >> $insl 2>&1 1584 | # Installing additional packages added with v1.7 1585 | echo "Installing additional packages added with v1.7 upgrade" >> $insl 2>&1 1586 | install_soft 1587 | a2enmod http2 >> $insl 2>&1 1588 | preview_tweaks 1589 | add_http2 1590 | rm -rf /opt/latest.zip 1591 | rm -rf /var/www/nextcloud/config/autoconfig.php 1592 | disable_sleep 1593 | upd_p5 1594 | fi 1595 | if [ "$pver" = "1.7" ] || [ "$pver" = "1.8" ] || [ "$pver" = "1.9" ] || [ "$pver" = "1.10" ] || [ "$pver" = "1.11" ] || [ "$pver" = "1.12" ] 1596 | then 1597 | upd_p1 1598 | upd_p5 1599 | fi 1600 | else 1601 | echo "Detected installer version 1.4 or older already used." 1602 | echo "Detected installer version 1.4 or older already used." >> $insl 2>&1 1603 | if [ -e $elvf ] || [ -e $ubuvf ] 1604 | then 1605 | echo "In case of Fedora/EL/Ubuntu this is impossible, must be some error." 1606 | echo "Highly possible that script was canceled during work." 1607 | echo "Clearing now..." 1608 | rm -rf $insl 1609 | echo "Run script again, so it will start from beginning without error." 1610 | unset LC_ALL 1611 | exit 0 1612 | fi 1613 | echo "Upgrading in progress..." 1614 | echo "Updating OS." 1615 | echo "!!!!!!! Updating OS." >> $insl 2>&1 1616 | update_os 1617 | echo "Installing additional packages." 1618 | install_soft 1619 | restart_websrv 1620 | ncfirewall 1621 | ncbackup 1622 | echo "OS tweaking for Redis." 1623 | sysctl vm.overcommit_memory=1 >> $insl 2>&1 1624 | echo "vm.overcommit_memory = 1" >> /etc/sysctl.conf 1625 | echo "#!/bin/sh -e 1626 | # 1627 | # rc.local 1628 | # 1629 | # This script is executed at the end of each multiuser runlevel. 1630 | # Make sure that the script will "exit 0" on success or any other 1631 | # value on error. 1632 | # 1633 | # In order to enable or disable this script just change the execution 1634 | # bits. 1635 | # 1636 | # By default this script does nothing. 1637 | 1638 | echo madvise > /sys/kernel/mm/transparent_hugepage/enabled 1639 | exit 0" >> /etc/rc.local 1640 | chmod +x /etc/rc.local 1641 | systemctl daemon-reload 1642 | systemctl start rc-local 1643 | echo "!!!!!!! Upgrading Nextcloud." >> $insl 2>&1 1644 | echo "Upgrading Nextcloud." 1645 | echo "Checking currently installed version." >> $insl 2>&1 1646 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:get version >> $insl 2>&1 1647 | sncver 1648 | if [ "$ncver" = "24" ] 1649 | then 1650 | nv_upd_simpl 1651 | fi 1652 | sncver 1653 | if [ "$ncver" = "24" ] 1654 | then 1655 | nv_upd_simpl 1656 | fi 1657 | sncver 1658 | if [ "$ncver" = "24" ] 1659 | then 1660 | nv_upd_simpl 1661 | fi 1662 | sncver 1663 | if [ "$ncver" = "24" ] 1664 | then 1665 | nv_upd_simpl 1666 | fi 1667 | sncver 1668 | if [ "$ncver" = "25" ] 1669 | then 1670 | nv_upd_simpl 1671 | fi 1672 | sncver 1673 | if [ "$ncver" = "25" ] 1674 | then 1675 | nv_upd_simpl 1676 | fi 1677 | sncver 1678 | if [ "$ncver" = "25" ] 1679 | then 1680 | nv_upd_simpl 1681 | fi 1682 | sncver 1683 | if [ "$ncver" = "25" ] 1684 | then 1685 | nv_upd_simpl 1686 | fi 1687 | sncver 1688 | if [ "$ncver" = "26" ] 1689 | then 1690 | nv_upd_simpl 1691 | fi 1692 | sncver 1693 | if [ "$ncver" = "26" ] 1694 | then 1695 | nv_upd_simpl 1696 | fi 1697 | sncver 1698 | if [ "$ncver" = "26" ] 1699 | then 1700 | nv_upd_simpl 1701 | fi 1702 | sncver 1703 | if [ "$ncver" = "26" ] 1704 | then 1705 | nv_upd_simpl 1706 | fi 1707 | sncver 1708 | if [ "$ncver" = "27" ] 1709 | then 1710 | echo "Installing PHP 8.2" 1711 | install_php82 1712 | php82_tweaks 1713 | nv_upd_simpl 1714 | fi 1715 | sncver 1716 | if [ "$ncver" = "27" ] 1717 | then 1718 | nv_upd_simpl 1719 | fi 1720 | sncver 1721 | if [ "$ncver" = "27" ] 1722 | then 1723 | nv_upd_simpl 1724 | fi 1725 | sncver 1726 | if [ "$ncver" = "28" ] 1727 | then 1728 | echo "Installing PHP 8.2" 1729 | install_php82 1730 | php82_tweaks 1731 | nv_upd_simpl 1732 | fi 1733 | sncver 1734 | if [ "$ncver" = "28" ] 1735 | then 1736 | nv_upd_simpl 1737 | fi 1738 | sncver 1739 | if [ "$ncver" = "28" ] 1740 | then 1741 | nv_upd_simpl 1742 | fi 1743 | sncver 1744 | if [ "$ncver" = "29" ] 1745 | then 1746 | echo "Installing PHP 8.3" 1747 | install_php83 1748 | php83_tweaks 1749 | nv_upd_simpl 1750 | fi 1751 | sncver 1752 | if [ "$ncver" = "29" ] 1753 | then 1754 | nv_upd_simpl 1755 | fi 1756 | sncver 1757 | if [ "$ncver" = "29" ] 1758 | then 1759 | nv_upd_simpl 1760 | fi 1761 | sncver 1762 | if [ "$ncver" = "30" ] 1763 | then 1764 | echo "Installing PHP 8.3" 1765 | install_php83 1766 | php83_tweaks 1767 | nv_upd_simpl 1768 | fi 1769 | sncver 1770 | if [ "$ncver" = "30" ] 1771 | then 1772 | nv_upd_simpl 1773 | fi 1774 | sncver 1775 | if [ "$ncver" = "30" ] 1776 | then 1777 | nv_upd_simpl 1778 | fi 1779 | sncver 1780 | if [ "$ncver" = "30" ] 1781 | then 1782 | nv_upd_simpl 1783 | fi 1784 | sncver 1785 | if [ "$ncver" = "31" ] 1786 | then 1787 | echo "Installing PHP 8.4" 1788 | install_php84 1789 | php84_tweaks 1790 | nv_upd_simpl 1791 | fi 1792 | sncver 1793 | if [ "$ncver" = "31" ] 1794 | then 1795 | nv_upd_simpl 1796 | fi 1797 | sncver 1798 | if [ "$ncver" = "31" ] 1799 | then 1800 | nv_upd_simpl 1801 | fi 1802 | sncver 1803 | if [ "$ncver" = "32" ] 1804 | then 1805 | nv_upd_simpl 1806 | fi 1807 | sncver 1808 | if [ "$ncver" = "32" ] 1809 | then 1810 | nv_upd_simpl 1811 | fi 1812 | sncver 1813 | if [ "$ncver" = "32" ] 1814 | then 1815 | nv_upd_simpl 1816 | fi 1817 | sudo -u $websrv_usr php /var/www/nextcloud/occ db:add-missing-indices >> $insl 2>&1 1818 | echo "" 1819 | echo "" 1820 | echo "Nextcloud upgraded to version:" >> $insl 2>&1 1821 | echo "Nextcloud upgraded to version:" 1822 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:get version >> $insl 2>&1 1823 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:get version 1824 | echo "Adding some more Nextcloud tweaks." 1825 | sudo -u $websrv_usr php /var/www/nextcloud/occ maintenance:repair --include-expensive >> $insl 2>&1 1826 | echo "" 1827 | sed -i "/installed' => true,/a\ \ 'htaccess.RewriteBase' => '/'," /var/www/nextcloud/config/config.php 1828 | maintenance_window_setup 1829 | sudo -u $websrv_usr php /var/www/nextcloud/occ maintenance:update:htaccess >> $insl 2>&1 1830 | sudo -u $websrv_usr php /var/www/nextcloud/occ db:add-missing-indices >> $insl 2>&1 1831 | sudo -u $websrv_usr php /var/www/nextcloud/occ db:convert-filecache-bigint --no-interaction >> $insl 2>&1 1832 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set ALLOW_SELF_SIGNED --value="true" >> $insl 2>&1 1833 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enable_previews --value="true" >> $insl 2>&1 1834 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set preview_max_memory --value="512" >> $insl 2>&1 1835 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set preview_max_x --value="12288" >> $insl 2>&1 1836 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set preview_max_y --value="6912" >> $insl 2>&1 1837 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set auth.bruteforce.protection.enabled --value="true" >> $insl 2>&1 1838 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:install twofactor_totp >> $insl 2>&1 1839 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:enable twofactor_totp >> $insl 2>&1 1840 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:install twofactor_webauthn >> $insl 2>&1 1841 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:enable twofactor_webauthn >> $insl 2>&1 1842 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:app:set files max_chunk_size --value="20971520" >> $insl 2>&1 1843 | touch $ver_file 1844 | echo "Removing old PHP versions." 1845 | apt-get remove -y -o DPkg::Lock::Timeout=-1 php7.4 php7.4-* >> $insl 2>&1 1846 | apt-get remove -y -o DPkg::Lock::Timeout=-1 php8.1 php8.1-* >> $insl 2>&1 1847 | apt-get remove -y -o DPkg::Lock::Timeout=-1 php8.2 php8.2-* >> $insl 2>&1 1848 | apt-get remove -y -o DPkg::Lock::Timeout=-1 php8.3 php8.3-* >> $insl 2>&1 1849 | a2enmod http2 >> $insl 2>&1 1850 | a2enmod php8.4 >> $insl 2>&1 1851 | add_http2 1852 | preview_tweaks 1853 | rm -rf /opt/latest.zip 1854 | rm -rf /var/www/nextcloud/config/autoconfig.php 1855 | systemctl restart mariadb >> $insl 2>&1 1856 | systemctl restart redis-server >> $insl 2>&1 1857 | systemctl restart valkey >> $insl 2>&1 1858 | disable_sleep 1859 | upd_p5 1860 | fi 1861 | else 1862 | echo "" 1863 | fi 1864 | 1865 | # Here install starts! 1866 | if [ -e $debvf ] || [ -e $elvf ] 1867 | then 1868 | if [ -n "$el5" ] || [ -n "$el6" ] || [ -n "$el7" ] || [ -n "$el8" ] || [ -n "$ubu19" ] || [ -n "$ubu20" ] || [ -n "$ubu21" ] || [ -n "$fed36" ] || [ -n "$fed37" ] || [ -n "$fed38" ] 1869 | then 1870 | echo "Too old main Linux distribution release, try newer." 1871 | unset LC_ALL 1872 | exit 0 1873 | else 1874 | echo "" > /dev/null 1875 | fi 1876 | else 1877 | echo "Your Linux distribution isn't supported by this script." 1878 | echo "Mission aborted!" 1879 | echo "Unsupported Linux distro!" 1880 | unset LC_ALL 1881 | exit 0 1882 | fi 1883 | echo "This script will automatically install Nextcloud service." 1884 | echo "Few addditional packages will be installed:" 1885 | echo "Apache, PHP, MariaDB, ddclient, Let's encrypt and more." 1886 | echo "" 1887 | echo -e "You may add some variables like -lang=, -mail=, -dm=, -nv= and -fdir=" 1888 | echo "There are also two independent variables: -backup, -restore=" 1889 | echo "that should be used individually only." 1890 | echo "" 1891 | echo "Where lang is for language, supported are: Arabic (ar), Chinese (zh)," 1892 | echo "French (fr), Hindi (hi), Polish (pl), Spanish (es) and Ukrainian (uk)," 1893 | echo "(empty/undefinied use browser language)." 1894 | echo "-mail is for e_mail address of admin, -dm for domain name," 1895 | echo -e "that should be \e[1;32m*preconfigured\e[39;0m," 1896 | echo "-nv for installing older versions (24,25,26,27 and 28, empty means latest)," 1897 | echo -e "-fdir let you configure \e[1;32m**\e[39;0mdirectory where Nextcloud users files are stored," 1898 | echo 'this option will not change NC config, but mount "data" directory' 1899 | echo "to another location, and save that to fstab." 1900 | echo "If you want to use spaces between words in directory name," 1901 | echo -e 'then put path inside double quotes, eg. -fdir="/mnt/sdx/users data folder"' 1902 | echo "" 1903 | echo "./$scrpt.sh -lang=pl -mail=my@email.com -dm=mydomain.com -nv=24 -fdir=/mnt/sdc5/nextcloud-data" 1904 | echo "" 1905 | echo "-backup argument will force backup creation of Nextcloud (without users files)," 1906 | echo "-restore=list will show backup file names list that can be used to restore Nextcloud," 1907 | echo "-restore=filename.tar.bz2 will use choosed file for Nextcloud restoration (without users files)." 1908 | echo "" 1909 | echo "You may now cancel this script with CRTL+C," 1910 | echo "or wait 50 seconds so it will install without" 1911 | echo "additional variables." 1912 | echo "" 1913 | echo -e "\e[1;32m*\e[39;0m - domain and router must already be configured to work with this server from Internet.\e[39;0m" 1914 | echo -e "\e[1;32m**\e[39;0m - target directory must already be prepared, for example if another disk is used, it must be already (auto)mounted.\e[39;0m" 1915 | sleep 51 1916 | 1917 | if [ $cpu = x86_64 ] 1918 | then 1919 | echo -e "Detected Kernel CPU arch. is \e[1;32mx86_64\e[39;0m!" 1920 | elif [ $cpu = i386 ] 1921 | then 1922 | echo -e "Detected Kernel CPU arch. is \e[1;31mi386!\e[39;0m" 1923 | echo "Sorry - only x86_64 is supported!" 1924 | echo "Mission aborted!" 1925 | unset LC_ALL 1926 | exit 0 1927 | else 1928 | echo "No supported kernel architecture. Aborting!" 1929 | echo "I did not detected x86_64 or i386 kernel architecture." 1930 | echo "It looks like your configuration isn't supported." 1931 | echo "Mission aborted!" 1932 | unset LC_ALL 1933 | exit 0 1934 | fi 1935 | 1936 | echo "Detected Supported Linux distribution:" 1937 | if [ -e $debvf ] 1938 | then 1939 | if [ -e $ubuvf ] 1940 | then 1941 | echo -e "$ubuv" 1942 | else 1943 | echo -e "Debian Linux release $debv" 1944 | fi 1945 | fi 1946 | if [ -e $elvf ] 1947 | then 1948 | echo $elv 1949 | fi 1950 | 1951 | touch /var/log/nextcloud-installer.log 1952 | 1953 | echo "Nextcloud installer - $ver (www.marcinwilk.eu) started." >> $insl 2>&1 1954 | date >> $insl 2>&1 1955 | echo "---------------------------------------------------------------------------" >> $insl 2>&1 1956 | echo "Current directory: $(pwd)" >> $insl 2>&1 1957 | echo "Arguments: $@" >> $insl 2>&1 1958 | ppid=$(ps -p $$ -o ppid=) 1959 | ppid=$(echo "$ppid" | xargs) 1960 | pcmd=$(ps -p "$ppid" -o args=) 1961 | echo "Process that started script: $pcmd" >> $insl 2>&1 1962 | 1963 | if [ -z "$lang" ] 1964 | then 1965 | echo "No custom language variable used." >> $insl 2>&1 1966 | else 1967 | echo -e "Using language variable: \e[1;32m$lang\e[39;0m" 1968 | echo "Using language variable: $lang" >> $insl 2>&1 1969 | fi 1970 | 1971 | if [ -z "$mail" ] 1972 | then 1973 | echo "No e_mail variable used." >> $insl 2>&1 1974 | else 1975 | echo -e "Using e_mail variable: \e[1;32m$mail\e[39;0m" 1976 | echo "Using e_mail variable: $mail" >> $insl 2>&1 1977 | fi 1978 | 1979 | if [ -z "$dm" ] 1980 | then 1981 | echo "No custom domain name variable used." >> $insl 2>&1 1982 | else 1983 | echo -e "Using domain variable: \e[1;32m$dm\e[39;0m" 1984 | echo "Using domain variable: $dm" >> $insl 2>&1 1985 | fi 1986 | 1987 | if [ -z "$nv" ] 1988 | then 1989 | echo "No older version variable used." >> $insl 2>&1 1990 | else 1991 | echo -e "Using version variable: \e[1;32m$nv\e[39;0m" 1992 | echo "Using version variable: $nv" >> $insl 2>&1 1993 | fi 1994 | 1995 | if [ -z "$fdir" ] 1996 | then 1997 | echo "No user files directory variable used." >> $insl 2>&1 1998 | else 1999 | echo -e "Using user files directory variable: \e[1;32m$fdir\e[39;0m" 2000 | echo "Using user files directory variable: $fdir" >> $insl 2>&1 2001 | if [ -e "$fdir" ] 2002 | then 2003 | echo "User files directory is prepared." >> $insl 2>&1 2004 | else 2005 | echo "ERROR: Defined Nextcloud data directory do not exist!" 2006 | echo "" 2007 | echo "Please prepare directory for Nextcloud user data files." 2008 | echo "Installer will now exit, You may restart it, after directory is prepared." 2009 | echo "Mission aborted!" 2010 | rm -rf $insl 2011 | unset LC_ALL 2012 | exit 0 2013 | fi 2014 | fi 2015 | 2016 | echo "Updating OS." 2017 | echo "!!!!!!! Updating OS" >> $insl 2>&1 2018 | update_os 2019 | 2020 | if [ "$lang" = "ar" ] 2021 | then 2022 | echo "!!!!!!! Installing language packages - Arabic" >> $insl 2>&1 2023 | if [ -e $debvf ] 2024 | then 2025 | apt-get install -y -o DPkg::Lock::Timeout=-1 task-arabic >> $insl 2>&1 2026 | locale-gen >> $insl 2>&1 2027 | fi 2028 | if [ -e $elvf ] 2029 | then 2030 | dnf install -y -q glibc-langpack-ar >> $insl 2>&1 2031 | fi 2032 | localectl set-locale LANG=ar_EG.UTF-8 >> $insl 2>&1 2033 | fi 2034 | 2035 | if [ "$lang" = "zh" ] 2036 | then 2037 | echo "!!!!!!! Installing language packages - Chinese" >> $insl 2>&1 2038 | if [ -e $debvf ] 2039 | then 2040 | apt-get install -y -o DPkg::Lock::Timeout=-1 task-chinese-s task-chinese-t >> $insl 2>&1 2041 | locale-gen >> $insl 2>&1 2042 | fi 2043 | if [ -e $elvf ] 2044 | then 2045 | dnf install -y -q glibc-langpack-zh >> $insl 2>&1 2046 | fi 2047 | localectl set-locale LANG=zh_CN.UTF-8 >> $insl 2>&1 2048 | fi 2049 | 2050 | if [ "$lang" = "fr" ] 2051 | then 2052 | echo "!!!!!!! Installing language packages - French" >> $insl 2>&1 2053 | if [ -e $debvf ] 2054 | then 2055 | apt-get install -y -o DPkg::Lock::Timeout=-1 task-french >> $insl 2>&1 2056 | locale-gen >> $insl 2>&1 2057 | fi 2058 | if [ -e $elvf ] 2059 | then 2060 | dnf install -y -q glibc-langpack-fr >> $insl 2>&1 2061 | fi 2062 | localectl set-locale LANG=fr_FR.UTF-8 >> $insl 2>&1 2063 | fi 2064 | 2065 | if [ "$lang" = "hi" ] 2066 | then 2067 | echo "!!!!!!! Installing language packages - Hindi" >> $insl 2>&1 2068 | if [ -e $debvf ] 2069 | then 2070 | apt-get install -y -o DPkg::Lock::Timeout=-1 task-hindi >> $insl 2>&1 2071 | locale-gen >> $insl 2>&1 2072 | fi 2073 | if [ -e $elvf ] 2074 | then 2075 | dnf install -y -q glibc-langpack-hi >> $insl 2>&1 2076 | fi 2077 | localectl set-locale LANG=hi_IN >> $insl 2>&1 2078 | fi 2079 | 2080 | if [ "$lang" = "pl" ] 2081 | then 2082 | echo "!!!!!!! Installing language packages - Polish" >> $insl 2>&1 2083 | if [ -e $debvf ] 2084 | then 2085 | apt-get install -y -o DPkg::Lock::Timeout=-1 task-polish >> $insl 2>&1 2086 | locale-gen >> $insl 2>&1 2087 | fi 2088 | if [ -e $elvf ] 2089 | then 2090 | dnf install -y -q glibc-langpack-pl >> $insl 2>&1 2091 | fi 2092 | timedatectl set-timezone Europe/Warsaw >> $insl 2>&1 2093 | localectl set-locale LANG=pl_PL.UTF-8 >> $insl 2>&1 2094 | fi 2095 | 2096 | if [ "$lang" = "es" ] 2097 | then 2098 | echo "!!!!!!! Installing language packages - Spanish" >> $insl 2>&1 2099 | if [ -e $debvf ] 2100 | then 2101 | apt-get install -y -o DPkg::Lock::Timeout=-1 task-spanish >> $insl 2>&1 2102 | locale-gen >> $insl 2>&1 2103 | fi 2104 | if [ -e $elvf ] 2105 | then 2106 | dnf install -y -q glibc-langpack-es >> $insl 2>&1 2107 | fi 2108 | localectl set-locale LANG=es_ES.UTF-8 >> $insl 2>&1 2109 | fi 2110 | 2111 | if [ "$lang" = "uk" ] 2112 | then 2113 | echo "!!!!!!! Installing language packages - Ukrainian" >> $insl 2>&1 2114 | if [ -e $debvf ] 2115 | then 2116 | apt-get install -y -o DPkg::Lock::Timeout=-1 task-ukrainian >> $insl 2>&1 2117 | locale-gen >> $insl 2>&1 2118 | fi 2119 | if [ -e $elvf ] 2120 | then 2121 | dnf install -y -q glibc-langpack-uk >> $insl 2>&1 2122 | fi 2123 | localectl set-locale LANG=uk_UA.UTF-8 >> $insl 2>&1 2124 | fi 2125 | 2126 | echo "Installing software packages. It may take some time - be patient." 2127 | echo "!!!!!!! Installing software." >> $insl 2>&1 2128 | install_soft 2129 | 2130 | # Generating passwords for database and SuperAdmin user. 2131 | echo "!!!!!!! Generating passwords for database and SuperAdmin user." >> $insl 2>&1 2132 | openssl rand -base64 30 > /root/dbpass 2133 | openssl rand -base64 30 > /root/superadminpass 2134 | mp=$( cat /root/dbpass ) 2135 | mp2=$( cat /root/superadminpass ) 2136 | 2137 | if [ -e $debvf ] 2138 | then 2139 | debvu=$( sudo cat /etc/debian_version | awk -F '.' '{print $1}' ) 2140 | if [ "$debvu" = "12" ] || [ "$debvu" = "13" ] || [ "$debvu" = "14" ] 2141 | then 2142 | apt-get install -y -o DPkg::Lock::Timeout=-1 systemd-timesyncd >> $insl 2>&1 2143 | systemctl enable systemd-timesyncd >> $insl 2>&1 2144 | systemctl restart systemd-timesyncd >> $insl 2>&1 2145 | else 2146 | if [ -e $ubuvf ] 2147 | then 2148 | apt-get install -y -o DPkg::Lock::Timeout=-1 systemd-timesyncd >> $insl 2>&1 2149 | systemctl enable systemd-timesyncd >> $insl 2>&1 2150 | systemctl restart systemd-timesyncd >> $insl 2>&1 2151 | else 2152 | apt-get install -y -o DPkg::Lock::Timeout=-1 ntp >> $insl 2>&1 2153 | systemctl enable ntp >> $insl 2>&1 2154 | systemctl restart ntp >> $insl 2>&1 2155 | fi 2156 | fi 2157 | fi 2158 | if [ -e $elvf ] 2159 | then 2160 | timedatectl set-ntp on 2161 | dnf install -y -q chrony >> $insl 2>&1 2162 | systemctl enable chronyd >> $insl 2>&1 2163 | systemctl start chronyd >> $insl 2>&1 2164 | systemctl restart systemd-timedated >> $insl 2>&1 2165 | timedatectl set-ntp true 2166 | fi 2167 | 2168 | disable_sleep 2169 | echo "Installing web server with PHP." 2170 | echo "!!!!!!! Installing web server with PHP." >> $insl 2>&1 2171 | update_os 2172 | if [ -e $debvf ] 2173 | then 2174 | apt-get install -y -o DPkg::Lock::Timeout=-1 apache2 apache2-utils >> $insl 2>&1 2175 | echo "ServerName 127.0.0.1" >> /etc/apache2/apache2.conf 2176 | fi 2177 | if [ -e $elvf ] 2178 | then 2179 | dnf install -y -q httpd httpd-tools mod_ssl >> $insl 2>&1 2180 | echo "!!!!!!! Apply HTTPD/Apache SELinux policies." >> $insl 2>&1 2181 | setsebool httpd_unified on >> $insl 2>&1 2182 | setsebool -P httpd_can_network_connect_db on >> $insl 2>&1 2183 | setsebool -P httpd_can_connect_ldap on >> $insl 2>&1 2184 | setsebool -P httpd_can_network_connect on >> $insl 2>&1 2185 | setsebool -P httpd_can_network_memcache on >> $insl 2>&1 2186 | setsebool -P httpd_can_sendmail on >> $insl 2>&1 2187 | setsebool -P httpd_use_cifs on >> $insl 2>&1 2188 | setsebool -P httpd_use_fusefs on >> $insl 2>&1 2189 | setsebool -P httpd_use_gpg on >> $insl 2>&1 2190 | fi 2191 | 2192 | if [ "$nv" = "24" ]; then 2193 | echo "Installing PHP version 7.x for Nextcloud v24." 2194 | echo "!!!!!!! Installing PHP version 7.x for Nextcloud v24." >> $insl 2>&1 2195 | install_php74 2196 | elif [ "$nv" = "25" ]; then 2197 | echo "Installing PHP version 8.1 for Nextcloud v25." 2198 | echo "!!!!!!! Installing PHP version 8.1 for Nextcloud v25." >> $insl 2>&1 2199 | install_php81 2200 | elif [ "$nv" = "26" ]; then 2201 | echo "Installing PHP version 8.1 for Nextcloud v26." 2202 | echo "!!!!!!! Installing PHP version 8.1 for Nextcloud v26." >> $insl 2>&1 2203 | install_php81 2204 | elif [ "$nv" = "27" ]; then 2205 | echo "Installing PHP version 8.2 for Nextcloud v27." 2206 | echo "!!!!!!! Installing PHP version 8.2 for Nextcloud v27." >> $insl 2>&1 2207 | install_php82 2208 | elif [ "$nv" = "28" ]; then 2209 | echo "Installing PHP version 8.2 for Nextcloud v28." 2210 | echo "!!!!!!! Installing PHP version 8.2 for Nextcloud v28." >> $insl 2>&1 2211 | install_php82 2212 | elif [ "$nv" = "29" ]; then 2213 | echo "Installing PHP version 8.3 for Nextcloud v29." 2214 | echo "!!!!!!! Installing PHP version 8.3 for Nextcloud v29." >> $insl 2>&1 2215 | install_php83 2216 | elif [ "$nv" = "30" ]; then 2217 | echo "Installing PHP version 8.3 for Nextcloud v30." 2218 | echo "!!!!!!! Installing PHP version 8.3 for Nextcloud v30." >> $insl 2>&1 2219 | install_php83 2220 | elif [ "$nv" = "31" ]; then 2221 | echo "Installing PHP version 8.4 for Nextcloud v31." 2222 | echo "!!!!!!! Installing PHP version 8.4 for Nextcloud v31." >> $insl 2>&1 2223 | install_php84 2224 | elif [ "$nv" = "32" ]; then 2225 | echo "Installing PHP version 8.4 for Nextcloud v32." 2226 | echo "!!!!!!! Installing PHP version 8.4 for Nextcloud v32." >> $insl 2>&1 2227 | install_php84 2228 | elif [ -z "$nv" ]; then 2229 | echo "Installing newest PHP version for Nextcloud." 2230 | echo "!!!!!!! Installing newest PHP version for Nextcloud." >> $insl 2>&1 2231 | install_php 2232 | fi 2233 | 2234 | if [ -e $debvf ] 2235 | then 2236 | a2dissite 000-default >> $insl 2>&1 2237 | systemctl enable apache2 >> $insl 2>&1 2238 | restart_websrv 2239 | fi 2240 | if [ -e $elvf ] 2241 | then 2242 | systemctl enable httpd >> $insl 2>&1 2243 | restart_websrv 2244 | fi 2245 | 2246 | ncfirewall 2247 | 2248 | echo "Simple PHP testing..." 2249 | echo "!!!!!!! PHP check:" >> $insl 2>&1 2250 | touch test.php 2251 | echo '' >> test.php 2254 | php test.php 2255 | php test.php >> $insl 2>&1 2256 | echo '' >> info.php 2259 | php info.php >> $insl 2>&1 2260 | rm -rf test.php >> $insl 2>&1 2261 | rm -rf info.php >> $insl 2>&1 2262 | 2263 | # Tweaks for redis first. 2264 | if [ -e $debvf ] 2265 | then 2266 | sysctl vm.overcommit_memory=1 >> $insl 2>&1 2267 | echo "vm.overcommit_memory = 1" >> /etc/sysctl.conf 2268 | touch /etc/rc.local 2269 | echo "#!/bin/sh -e 2270 | # 2271 | # rc.local 2272 | # 2273 | # This script is executed at the end of each multiuser runlevel. 2274 | # Make sure that the script will "exit 0" on success or any other 2275 | # value on error. 2276 | # 2277 | # In order to enable or disable this script just change the execution 2278 | # bits. 2279 | # 2280 | # By default this script does nothing. 2281 | 2282 | echo madvise > /sys/kernel/mm/transparent_hugepage/enabled 2283 | exit 0 2284 | " >> /etc/rc.local 2285 | chmod +x /etc/rc.local 2286 | systemctl daemon-reload 2287 | systemctl start rc-local 2288 | # REDIS cache configure, adding socket for faster communication on local host. 2289 | apt-get install -y -o DPkg::Lock::Timeout=-1 redis-server >> $insl 2>&1 2290 | sed -i '/# unixsocketperm 700/aunixsocketperm 777' /etc/redis/redis.conf 2291 | sed -i '/# unixsocketperm 700/aunixsocket /var/run/redis/redis.sock' /etc/redis/redis.conf 2292 | usermod -a -G redis $websrv_usr >> $insl 2>&1 2293 | systemctl restart redis >> $insl 2>&1 2294 | fi 2295 | if [ -e $elvf ] 2296 | then 2297 | sysctl vm.overcommit_memory=1 >> $insl 2>&1 2298 | echo "vm.overcommit_memory = 1" >> /etc/sysctl.conf 2299 | echo madvise > /sys/kernel/mm/transparent_hugepage/enabled 2300 | setsebool -P daemons_enable_cluster_mode 1 2301 | if [ -n "$el10" ] || [ -n "$fed42" ] 2302 | then 2303 | dnf install -y -q valkey >> $insl 2>&1 2304 | dnf install -y -q selinux-policy-devel setools-console >> $insl 2>&1 2305 | mkdir /var/run/valkey 2306 | chown valkey:valkey /var/run/valkey 2307 | chmod 777 /var/run/valkey 2308 | sed -i '/# unixsocketperm 700/aunixsocketperm 777' /etc/valkey/valkey.conf 2309 | # sed -i '/# unixsocketperm 700/aunixsocket /var/run/valkey/valkey.sock' /etc/valkey/valkey.conf 2310 | sed -i '/# supervised auto/asupervised systemd' /etc/valkey/valkey.conf 2311 | # Setting up Redis SELinux permissions. 2312 | setsebool -P redis_enable_notify 1 >> $insl 2>&1 2313 | # setsebool -P valkey_enable_notify 1 >> $insl 2>&1 2314 | setsebool -P daemons_dontaudit_scheduling 1 >> $insl 2>&1 2315 | setsebool -P fips_mode 1 >> $insl 2>&1 2316 | setsebool -P nscd_use_shm 1 >> $insl 2>&1 2317 | setsebool -P httpd_can_network_connect=1 >> $insl 2>&1 2318 | 2319 | echo "module php_valkey_access 1.0; 2320 | 2321 | require { 2322 | type var_run_t; 2323 | type httpd_t; 2324 | type unconfined_service_t; 2325 | class sock_file write; 2326 | class unix_stream_socket connectto; 2327 | class sem { associate read unix_read unix_write write }; 2328 | } 2329 | 2330 | #============= httpd_t ============== 2331 | allow httpd_t unconfined_service_t:sem { associate read unix_read unix_write write }; 2332 | allow httpd_t unconfined_service_t:unix_stream_socket connectto; 2333 | allow httpd_t var_run_t:sock_file write;" >> php_valkey_access.te 2334 | 2335 | make -f /usr/share/selinux/devel/Makefile php_valkey_access.pp >> $insl 2>&1 2336 | semodule -i php_valkey_access.pp >> $insl 2>&1 2337 | 2338 | systemctl restart valkey.service >> $insl 2>&1 2339 | systemctl start valkey.service >> $insl 2>&1 2340 | systemctl enable valkey >> $insl 2>&1 2341 | else 2342 | dnf install -y -q redis >> $insl 2>&1 2343 | mkdir /var/run/redis 2344 | chown redis:redis /var/run/redis 2345 | chmod 777 /var/run/redis 2346 | sed -i '/# unixsocketperm 700/aunixsocketperm 777' /etc/redis/redis.conf 2347 | sed -i '/# unixsocketperm 700/aunixsocket /var/run/redis/redis.sock' /etc/redis/redis.conf 2348 | sed -i '/# supervised auto/asupervised systemd' /etc/redis/redis.conf 2349 | # Setting up Redis SELinux permissions. 2350 | setsebool -P redis_enable_notify 1 >> $insl 2>&1 2351 | setsebool -P daemons_dontaudit_scheduling 1 >> $insl 2>&1 2352 | setsebool -P fips_mode 1 >> $insl 2>&1 2353 | setsebool -P nscd_use_shm 1 >> $insl 2>&1 2354 | setsebool -P httpd_can_network_connect=1 >> $insl 2>&1 2355 | 2356 | systemctl start redis.service >> $insl 2>&1 2357 | echo "!!!!!!! Retrying start Redis service, for unknown reason secondary start is working under Rocky Linux 9." >> $insl 2>&1 2358 | systemctl start redis.service >> $insl 2>&1 2359 | systemctl start redis.service >> $insl 2>&1 2360 | systemctl enable redis >> $insl 2>&1 2361 | fi 2362 | fi 2363 | 2364 | echo "!!!!!!! Configuring PHP options" >> $insl 2>&1 2365 | if [ "$nv" = "24" ]; then 2366 | php74_tweaks 2367 | elif [ "$nv" = "25" ]; then 2368 | php81_tweaks 2369 | elif [ "$nv" = "26" ]; then 2370 | php81_tweaks 2371 | elif [ "$nv" = "27" ]; then 2372 | php82_tweaks 2373 | elif [ "$nv" = "28" ]; then 2374 | php82_tweaks 2375 | elif [ "$nv" = "29" ]; then 2376 | php83_tweaks 2377 | elif [ "$nv" = "30" ]; then 2378 | php83_tweaks 2379 | elif [ "$nv" = "31" ]; then 2380 | php84_tweaks 2381 | elif [ "$nv" = "32" ]; then 2382 | php84_tweaks 2383 | elif [ "$nv" = "33" ]; then 2384 | php84_tweaks 2385 | elif [ "$nv" = "34" ]; then 2386 | php84_tweaks 2387 | elif [ "$nv" = "35" ]; then 2388 | php84_tweaks 2389 | elif [ -z "$nv" ]; then 2390 | php_tweaks 2391 | fi 2392 | echo "!!!!!!! Creating certificates for localhost and vhost" >> $insl 2>&1 2393 | echo "Generating keys & certificates for web access." 2394 | # Creating certificate for localhost 2395 | touch /opt/open_ssl.conf 2396 | echo '[req] 2397 | distinguished_name = req_distinguished_name 2398 | x509_extensions = v3_req 2399 | prompt = no 2400 | [req_distinguished_name] 2401 | C = NX 2402 | ST = Internet 2403 | L = Unknown 2404 | O = Nextcloud 2405 | OU = NAS 2406 | CN = Nextcloud Service 2407 | [v3_req] 2408 | keyUsage = keyEncipherment, dataEncipherment 2409 | extendedKeyUsage = serverAuth 2410 | subjectAltName = @alt_names 2411 | [alt_names] 2412 | DNS.1 = localhost 2413 | DNS.2 = local' >> /opt/open_ssl.conf 2414 | # echo '' >> open_ssl.conf 2415 | openssl req -x509 -nodes -days 4096 -newkey rsa:2048 -keyout /opt/nextcloud.key -out /opt/nextcloud.crt -config /opt/open_ssl.conf -extensions 'v3_req' >> $insl 2>&1 2416 | mv /opt/nextcloud.crt /etc/ssl/certs/nextcloud.crt >> $insl 2>&1 2417 | if [ -e $elvf ] 2418 | then 2419 | mkdir /etc/ssl/private 2420 | fi 2421 | mv /opt/nextcloud.key /etc/ssl/private/nextcloud.key >> $insl 2>&1 2422 | # Creating VHost for Apache. 2423 | function gen_apchini { 2424 | echo ' 2425 | ServerAdmin webmaster@localhost 2426 | # ServerName localhost 2427 | DocumentRoot /var/www/nextcloud 2428 | Protocols h2 h2c http/1.1 2429 | ProtocolsHonorOrder Off 2430 | H2WindowSize 5242880 2431 | 2432 | 2433 | Require all granted 2434 | AllowOverride All 2435 | Options FollowSymLinks MultiViews 2436 | 2437 | 2438 | Dav off 2439 | 2440 | 2441 | 2442 | LimitRequestBody 0 2443 | 2444 | # ProxyPass /push/ws ws://127.0.0.1:7867/ws 2445 | # ProxyPass /push/ http://127.0.0.1:7867/ 2446 | # ProxyPassReverse /push/ http://127.0.0.1:7867/ 2447 | 2448 | 2449 | ServerAdmin webmaster@localhost 2450 | # ServerName localhost 2451 | DocumentRoot /var/www/nextcloud 2452 | Protocols h2 h2c http/1.1 2453 | ProtocolsHonorOrder Off 2454 | H2WindowSize 5242880 2455 | 2456 | 2457 | Require all granted 2458 | AllowOverride All 2459 | Options FollowSymLinks MultiViews 2460 | 2461 | 2462 | Dav off 2463 | 2464 | 2465 | 2466 | LimitRequestBody 0 2467 | 2468 | # ProxyPass /push/ws ws://127.0.0.1:7867/ws 2469 | # ProxyPass /push/ http://127.0.0.1:7867/ 2470 | # ProxyPassReverse /push/ http://127.0.0.1:7867/ 2471 | 2472 | SSLEngine on 2473 | SSLCertificateFile /etc/ssl/certs/nextcloud.crt 2474 | SSLCertificateKeyFile /etc/ssl/private/nextcloud.key 2475 | 2476 | ' > $apch_ini 2477 | } 2478 | 2479 | if [ -e $debvf ] 2480 | then 2481 | apch_ini=/etc/apache2/sites-available/nextcloud.conf 2482 | gen_apchini 2483 | sed -i '/<\/VirtualHost>/i \ ErrorLog ${APACHE_LOG_DIR}/error.log' $apch_ini 2484 | sed -i '/<\/VirtualHost>/i \ CustomLog ${APACHE_LOG_DIR}/access.log combined' $apch_ini 2485 | a2enmod ssl >> $insl 2>&1 2486 | a2enmod rewrite >> $insl 2>&1 2487 | a2enmod headers >> $insl 2>&1 2488 | a2enmod env >> $insl 2>&1 2489 | a2enmod dir >> $insl 2>&1 2490 | a2enmod mime >> $insl 2>&1 2491 | a2enmod proxy >> $insl 2>&1 2492 | a2enmod http2 >> $insl 2>&1 2493 | # a2enmod proxy_http >> $insl 2>&1 2494 | # a2enmod proxy_wstunnel >> $insl 2>&1 2495 | a2ensite nextcloud.conf >> $insl 2>&1 2496 | unset apch_ini 2497 | fi 2498 | 2499 | if [ -e $elvf ] 2500 | then 2501 | apch_ini=/etc/httpd/conf.d/nextcloud.conf 2502 | gen_apchini 2503 | sed -i.bak 's/^DocumentRoot "\/var\/www\/html"/DocumentRoot "\/var\/www\/nextcloud"/g' /etc/httpd/conf/httpd.conf 2504 | unset apch_ini 2505 | fi 2506 | 2507 | echo "Installing MariaDB database server." 2508 | echo "!!!!!!! Installing MariaDB database server." >> $insl 2>&1 2509 | if [ -e $debvf ] 2510 | then 2511 | apt-get install -y -o DPkg::Lock::Timeout=-1 mariadb-server >> $insl 2>&1 2512 | fi 2513 | 2514 | if [ -e $elvf ] 2515 | then 2516 | dnf install -y -q mariadb-server mariadb >> $insl 2>&1 2517 | fi 2518 | # Adding MariaDB options. 2519 | function gen_sqlini { 2520 | echo '[server] 2521 | skip-name-resolve 2522 | innodb_flush_log_at_trx_commit = 2 2523 | innodb_log_buffer_size = 32M 2524 | innodb_max_dirty_pages_pct = 90 2525 | query_cache_type = 1 2526 | query_cache_limit = 2M 2527 | query_cache_min_res_unit = 2k 2528 | query_cache_size = 64M 2529 | tmp_table_size= 64M 2530 | max_heap_table_size= 64M 2531 | slow-query-log = 1 2532 | slow-query-log-file = /var/log/mysql/slow.log 2533 | long_query_time = 1 2534 | 2535 | [mysqld] 2536 | innodb_buffer_pool_size=1G 2537 | innodb_io_capacity=4000 2538 | ' >> $sql_ini 2539 | } 2540 | 2541 | if [ -e $debvf ] 2542 | then 2543 | sql_ini=/etc/mysql/mariadb.conf.d/70-nextcloud.cnf 2544 | gen_sqlini 2545 | unset sql_ini 2546 | fi 2547 | 2548 | if [ -e $elvf ] 2549 | then 2550 | sql_ini=/etc/my.cnf.d/nextcloud.cnf 2551 | gen_sqlini 2552 | unset sql_ini 2553 | fi 2554 | systemctl enable mariadb >> $insl 2>&1 2555 | systemctl restart mariadb >> $insl 2>&1 2556 | 2557 | # MariaDB Installed Snapshot. 2558 | echo "!!!!!!! Adding database default entries." >> $insl 2>&1 2559 | # Make sure that NOBODY can access the server without a password. 2560 | mysql -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$mp');" >> $insl 2>&1 2561 | # Kill the anonymous users. 2562 | # mysql -e "DROP USER ''@'localhost'" >> $insl 2>&1 2563 | # Because our hostname varies we'll use some Bash magic here. 2564 | # mysql -e "DROP USER ''@'$(hostname)'" >> $insl 2>&1 2565 | # Disable remote root user access. 2566 | mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" >> $insl 2>&1 2567 | # Kill off the demo database. 2568 | 2569 | # Creating database for Nextcloud. 2570 | mysql -e "SET GLOBAL innodb_default_row_format='dynamic'" >> $insl 2>&1 2571 | mysql -e "CREATE DATABASE nextdrive CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci" >> $insl 2>&1 2572 | mysql -e "GRANT ALL on nextdrive.* to 'nextcloud'@'%' identified by '$mp'" >> $insl 2>&1 2573 | 2574 | # Make our changes take effect. 2575 | mysql -e "FLUSH PRIVILEGES" >> $insl 2>&1 2576 | 2577 | # Importing data into database: enabling smb share in nextcloud, enabling plugins if needed. 2578 | # Export cmd: mysqldump -u root -p --all-databases --skip-lock-tables > alldb.sql 2579 | # Downloading and installing Let's encrypt mechanism. 2580 | echo "!!!!!!! Installing certbot." >> $insl 2>&1 2581 | if [ -e $debvf ] 2582 | then 2583 | apt-get install -y -o DPkg::Lock::Timeout=-1 python3-certbot-apache >> $insl 2>&1 2584 | fi 2585 | if [ -e $elvf ] 2586 | then 2587 | dnf install -y -q python3-certbot-apache >> $insl 2>&1 2588 | fi 2589 | 2590 | # Downloading and installing Nextcloud. 2591 | echo "!!!!!!! Downloading and installing Nextcloud." >> $insl 2>&1 2592 | mkdir /var/www/nextcloud 2593 | mkdir /var/www/nextcloud/data 2594 | 2595 | # Configuring/mounting data directory to specified location 2596 | echo "!!!!!!! Configuring/mounting data directory to specified location." >> $insl 2>&1 2597 | if [ -z "$fdir" ] 2598 | then 2599 | echo "User files directory not configured." >> $insl 2>&1 2600 | else 2601 | cp /etc/fstab /etc/fstab-nc.bak >> $insl 2>&1 2602 | fs_fdir="${fdir// /\\040}" 2603 | echo "$fs_fdir /var/www/nextcloud/data none bind 0 0" >> /etc/fstab 2604 | mount --bind "$fdir" /var/www/nextcloud/data >> $insl 2>&1 2605 | fi 2606 | 2607 | if [ -e latest.zip ] 2608 | then 2609 | mv latest.zip $(date +"%FT%H%M")-latest.zip >> $insl 2>&1 2610 | fi 2611 | 2612 | if [ "$nv" = "24" ]; then 2613 | echo "Downloading and unpacking Nextcloud v$nv." >> $insl 2>&1 2614 | wget -q https://download.nextcloud.com/server/releases/nextcloud-24.0.12.zip >> $insl 2>&1 2615 | mv nextcloud-24.0.12.zip latest.zip >> $insl 2>&1 2616 | elif [ "$nv" = "25" ]; then 2617 | echo "Downloading and unpacking Nextcloud v$nv." >> $insl 2>&1 2618 | wget -q https://download.nextcloud.com/server/releases/nextcloud-25.0.13.zip >> $insl 2>&1 2619 | mv nextcloud-25.0.13.zip latest.zip >> $insl 2>&1 2620 | elif [ "$nv" = "26" ]; then 2621 | echo "Downloading and unpacking Nextcloud v$nv." >> $insl 2>&1 2622 | wget -q https://download.nextcloud.com/server/releases/nextcloud-26.0.13.zip >> $insl 2>&1 2623 | mv nextcloud-26.0.13.zip latest.zip >> $insl 2>&1 2624 | elif [ "$nv" = "27" ]; then 2625 | echo "Downloading and unpacking Nextcloud v$nv." >> $insl 2>&1 2626 | wget -q https://download.nextcloud.com/server/releases/nextcloud-27.1.11.zip >> $insl 2>&1 2627 | mv nextcloud-27.1.11.zip latest.zip >> $insl 2>&1 2628 | elif [ "$nv" = "28" ]; then 2629 | echo "Downloading and unpacking Nextcloud v$nv." >> $insl 2>&1 2630 | wget -q https://download.nextcloud.com/server/releases/nextcloud-28.0.14.zip >> $insl 2>&1 2631 | mv nextcloud-28.0.14.zip latest.zip >> $insl 2>&1 2632 | elif [ "$nv" = "29" ]; then 2633 | echo "Downloading and unpacking Nextcloud v$nv." >> $insl 2>&1 2634 | wget -q https://download.nextcloud.com/server/releases/nextcloud-29.0.16.zip >> $insl 2>&1 2635 | mv nextcloud-29.0.16.zip latest.zip >> $insl 2>&1 2636 | elif [ "$nv" = "30" ]; then 2637 | echo "Downloading and unpacking Nextcloud v$nv." >> $insl 2>&1 2638 | wget -q https://download.nextcloud.com/server/releases/nextcloud-30.0.17.zip >> $insl 2>&1 2639 | mv nextcloud-30.0.17.zip latest.zip >> $insl 2>&1 2640 | elif [ "$nv" = "31" ]; then 2641 | echo "Downloading and unpacking Nextcloud v$nv." >> $insl 2>&1 2642 | wget -q https://download.nextcloud.com/server/releases/nextcloud-31.0.11.zip >> $insl 2>&1 2643 | mv nextcloud-31.0.11.zip latest.zip >> $insl 2>&1 2644 | elif [ "$nv" = "32" ]; then 2645 | echo "Downloading and unpacking Nextcloud v$nv." >> $insl 2>&1 2646 | wget -q https://download.nextcloud.com/server/releases/nextcloud-32.0.2.zip >> $insl 2>&1 2647 | mv nextcloud-32.0.2.zip latest.zip >> $insl 2>&1 2648 | fi 2649 | 2650 | if [ -e latest.zip ] 2651 | then 2652 | unzip -q latest.zip -d /var/www >> $insl 2>&1 2653 | else 2654 | wget -q https://download.nextcloud.com/server/releases/latest.zip >> $insl 2>&1 2655 | unzip -q latest.zip -d /var/www >> $insl 2>&1 2656 | fi 2657 | chown -R $websrv_usr:$websrv_usr /var/www/ 2658 | 2659 | # Preparing SELinux permissions 2660 | if [ -e $elvf ] 2661 | then 2662 | echo "!!!!!!! Apply Nextcloud SELinux permissions." >> $insl 2>&1 2663 | semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/data(/.*)?' >> $insl 2>&1 2664 | semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/config(/.*)?' >> $insl 2>&1 2665 | semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/apps(/.*)?' >> $insl 2>&1 2666 | semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/.htaccess' >> $insl 2>&1 2667 | semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/.user.ini' >> $insl 2>&1 2668 | semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?' >> $insl 2>&1 2669 | restorecon -Rv '/var/www/nextcloud/' >> $insl 2>&1 2670 | fi 2671 | 2672 | # Making Nextcloud preconfiguration. 2673 | echo "!!!!!!!!!!! Making Nextcloud preconfiguration." >> $insl 2>&1 2674 | touch /var/www/nextcloud/config/autoconfig.php 2675 | echo '> /var/www/nextcloud/config/autoconfig.php 2676 | echo '$AUTOCONFIG = array(' >> /var/www/nextcloud/config/autoconfig.php 2677 | echo ' "directory" => "/var/www/nextcloud/data",' >> /var/www/nextcloud/config/autoconfig.php 2678 | echo ' "mysql.utf8mb4" => true,' >> /var/www/nextcloud/config/autoconfig.php 2679 | echo ' "dbtype" => "mysql",' >> /var/www/nextcloud/config/autoconfig.php 2680 | echo ' "dbname" => "nextdrive",' >> /var/www/nextcloud/config/autoconfig.php 2681 | echo ' "dbuser" => "nextcloud",' >> /var/www/nextcloud/config/autoconfig.php 2682 | echo " \"dbpass\" => \"$mp\"," >> /var/www/nextcloud/config/autoconfig.php 2683 | echo ' "dbhost" => "localhost",' >> /var/www/nextcloud/config/autoconfig.php 2684 | echo ' "dbtableprefix" => "1c_",' >> /var/www/nextcloud/config/autoconfig.php 2685 | echo ' "adminlogin" => "SuperAdmin",' >> /var/www/nextcloud/config/autoconfig.php 2686 | echo " \"adminpass\" => \"$mp2\"," >> /var/www/nextcloud/config/autoconfig.php 2687 | echo ');' >> /var/www/nextcloud/config/autoconfig.php 2688 | 2689 | sudo -u $websrv_usr php /var/www/nextcloud/occ maintenance:install --database \ 2690 | "mysql" --database-name "nextdrive" --database-user "nextcloud" --database-pass \ 2691 | "$mp" --admin-user "SuperAdmin" --admin-pass "$mp2" >> $insl 2>&1 2692 | 2693 | if [ "$lang" = "ar" ] 2694 | then 2695 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set default_language --value="ar" >> $insl 2>&1 2696 | fi 2697 | 2698 | if [ "$lang" = "zh" ] 2699 | then 2700 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set default_language --value="zh" >> $insl 2>&1 2701 | fi 2702 | 2703 | if [ "$lang" = "fr" ] 2704 | then 2705 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set default_language --value="fr" >> $insl 2>&1 2706 | fi 2707 | 2708 | if [ "$lang" = "hi" ] 2709 | then 2710 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set default_language --value="hi" >> $insl 2>&1 2711 | fi 2712 | 2713 | if [ "$lang" = "pl" ] 2714 | then 2715 | # Adding default language and locales 2716 | # 'default_language' => 'pl', 2717 | # 'default_locale' => 'pl', 2718 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set default_language --value="pl" >> $insl 2>&1 2719 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set default_locale --value="pl_PL" >> $insl 2>&1 2720 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set default_phone_region --value="PL" >> $insl 2>&1 2721 | fi 2722 | 2723 | if [ "$lang" = "es" ] 2724 | then 2725 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set default_language --value="es" >> $insl 2>&1 2726 | fi 2727 | 2728 | if [ "$lang" = "uk" ] 2729 | then 2730 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set default_language --value="uk" >> $insl 2>&1 2731 | fi 2732 | 2733 | # Enabling APCu and Redis in config file - default cache engine now. 2734 | if [ -n "$el10" ] || [ -n "$fed42" ] 2735 | then 2736 | sed -i "/installed' => true,/a\ \ 'memcache.local' => '\\\OC\\\Memcache\\\APCu',\n\ \ 'filelocking.enabled' => true,\n \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis',\n \ 'memcache.distributed' => '\\\OC\\\Memcache\\\Redis',\n \ 'redis' =>\n \ array (\n \ \ 'host' => '/var/run/valkey/valkey.sock',\n \ \ 'port' => 0,\n \ \ 'dbindex' => 0,\n \ \ 'timeout' => 600.0,\n \ )," /var/www/nextcloud/config/config.php 2737 | else 2738 | sed -i "/installed' => true,/a\ \ 'memcache.local' => '\\\OC\\\Memcache\\\APCu',\n\ \ 'filelocking.enabled' => true,\n \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis',\n \ 'memcache.distributed' => '\\\OC\\\Memcache\\\Redis',\n \ 'redis' =>\n \ array (\n \ \ 'host' => '/var/run/redis/redis.sock',\n \ \ 'port' => 0,\n \ \ 'dbindex' => 0,\n \ \ 'timeout' => 600.0,\n \ )," /var/www/nextcloud/config/config.php 2739 | fi 2740 | 2741 | echo "Tweaking Nextcloud configuration, adding IP's, installing NC apps etc." 2742 | # Disabling info about creating free account on shared pages/links when logged out (because it is missleading for private nextcloud instances). 2743 | sed -i "/installed' => true,/a\ \ 'simpleSignUpLink.shown' => false," /var/www/nextcloud/config/config.php 2744 | 2745 | # Setting up maintenance window start time to 1 am (UTC). 2746 | maintenance_window_setup 2747 | 2748 | # Command below should do nothing, but once in the past i needed that, so let it stay here... 2749 | # 22.11.2025 - enabled again, NC 32.0.2 need this after clean install, hell yeah! 2750 | sudo -u $websrv_usr php /var/www/nextcloud/occ db:add-missing-indices >> $insl 2>&1 2751 | 2752 | # Enabling plugins. Adding more trusted domains. 2753 | # Preparing list of local IP addresses to add. 2754 | hostname -I | xargs -n1 >> /root/ips.local 2755 | > $insl 2>&1; 2756 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set trusted_domains 97 --value="127.0.0.1" >> $insl 2>&1 2757 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set trusted_domains 98 --value="nextdrive" >> $insl 2>&1 2758 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set trusted_domains 99 --value="nextcloud" >> $insl 2>&1 2759 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set ALLOW_SELF_SIGNED --value="true" >> $insl 2>&1 2760 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set enable_previews --value="true" >> $insl 2>&1 2761 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set preview_max_memory --value="512" >> $insl 2>&1 2762 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set preview_max_x --value="12288" >> $insl 2>&1 2763 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set preview_max_y --value="6912" >> $insl 2>&1 2764 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set auth.bruteforce.protection.enabled --value="true" >> $insl 2>&1 2765 | mkdir /var/www/nextcloud/core/.null >> $insl 2>&1 2766 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set skeletondirectory --value="core/.null" >> $insl 2>&1 2767 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:install contacts >> $insl 2>&1 2768 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:install notes >> $insl 2>&1 2769 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:install deck >> $insl 2>&1 2770 | # sudo -u $websrv_usr php /var/www/nextcloud/occ app:install spreed >> $insl 2>&1 2771 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:install calendar >> $insl 2>&1 2772 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:enable calendar >> $insl 2>&1 2773 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:install files_rightclick >> $insl 2>&1 2774 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:enable files_rightclick >> $insl 2>&1 2775 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:disable updatenotification >> $insl 2>&1 2776 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:enable tasks >> $insl 2>&1 2777 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:enable groupfolders >> $insl 2>&1 2778 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:install twofactor_totp >> $insl 2>&1 2779 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:enable twofactor_totp >> $insl 2>&1 2780 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:install twofactor_webauthn >> $insl 2>&1 2781 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:enable twofactor_webauthn >> $insl 2>&1 2782 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:install camerarawpreviews >> $insl 2>&1 2783 | sudo -u $websrv_usr php /var/www/nextcloud/occ app:enable camerarawpreviews >> $insl 2>&1 2784 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:app:set files max_chunk_size --value="20971520" >> $insl 2>&1 2785 | 2786 | # Import certificate by Nextcloud so it will not cry that it'cant check for mjs support by JavaScript MIME type on server. 2787 | # Actually it do not resolve problem with information, so i think it is just another inside error ignored by NC. 2788 | sudo -u $websrv_usr php /var/www/nextcloud/occ security:certificates:import /etc/ssl/certs/nextcloud.crt >> $insl 2>&1 2789 | 2790 | # Below lines will give more data if something goes wrong! 2791 | curl -I http://127.0.0.1/ >> $insl 2>&1 2792 | echo "!!!!!!!!!!! Copying nextcloud.log file after empty call for future diagnose." >> $insl 2>&1 2793 | cat /var/www/nextcloud/data/nextcloud.log >> $insl 2>&1 2794 | 2795 | # Disable .htaccess blocking because we use nginx that do not use it, also it should be handled by Nextcloud itself! 2796 | # sed -i "/CONFIG = array (/a\ \ 'blacklisted_files' => array()," /var/www/nextcloud/config/config.php 2797 | 2798 | if [ -e $debvf ] 2799 | then 2800 | systemctl stop apache2 >> $insl 2>&1 2801 | fi 2802 | 2803 | if [ -e $elvf ] 2804 | then 2805 | systemctl stop httpd >> $insl 2>&1 2806 | fi 2807 | 2808 | # Another lines that helped me in the past are here to stay... 2809 | # sudo -u $websrv_usr php /var/www/nextcloud/occ maintenance:mode --on >> $insl 2>&1 2810 | sudo -u $websrv_usr php /var/www/nextcloud/occ db:convert-filecache-bigint --no-interaction >> $insl 2>&1 2811 | # sudo -u $websrv_usr php /var/www/nextcloud/occ maintenance:mode --off >> $insl 2>&1 2812 | 2813 | # Preparing cron service to run cron.php every 5 minute. 2814 | echo "!!!!!!!!!!! Creating cron configuration." >> $insl 2>&1 2815 | touch /etc/systemd/system/nextcloudcron.service 2816 | touch /etc/systemd/system/nextcloudcron.timer 2817 | 2818 | echo '[Unit]' >> /etc/systemd/system/nextcloudcron.service 2819 | echo 'Description=Nextcloud cron.php job' >> /etc/systemd/system/nextcloudcron.service 2820 | echo '' >> /etc/systemd/system/nextcloudcron.service 2821 | echo '[Service]' >> /etc/systemd/system/nextcloudcron.service 2822 | echo -e "User=$websrv_usr" >> /etc/systemd/system/nextcloudcron.service 2823 | echo 'ExecStart=php -f /var/www/nextcloud/cron.php' >> /etc/systemd/system/nextcloudcron.service 2824 | echo '' >> /etc/systemd/system/nextcloudcron.service 2825 | echo '[Install]' >> /etc/systemd/system/nextcloudcron.service 2826 | echo 'WantedBy=basic.target' >> /etc/systemd/system/nextcloudcron.service 2827 | 2828 | echo '[Unit]' >> /etc/systemd/system/nextcloudcron.timer 2829 | echo 'Description=Run Nextcloud cron.php every 5 minutes' >> /etc/systemd/system/nextcloudcron.timer 2830 | echo '' >> /etc/systemd/system/nextcloudcron.timer 2831 | echo '[Timer]' >> /etc/systemd/system/nextcloudcron.timer 2832 | echo 'OnBootSec=5min' >> /etc/systemd/system/nextcloudcron.timer 2833 | echo 'OnUnitActiveSec=5min' >> /etc/systemd/system/nextcloudcron.timer 2834 | echo 'Unit=nextcloudcron.service' >> /etc/systemd/system/nextcloudcron.timer 2835 | echo '' >> /etc/systemd/system/nextcloudcron.timer 2836 | echo '[Install]' >> /etc/systemd/system/nextcloudcron.timer 2837 | echo 'WantedBy=timers.target' >> /etc/systemd/system/nextcloudcron.timer 2838 | 2839 | systemctl start nextcloudcron.timer >> $insl 2>&1 2840 | systemctl enable nextcloudcron.timer >> $insl 2>&1 2841 | restart_websrv 2842 | # Additional things that may fix some unknown Nextcloud problems (that appeared for me when started using v19). 2843 | chown -R $websrv_usr:$websrv_usr /var/www/nextcloud 2844 | chmod 775 /var/www/nextcloud 2845 | 2846 | sudo -u $websrv_usr php /var/www/nextcloud/occ maintenance:repair --include-expensive >> $rstl 2>&1 2847 | sudo -u $websrv_usr php /var/www/nextcloud/occ files:scan-app-data >> $insl 2>&1 2848 | sudo -u $websrv_usr php /var/www/nextcloud/occ files:scan --all >> $insl 2>&1 2849 | sudo -u $websrv_usr php /var/www/nextcloud/occ files:cleanup; >> $insl 2>&1 2850 | # sudo -u $websrv_usr php /var/www/nextcloud/occ preview:generate-all -vvv 2851 | 2852 | # hide index.php from urls. 2853 | sed -i "/installed' => true,/a\ \ 'htaccess.RewriteBase' => '/'," /var/www/nextcloud/config/config.php 2854 | sudo -u $websrv_usr php /var/www/nextcloud/occ maintenance:update:htaccess >> $insl 2>&1 2855 | 2856 | preview_tweaks 2857 | 2858 | echo "Using UPNP to open ports for now." >> $insl 2>&1 2859 | upnpc -e "Web Server HTTP" -a $addr1 80 80 TCP >> $insl 2>&1 2860 | upnpc -e "Web Server HTTPS" -a $addr1 443 443 TCP >> $insl 2>&1 2861 | 2862 | if [ -z "$dm" ] 2863 | then 2864 | echo "Skipping additional domain configuration." 2865 | else 2866 | echo "Configuring additional domain name." 2867 | echo "!!!!!!! Configuring additional domain name" >> $insl 2>&1 2868 | sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set trusted_domains 96 --value="$dm" >> $insl 2>&1 2869 | if [ -e $debvf ] 2870 | then 2871 | sed -i '/ServerName localhost/aServerName '"$dm"'' /etc/apache2/sites-available/nextcloud.conf >> $insl 2>&1 2872 | fi 2873 | if [ -e $elvf ] 2874 | then 2875 | sed -i '/ServerName localhost/aServerName '"$dm"'' /etc/httpd/conf.d/nextcloud.conf >> $insl 2>&1 2876 | fi 2877 | echo "Configuring Let's encrypt." 2878 | if [ -z "$mail" ] 2879 | then 2880 | echo "Skipping adding email configuration for Let's encrypt." 2881 | if [ -e $debvf ] 2882 | then 2883 | certbot --register-unsafely-without-email --apache --agree-tos -d $dm >> $insl 2>&1 2884 | (crontab -l 2>/dev/null; echo "0 4 1,15 * * /usr/bin/certbot renew") | crontab - 2885 | fi 2886 | if [ -e $elvf ] 2887 | then 2888 | certbot-3 --non-interactive --register-unsafely-without-email --apache --agree-tos -d $dm >> $insl 2>&1 2889 | (crontab -l 2>/dev/null; echo "0 4 1,15 * * /usr/bin/certbot-3 renew") | crontab - 2890 | fi 2891 | else 2892 | if [ -e $debvf ] 2893 | then 2894 | certbot --email $mail --apache --agree-tos -d $dm >> $insl 2>&1 2895 | (crontab -l 2>/dev/null; echo "0 4 1,15 * * /usr/bin/certbot renew") | crontab - 2896 | fi 2897 | if [ -e $elvf ] 2898 | then 2899 | certbot-3 --non-interactive --email $mail --apache --agree-tos -d $dm >> $insl 2>&1 2900 | (crontab -l 2>/dev/null; echo "0 4 1,15 * * /usr/bin/certbot-3 renew") | crontab - 2901 | fi 2902 | 2903 | fi 2904 | fi 2905 | 2906 | if [ -z "$mail" ] 2907 | then 2908 | echo "Skipping adding email address as webmaster inside apache configuration." 2909 | else 2910 | echo "Adding email address as webmaster inside apache configuration." 2911 | echo "Adding email address as webmaster inside apache configuration." >> $insl 2>&1 2912 | if [ -e $debvf ] 2913 | then 2914 | sed -i 's/\bwebmaster@localhost\b/'"$mail"'/g' /etc/apache2/sites-available/nextcloud.conf 2915 | fi 2916 | if [ -e $elvf ] 2917 | then 2918 | sed -i 's/\bwebmaster@localhost\b/'"$mail"'/g' /etc/httpd/conf.d/nextcloud.conf 2919 | fi 2920 | fi 2921 | 2922 | # HPB Configuration 2923 | # gwaddr=$( route -n | grep 'UG[ \t]' | awk '{print $2}' ) 2924 | # echo "Enabling HPB" >> $insl 2>&1 2925 | # sudo -u $websrv_usr php /var/www/nextcloud/occ app:install notify_push >> $insl 2>&1 2926 | # touch /etc/systemd/system/nextcloud_hpb.service 2927 | # echo '[Unit] 2928 | # Description = Nextcloud High Performance Backend Push Service 2929 | # After=redis.service mariadb.service 2930 | # 2931 | # [Service] 2932 | # Environment = PORT=7867 2933 | # ExecStart = /var/www/nextcloud/apps/notify_push/bin/x86_64/notify_push /var/www/nextcloud/config/config.php 2934 | # User=$websrv_usr 2935 | # 2936 | # [Install] 2937 | # WantedBy = multi-user.target 2938 | # ' >> /etc/systemd/system/nextcloud_hpb.service 2939 | # systemctl enable nextcloud_hpb >> $insl 2>&1 2940 | # service nextcloud_hpb start >> $insl 2>&1 2941 | # echo -ne '\n' | sudo -u $websrv_usr php /var/www/nextcloud/occ notify_push:setup >> $insl 2>&1 2942 | # > $insl 2>&1 2944 | # sudo -u $websrv_usr php /var/www/nextcloud/occ config:system:set trusted_proxies 98 --value="$addr" >> $insl 2>&1 2945 | #if [ $# -eq 0 ] 2946 | #then 2947 | # sudo -u $websrv_usr php /var/www/nextcloud/occ notify_push:setup https://$addr/push >> $insl 2>&1 2948 | #else 2949 | # sudo -u $websrv_usr php /var/www/nextcloud/occ notify_push:setup https://$1/push >> $insl 2>&1 2950 | #fi 2951 | 2952 | # Finished!!! 2953 | echo "" 2954 | echo "Job done! Now make last steps in Your web browser!" 2955 | echo "Use # certbot if You want SSL certificate for domain name." 2956 | echo "" 2957 | if [ -z "$dm" ] 2958 | then 2959 | echo "You may access Your Nextcloud instalation using this address: 2960 | http://$addr or 2961 | https://$addr" 2962 | else 2963 | echo "You may access Your Nextcloud instalation using this address: 2964 | http://$addr or 2965 | https://$addr or 2966 | https://$dm" 2967 | fi 2968 | 2969 | echo "Try to use httpS - there are known Nextcloud problems with Firefox without SSL." 2970 | echo "" 2971 | echo -e "Here are the important passwords, \e[1;31mbackup them!!!\e[39;0m" 2972 | echo "---------------------------------------------------------------------------" 2973 | echo -e "Database settings generated are: 2974 | login: \e[1;32mnextcloud\e[39;0m 2975 | database: \e[1;32mnextdrive\e[39;0m 2976 | password: \e[1;32m$mp\e[39;0m" 2977 | echo "---------------------------------------------------------------------------" 2978 | echo "Preconfigured Nextcloud administration user:" 2979 | echo -e "login: \e[38;5;214mSuperAdmin\e[39;0m 2980 | password: \e[1;32m$mp2\e[39;0m" 2981 | echo "---------------------------------------------------------------------------" 2982 | echo "Install finished." >> $insl 2>&1 2983 | date >> $insl 2>&1 2984 | echo "---------------------------------------------------------------------------" >> $insl 2>&1 2985 | rm -rf /root/php_valkey_access.fc php_valkey_access.if php_valkey_access.pp php_valkey_access.te 2986 | rm -rf /root/dbpass 2987 | rm -rf /root/superadminpass 2988 | rm -rf /root/ips.local 2989 | rm -rf /opt/latest.tar.bz2 2990 | rm -rf /opt/localhost.crt 2991 | rm -rf /opt/localhost.key 2992 | rm -rf /opt/nextcloud.crt 2993 | rm -rf /opt/nextcloud.key 2994 | rm -rf /opt/open_ssl.conf 2995 | rm -rf /opt/latest.zip 2996 | rm -rf $cdir/latest.zip 2997 | rm -rf $cdir/latest.tar.bz2 2998 | rm -rf $cdir/ips.local 2999 | rm -rf $cdir/superadminpass 3000 | rm -rf $cdir/dbpass 3001 | rm -rf /var/www/nextcloud/config/autoconfig.php 3002 | rm -rf /var/www/nextcloud/data/nextcloud.log 3003 | if [ -e $debvf ] 3004 | then 3005 | apt-get autoremove -y >> $insl 2>&1 3006 | fi 3007 | restart_websrv 3008 | touch $ver_file 3009 | echo "Version $ver was succesfully installed at $(date +%d-%m-%Y_%H:%M:%S)" >> $ver_file 3010 | echo "pver=$ver lang=$lang mail=$mail dm=$dm nv=$nv fdir=$fdir" >> $ver_file 3011 | mv $cdir/$scrpt.sh $scrpt-$(date +"%FT%H%M").sh 3012 | echo "Script filename changed to $scrpt-$(date +"%FT%H%M").sh" 3013 | echo "Script filename changed to $scrpt-$(date +"%FT%H%M").sh" >> $insl 2>&1 3014 | echo "!!!!!!! Install finished!" >> $insl 2>&1 3015 | unset LC_ALL 3016 | exit 0 3017 | --------------------------------------------------------------------------------