Newer
Older
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# RSS reader application
#
# License
# =======
#
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
SHOW_CLEARNET_ADDRESS_ON_ABOUT=0
RSS_READER_COMMIT='9e84bab449f9ed55e02e60378b0af1521026f3b8'
RSS_READER_ADMIN_PASSWORD=
RSS_READER_ONION_PORT=8092
RSS_MOBILE_READER_ONION_PORT=8095
RSS_READER_DOMAIN_NAME=ttrss
RSS_MOBILE_READER_REPO="https://github.com/mboinet/ttrss-mobile"
RSS_MOBILE_READER_COMMIT='d5242e1c269e9480ab3b66b7a38da3c892dfb326'
RSS_READER_PATH=/etc/share/tt-rss
rss_variables=(RSS_READER_REPO
RSS_MOBILE_READER_REPO
RSS_READER_ADMIN_PASSWORD
RSS_READER_DOMAIN_NAME
USB_MOUNT
MY_USERNAME)
function logging_on_rss {
echo -n ''
}
function logging_off_rss {
echo -n ''
}
function install_interactive_rss {
echo -n ''
#${PROJECT_NAME}-pass -u "$curr_username" -a rss -p "$new_user_password"
function rss_create_database {
if [ -f "$IMAGE_PASSWORD_FILE" ]; then
RSS_READER_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
if [ ! "$RSS_READER_ADMIN_PASSWORD" ]; then
RSS_READER_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
return
fi
function_check create_database
function reconfigure_rss {
}
function upgrade_rss {
CURR_RSS_READER_COMMIT=$(get_completion_param "rss reader commit")
if [[ "$CURR_RSS_READER_COMMIT" == "$RSS_READER_COMMIT" ]]; then
return
fi
RSS_MOBILE_READER_PATH=/etc/share/ttrss-mobile
set_repo_commit $RSS_READER_PATH "rss reader commit" "$RSS_READER_COMMIT" $RSS_READER_REPO
function_check rss_modifications
rss_modifications
if [[ $(app_is_installed rss_mobile_reader) == "1" ]]; then
if [ ! $RSS_READER_PATH ]; then
RSS_READER_PATH=/etc/share/tt-rss
fi
if [ ! -d $RSS_READER_PATH ]; then
echo $'tt-rss is not installed, so the mobile version cannot be installed'
fi
# remove any previous install
if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
sed -i '/install_rss_mobile_reader/d' "$COMPLETION_FILE"
sed -i '/rss mobile reader commit/d' "$COMPLETION_FILE"
rm -rf $RSS_READER_PATH/g2ttree-mobile
fi
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit $RSS_MOBILE_READER_PATH "rss mobile reader commit" "$RSS_MOBILE_READER_COMMIT" $RSS_MOBILE_READER_REPO
chown -R www-data:www-data $RSS_MOBILE_READER_PATH
chown -R www-data:www-data $RSS_READER_PATH
chmod a+x $RSS_MOBILE_READER_PATH
if [ -d /etc/share/tt-rss ]; then
echo $"Backing up ttrss"
function_check get_mariadb_password
get_mariadb_password
function_check backup_database_to_usb
backup_database_to_usb ttrss
function_check get_mariadb_password
get_mariadb_password
if [ -d $temp_restore_dir/etc/share/tt-rss ]; then
if [ -d $temp_restore_dir/etc/share/tt-rss ]; then
rm -rf /etc/share/tt-rss
mv $temp_restore_dir/etc/share/tt-rss /etc/share/
else
if [ ! -d /etc/share/tt-rss ]; then
mkdir -p /etc/share/tt-rss
fi
cp -r $temp_restore_dir/* /etc/share/tt-rss/
fi
if [ ! "$?" = "0" ]; then
function_check set_user_permissions
set_user_permissions
function_check backup_unmount_drive
backup_unmount_drive
fi
if [ -d /etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME} ]; then
ln -s "/etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME}/privkey.pem" "/etc/ssl/private/${2}.key"
ln -s "/etc/letsencrypt/live/${RSS_READER_DOMAIN_NAME}/fullchain.pem" "/etc/ssl/certs/${2}.pem"
else
# Ensure that the bundled SSL cert is being used
if [ -f /etc/ssl/certs/${RSS_READER_DOMAIN_NAME}.bundle.crt ]; then
sed -i "s|${RSS_READER_DOMAIN_NAME}.crt|${RSS_READER_DOMAIN_NAME}.bundle.crt|g" "/etc/nginx/sites-available/${2}"
fi
fi
fi
function_check rss_modifications
rss_modifications
chown -R www-data:www-data /etc/share/tt-rss
if [ -d $temp_restore_dir ]; then
rm -rf $temp_restore_dir
sed -i "s|define('DB_PASS'.*|define('DB_PASS', '${MARIADB_PASSWORD}');|g" $RSS_READER_PATH/config.php
MARIADB_PASSWORD=
if [ ${#RSS_READER_DOMAIN_NAME} -eq 0 ]; then
return
fi
nginx_dissite $RSS_READER_DOMAIN_NAME
function_check remove_onion_service
remove_onion_service mobilerss ${RSS_MOBILE_READER_ONION_PORT}
remove_onion_service rss ${RSS_READER_ONION_PORT}
if [ -f /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
fi
if [ -d $RSS_READER_PATH ]; then
rm -rf $RSS_READER_PATH
fi
function_check drop_database
drop_database ttrss
sed -i '/RSS /d' "$COMPLETION_FILE"
sed -i '/rss /d' "$COMPLETION_FILE"
sed -i '/rss_/d' "$COMPLETION_FILE"
# modify the rss reader to use a socks5 proxy rather than a http proxy
if [ ! -d $RSS_READER_PATH ]; then
return
fi
if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/plugins/af_unburn/init.php; then
sed -i "/curl_setopt(\$ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\\\t\\t\\t\\t\\tcurl_setopt(\$ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);" "$RSS_READER_PATH/plugins/af_unburn/init.php"
if ! grep -q "CURLPROXY_SOCKS5" $RSS_READER_PATH/include/functions.php; then
sed -i "/curl_setopt(\$ch, CURLOPT_PROXY, _CURL_HTTP_PROXY);/a \\\\t\\t\\t\\tcurl_setopt(\$ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);" "$RSS_READER_PATH/include/functions.php"
rss_modified=1
fi
if [ $rss_modified ]; then
cd $RSS_READER_PATH || exit 56
fi
chown -R www-data:www-data $RSS_READER_PATH
remove_onion_service rss ${RSS_READER_ONION_PORT} ${RSS_MOBILE_READER_ONION_PORT}
$INSTALL_PACKAGES php-gettext php-curl php-gd php-mysql git
$INSTALL_PACKAGES curl php-mcrypt libfcgi0ldbl
remove_onion_service mobilerss ${RSS_MOBILE_READER_ONION_PORT}
remove_onion_service rss ${RSS_READER_ONION_PORT}
if [ ! -d /etc/share ]; then
mkdir /etc/share
fi
cd /etc/share || exit 46
if [ -d /repos/rss ]; then
mkdir tt-rss
git pull
else
function_check git_clone
git_clone $RSS_READER_REPO tt-rss
fi
if [ ! -d $RSS_READER_PATH ]; then
echo $'Could not clone RSS reader repo'
cd $RSS_READER_PATH || exit 42
git checkout $RSS_READER_COMMIT -b $RSS_READER_COMMIT
function_check install_mariadb
install_mariadb
function_check get_mariadb_password
get_mariadb_password
function_check repair_databases_script
repair_databases_script
rss_create_database
RSS_READER_ONION_HOSTNAME=$(add_onion_service rss 80 ${RSS_READER_ONION_PORT})
RSS_MOBILE_READER_ONION_HOSTNAME=$(add_onion_service mobilerss 80 ${RSS_MOBILE_READER_ONION_PORT})
{ echo 'server {';
echo " listen 127.0.0.1:$RSS_MOBILE_READER_ONION_PORT;";
echo " server_name $RSS_MOBILE_READER_ONION_HOSTNAME;";
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' root /etc/share/ttrss-mobile;';
echo ' index index.html index.php;';
echo '';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo " fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock;";
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
echo ' fastcgi_read_timeout 30;';
echo ' }';
echo '';
echo ' location / {';
echo " try_files \$uri \$uri/ @ttrss;";
echo ' }';
echo ' location /tt-rss {';
echo " try_files \$uri \$uri/ @ttrss_base;";
echo ' }';
echo '';
echo ' location @ttrss {';
echo " rewrite ^(.*)\$ /index.html?p=\$1 last;";
echo ' }';
echo ' location @ttrss_base {';
echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }';
echo '';
echo ' location ~ /\.(git) {';
echo ' deny all;';
echo ' }';
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Permitted-Cross-Domain-Policies none;';
echo ' add_header X-Frame-Options SAMEORIGIN;';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' client_max_body_size 15m;';
echo '}';
echo '';
echo 'server {';
echo " listen 127.0.0.1:$RSS_READER_ONION_PORT default_server;";
echo " server_name $RSS_READER_ONION_HOSTNAME;";
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' root /etc/share/tt-rss;';
echo ' index index.php;';
echo '';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo " fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock;";
echo ' fastcgi_read_timeout 30;';
echo ' }';
echo '';
echo " set \$mobile_rewrite do_not_perform;";
echo '';
echo ' ## chi http_user_agent for mobile / smart phones ##';
echo " if (\$http_user_agent ~* \"(android|bb\\d+|meego).+mobile|avantgo|bada\\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino\") {";
echo " set \$mobile_rewrite perform;";
echo ' }';
echo '';
echo " if (\$http_user_agent ~* \"^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\\-(n|u)|c55\\/|capi|ccwa|cdm\\-|cell|chtm|cldc|cmd\\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\\-s|devi|dica|dmob|do(c|p)o|ds(12|\\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\\-|_)|g1 u|g560|gene|gf\\-5|g\\-mo|go(\\.w|od)|gr(ad|un)|haie|hcit|hd\\-(m|p|t)|hei\\-|hi(pt|ta)|hp( i|ip)|hs\\-c|ht(c(\\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\\-(20|go|ma)|i230|iac( |\\-|\\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\\/)|klon|kpt |kwc\\-|kyo(c|k)|le(no|xi)|lg( g|\\/(k|l|u)|50|54|\\-[a-w])|libw|lynx|m1\\-w|m3ga|m50\\/|ma(te|ui|xo)|mc(01|21|ca)|m\\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\\-2|po(ck|rt|se)|prox|psio|pt\\-g|qa\\-a|qc(07|12|21|32|60|\\-[2-7]|i\\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\\-|oo|p\\-)|sdk\\/|se(c(\\-|0|1)|47|mc|nd|ri)|sgh\\-|shar|sie(\\-|m)|sk\\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\\-|v\\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\\-|tdg\\-|tel(i|m)|tim\\-|t\-mo|to(pl|sh)|ts(70|m\\-|m3|m5)|tx\\-9|up(\\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\\-|your|zeto|zte\\-)\") {";
echo " set \$mobile_rewrite perform;";
echo ' }';
echo '';
echo " if (\$mobile_rewrite = perform) {";
echo " rewrite ^/(.*) http://$RSS_MOBILE_READER_ONION_HOSTNAME permanent;";
echo ' break;';
echo ' }';
echo '';
echo ' location ~ \.php {';
echo ' include snippets/fastcgi-php.conf;';
echo " fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock;";
echo ' }';
echo '';
echo ' location / {';
echo " try_files \$uri \$uri/ @ttrss;";
echo ' }';
echo '';
echo ' location @ttrss {';
echo " rewrite ^(.*)\$ /index.php?p=\$1 last;";
echo ' }';
echo '';
echo ' location ~ /\.(git) {';
echo ' deny all;';
echo ' }';
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Download-Options noopen;';
echo ' add_header X-Permitted-Cross-Domain-Policies none;';
echo ' add_header X-Frame-Options SAMEORIGIN;';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' client_max_body_size 15m;';
echo '}'; } > "/etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME"
if [ ! -f $RSS_READER_PATH/config.php ]; then
# generate a config file
RSS_FEED_CRYPT_KEY="$(create_password 24)"
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
{ echo '<?php';
echo " define('_CURL_HTTP_PROXY', '127.0.0.1:9050');";
echo " define('DB_TYPE', 'mysql');";
echo " define('DB_HOST', 'localhost');";
echo " define('DB_USER', 'root');";
echo " define('DB_NAME', 'ttrss');";
echo " define('DB_PASS', '${MARIADB_PASSWORD}');";
echo " define('DB_PORT', '3306');";
echo " define('MYSQL_CHARSET', 'UTF8');";
echo " define('SELF_URL_PATH', 'http://${RSS_READER_ONION_HOSTNAME}/');";
echo " define('FEED_CRYPT_KEY', '${RSS_FEED_CRYPT_KEY}');";
echo " define('SINGLE_USER_MODE', false);";
echo " define('SIMPLE_UPDATE_MODE', false);";
echo " define('PHP_EXECUTABLE', '/usr/bin/php');";
echo " define('LOCK_DIRECTORY', 'lock');";
echo " define('CACHE_DIR', 'cache');";
echo " define('ICONS_DIR', \"feed-icons\");";
echo " define('ICONS_URL', \"feed-icons\");";
echo " define('AUTH_AUTO_CREATE', true);";
echo " define('AUTH_AUTO_LOGIN', true);";
echo " define('FORCE_ARTICLE_PURGE', 0);";
echo " define('PUBSUBHUBBUB_HUB', '');";
echo " define('PUBSUBHUBBUB_ENABLED', false);";
echo " define('SPHINX_SERVER', 'localhost:9312');";
echo " define('SPHINX_INDEX', 'ttrss, delta');";
echo " define('ENABLE_REGISTRATION', false);";
echo " define('REG_NOTIFY_ADDRESS', '${MY_EMAIL_ADDRESS}');";
echo " define('REG_MAX_USERS', 10);";
echo " define('SESSION_COOKIE_LIFETIME', 86400);";
echo " define('SMTP_FROM_NAME', 'Tiny Tiny RSS');";
echo " define('SMTP_FROM_ADDRESS', 'noreply@${RSS_READER_ONION_HOSTNAME}');";
echo " define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');";
echo " define('SMTP_SERVER', '');";
echo " define('SMTP_LOGIN', '');";
echo " define('SMTP_PASSWORD', '');";
echo " define('SMTP_SECURE', '');";
echo " define('CHECK_FOR_UPDATES', false);";
echo " define('ENABLE_GZIP_OUTPUT', false);";
echo " define('PLUGINS', 'auth_internal, note, gnusocial');";
echo " define('LOG_DESTINATION', 'sql');";
echo " define('CONFIG_VERSION', 26);"; } > $RSS_READER_PATH/config.php
fi
# initialize the database
if [ ! -f $RSS_READER_PATH/schema/ttrss_schema_mysql.sql ]; then
echo $'No database schema found for rss reader'
fi
initialise_database ttrss $RSS_READER_PATH/schema/ttrss_schema_mysql.sql
# change the password from the default
RSS_READER_ADMIN_PASSWORD_HASH=$(echo -n "${RSS_READER_ADMIN_PASSWORD}" | sha1sum | awk -F ' ' '{print $1}')
function_check run_query
run_query ttrss "update ttrss_users set pwd_hash = 'SHA1:${RSS_READER_ADMIN_PASSWORD_HASH}', salt= '' WHERE login = 'admin';"
function_check rss_modifications
rss_modifications
function_check configure_php
configure_php
nginx_ensite $RSS_READER_DOMAIN_NAME
# shellcheck disable=SC2086
systemctl restart php${PHP_VERSION}-fpm
systemctl restart nginx
# daemon to update feeds
{ echo '[Unit]';
echo 'Description=ttrss_backend';
echo 'After=network.target mariadb.service';
echo 'After=tor.service';
echo '';
echo '[Service]';
echo 'User=www-data';
echo "ExecStart=/usr/bin/php $RSS_READER_PATH/update.php --daemon";
echo 'PrivateTmp=true';
echo 'PrivateDevices=false';
echo 'NoNewPrivileges=true';
echo 'CapabilityBoundingSet=~CAP_SYS_ADMIN';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/ttrss.service
systemctl enable ttrss
systemctl daemon-reload
systemctl start ttrss
"${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a rss -p "$RSS_READER_ADMIN_PASSWORD"
if [ ! $RSS_READER_PATH ]; then
RSS_READER_PATH=/etc/share/tt-rss
fi
if [ ! -d $RSS_READER_PATH ]; then
echo $'tt-rss is not installed, so the mobile version cannot be installed'
fi
RSS_MOBILE_READER_PATH=/etc/share/ttrss-mobile
# remove any previous install
if [ -d $RSS_READER_PATH/g2ttree-mobile ]; then
sed -i '/install_rss_mobile_reader/d' "$COMPLETION_FILE"
sed -i '/rss mobile reader commit/d' "$COMPLETION_FILE"
rm -rf $RSS_READER_PATH/g2ttree-mobile
fi
fi
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
cd /etc/share || exit 74
if [ -d /repos/rss-mobile ]; then
mkdir ttrss-mobile
cd ttrss-mobile || exit 46
git pull
else
function_check git_clone
git_clone $RSS_MOBILE_READER_REPO ttrss-mobile
fi
if [ ! -d $RSS_MOBILE_READER_PATH ]; then
echo $'Could not clone RSS mobile reader repo'
cd "$RSS_MOBILE_READER_PATH" || exit 46
git checkout $RSS_MOBILE_READER_COMMIT -b $RSS_MOBILE_READER_COMMIT
set_completion_param "rss mobile reader commit" "$RSS_MOBILE_READER_COMMIT"
echo 'define({' > $RSS_MOBILE_READER_PATH/scripts/conf.js
echo ' apiPath: "/tt-rss/"' >> $RSS_MOBILE_READER_PATH/scripts/conf.js
echo '});' >> $RSS_MOBILE_READER_PATH/scripts/conf.js
# link to the main site
ln -s $RSS_READER_PATH $RSS_MOBILE_READER_PATH/tt-rss
chown -R www-data:www-data $RSS_MOBILE_READER_PATH
chown -R www-data:www-data $RSS_READER_PATH
chmod a+x $RSS_MOBILE_READER_PATH
increment_app_install_progress
increment_app_install_progress