Skip to content
Snippets Groups Projects
Commit 3dcbbdb7 authored by Bob Mottram's avatar Bob Mottram
Browse files

Deprecate the owncloud music app 

It's trivial to install with one click if you want it
parent f0a33bac
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 448 additions and 500 deletions
src/freedombone
+ 448
500
View file @ 3dcbbdb7
......@@ -232,8 +232,6 @@ OWNCLOUD_DOMAIN_NAME=
OWNCLOUD_CODE=
OWNCLOUD_ONION_PORT=8088
OWNCLOUD_ADMIN_PASSWORD=
OWNCLOUD_MUSIC_APP_REPO="https://github.com/owncloud/music"
OWNCLOUD_MUSIC_APP_COMMIT='0c0e1fadbe31a43f9c98d6a2a7b3960ff881ca0e'
OWNCLOUD_PATH=/var/www/owncloud
OWNCLOUD_UPGRADE_PATH=/root/owncloud_upgrade
 
......@@ -1134,9 +1132,6 @@ function read_configuration {
if grep -q "GPGIT_COMMIT" $CONFIGURATION_FILE; then
GPGIT_COMMIT=$(grep "GPGIT_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "OWNCLOUD_MUSIC_APP_COMMIT" $CONFIGURATION_FILE; then
OWNCLOUD_MUSIC_APP_COMMIT=$(grep "OWNCLOUD_MUSIC_APP_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if grep -q "HUBZILLA_REPO" $CONFIGURATION_FILE; then
HUBZILLA_REPO=$(grep "HUBZILLA_REPO" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
......@@ -6392,50 +6387,6 @@ function repair_databases_script {
echo 'repair_databases_script' >> $COMPLETION_FILE
}
 
function install_owncloud_repo_music_app {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if ! grep -Fxq "install_owncloud_official_deb" $COMPLETION_FILE; then
echo $'Tried to install the Owncloud music app, but Owncloud installation was not found'
exit 9823
fi
# update to the next commit
set_repo_commit $OWNCLOUD_PATH/apps/music "Owncloud music app commit" "$OWNCLOUD_MUSIC_APP_COMMIT" $OWNCLOUD_MUSIC_APP_REPO
if grep -Fxq "install_owncloud_repo_music_app" $COMPLETION_FILE; then
return
fi
cd $OWNCLOUD_PATH/apps
git_clone $OWNCLOUD_MUSIC_APP_REPO Music
cd $OWNCLOUD_PATH/apps/Music
git checkout $OWNCLOUD_MUSIC_APP_COMMIT -b $OWNCLOUD_MUSIC_APP_COMMIT
if ! grep -q "Owncloud music app commit" $COMPLETION_FILE; then
echo "Owncloud music app commit:$OWNCLOUD_MUSIC_APP_COMMIT" >> $COMPLETION_FILE
else
sed -i "s/Owncloud music app commit.*/Owncloud music app commit:$OWNCLOUD_MUSIC_APP_COMMIT/g" $COMPLETION_FILE
fi
if grep -q $"Music player in Owncloud" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'Music player in Owncloud' >> /home/$MY_USERNAME/README
echo '========================' >> /home/$MY_USERNAME/README
echo $'To enable the music app within ouwncloud log in to the Owncloud' >> /home/$MY_USERNAME/README
echo $'administrator account then go to Apps on the left hand dropdown' >> /home/$MY_USERNAME/README
echo $'menu and enable the music app. You can then log out and log back' >> /home/$MY_USERNAME/README
echo $'in as your Owncloud user and select music from the left hand' >> /home/$MY_USERNAME/README
echo $'dropdown menu.' >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
echo 'install_owncloud_repo_music_app' >> $COMPLETION_FILE
}
function add_ddns_domain {
if [[ $ONION_ONLY != "no" ]]; then
return
......@@ -6570,7 +6521,6 @@ function install_owncloud_official_deb {
OWNCLOUD_COMPLETION_MSG2=$"Open $OWNCLOUD_DOMAIN_NAME in a web browser to complete the setup"
if grep -Fxq "install_owncloud_official_deb" $COMPLETION_FILE; then
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
install_owncloud_repo_music_app
backup_to_friends_servers
intrusion_detection
split_gpg_key_into_fragments
......@@ -6865,7 +6815,6 @@ function install_owncloud_official_deb {
echo 'install_owncloud_official_deb' >> $COMPLETION_FILE
 
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" ]]; then
install_owncloud_repo_music_app
backup_to_friends_servers
intrusion_detection
split_gpg_key_into_fragments
......@@ -7667,477 +7616,477 @@ function install_watchdog_script {
return
fi
echo '#!/bin/bash' > /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
# application specific stuff is added later
chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME
if ! grep -q "/usr/bin/$WATCHDOG_SCRIPT_NAME" /etc/crontab; then
echo "* * * * * root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> /etc/crontab
fi
echo 'install_watchdog_script' >> $COMPLETION_FILE
}
function install_irc_client {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "install_irc_client" $COMPLETION_FILE; then
return
fi
apt-get -y install irssi
if [ ! -d /home/$MY_USERNAME/.irssi ]; then
mkdir /home/$MY_USERNAME/.irssi
fi
echo 'servers = (' > /home/$MY_USERNAME/.irssi/config
echo ' {' >> /home/$MY_USERNAME/.irssi/config
echo ' address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config
echo ' chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config
echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config
echo ' autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config
echo ' },' >> /home/$MY_USERNAME/.irssi/config
echo ' {' >> /home/$MY_USERNAME/.irssi/config
echo ' address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config
echo ' chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config
echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config
echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
echo ' },' >> /home/$MY_USERNAME/.irssi/config
echo ' {' >> /home/$MY_USERNAME/.irssi/config
echo " address = \"${DEFAULT_DOMAIN_NAME}\";" >> /home/$MY_USERNAME/.irssi/config
echo ' chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config
echo " port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
echo ' use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config
echo ' ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config
echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
echo ' }' >> /home/$MY_USERNAME/.irssi/config
echo ');' >> /home/$MY_USERNAME/.irssi/config
echo '' >> /home/$MY_USERNAME/.irssi/config
echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config
echo ' Freedombone = {' >> /home/$MY_USERNAME/.irssi/config
echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
echo ' };' >> /home/$MY_USERNAME/.irssi/config
echo ' Freenode = {' >> /home/$MY_USERNAME/.irssi/config
echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
echo ' };' >> /home/$MY_USERNAME/.irssi/config
echo ' OFTC = {' >> /home/$MY_USERNAME/.irssi/config
echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
echo ' };' >> /home/$MY_USERNAME/.irssi/config
echo '};' >> /home/$MY_USERNAME/.irssi/config
echo '' >> /home/$MY_USERNAME/.irssi/config
echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config
echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config
echo ');' >> /home/$MY_USERNAME/.irssi/config
echo '' >> /home/$MY_USERNAME/.irssi/config
echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config
echo " core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config
echo ' "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config
echo '};' >> /home/$MY_USERNAME/.irssi/config
echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi
echo 'install_irc_client' >> $COMPLETION_FILE
}
function install_irc_server {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "install_irc_server" $COMPLETION_FILE; then
return
fi
apt-get -y install ngircd
echo 'LOGFILE=/var/log/keepon.log' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'CURRENT_DATE=$(date)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
# application specific stuff is added later
chmod +x /usr/bin/$WATCHDOG_SCRIPT_NAME
if ! grep -q "/usr/bin/$WATCHDOG_SCRIPT_NAME" /etc/crontab; then
echo "* * * * * root /usr/bin/$WATCHDOG_SCRIPT_NAME" >> /etc/crontab
fi
echo 'install_watchdog_script' >> $COMPLETION_FILE
}
function install_irc_client {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "install_irc_client" $COMPLETION_FILE; then
return
fi
apt-get -y install irssi
if [ ! -d /home/$MY_USERNAME/.irssi ]; then
mkdir /home/$MY_USERNAME/.irssi
fi
echo 'servers = (' > /home/$MY_USERNAME/.irssi/config
echo ' {' >> /home/$MY_USERNAME/.irssi/config
echo ' address = "chat.freenode.net";' >> /home/$MY_USERNAME/.irssi/config
echo ' chatnet = "Freenode";' >> /home/$MY_USERNAME/.irssi/config
echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config
echo ' autoconnect = "no";' >> /home/$MY_USERNAME/.irssi/config
echo ' },' >> /home/$MY_USERNAME/.irssi/config
echo ' {' >> /home/$MY_USERNAME/.irssi/config
echo ' address = "irc.oftc.net";' >> /home/$MY_USERNAME/.irssi/config
echo ' chatnet = "OFTC";' >> /home/$MY_USERNAME/.irssi/config
echo ' port = "6667";' >> /home/$MY_USERNAME/.irssi/config
echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
echo ' },' >> /home/$MY_USERNAME/.irssi/config
echo ' {' >> /home/$MY_USERNAME/.irssi/config
echo " address = \"${DEFAULT_DOMAIN_NAME}\";" >> /home/$MY_USERNAME/.irssi/config
echo ' chatnet = "Freedombone";' >> /home/$MY_USERNAME/.irssi/config
echo " port = \"${IRC_PORT}\";" >> /home/$MY_USERNAME/.irssi/config
echo ' use_ssl = "yes";' >> /home/$MY_USERNAME/.irssi/config
echo ' ssl_verify = "no";' >> /home/$MY_USERNAME/.irssi/config
echo ' autoconnect = "yes";' >> /home/$MY_USERNAME/.irssi/config
echo ' }' >> /home/$MY_USERNAME/.irssi/config
echo ');' >> /home/$MY_USERNAME/.irssi/config
echo '' >> /home/$MY_USERNAME/.irssi/config
echo 'chatnets = {' >> /home/$MY_USERNAME/.irssi/config
echo ' Freedombone = {' >> /home/$MY_USERNAME/.irssi/config
echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
echo ' };' >> /home/$MY_USERNAME/.irssi/config
echo ' Freenode = {' >> /home/$MY_USERNAME/.irssi/config
echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_msgs = "4";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
echo ' };' >> /home/$MY_USERNAME/.irssi/config
echo ' OFTC = {' >> /home/$MY_USERNAME/.irssi/config
echo ' type = "IRC";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_kicks = "1";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_msgs = "1";' >> /home/$MY_USERNAME/.irssi/config
echo ' max_whois = "1";' >> /home/$MY_USERNAME/.irssi/config
echo ' };' >> /home/$MY_USERNAME/.irssi/config
echo '};' >> /home/$MY_USERNAME/.irssi/config
echo '' >> /home/$MY_USERNAME/.irssi/config
echo 'channels = (' >> /home/$MY_USERNAME/.irssi/config
echo ' { name = "#freedombone"; chatnet = "Freedombone"; autojoin = "Yes"; },' >> /home/$MY_USERNAME/.irssi/config
echo ');' >> /home/$MY_USERNAME/.irssi/config
echo '' >> /home/$MY_USERNAME/.irssi/config
echo 'settings = {' >> /home/$MY_USERNAME/.irssi/config
echo " core = { real_name = \"$MY_NAME\"; user_name = \"$MY_USERNAME\"; nick = \"$MY_USERNAME\"; };" >> /home/$MY_USERNAME/.irssi/config
echo ' "fe-text" = { actlist_sort = "refnum"; };' >> /home/$MY_USERNAME/.irssi/config
echo '};' >> /home/$MY_USERNAME/.irssi/config
echo 'ignores = ( { level = "CTCPS"; } );' >> /home/$MY_USERNAME/.irssi/config
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.irssi
echo 'install_irc_client' >> $COMPLETION_FILE
}
function install_irc_server {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
if grep -Fxq "install_irc_server" $COMPLETION_FILE; then
return
fi
apt-get -y install ngircd
 
if [ ! -d /etc/ngircd ]; then
echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE"
exit 53
fi
if [ ! -d /etc/ngircd ]; then
echo $"ERROR: ngircd does not appear to have installed. $CHECK_MESSAGE"
exit 53
fi
 
if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH
check_certificates ngircd
fi
if [ ! -f /etc/ssl/certs/ngircd.dhparam ]; then
${PROJECT_NAME}-addcert -h ngircd --dhkey $DH_KEYLENGTH
check_certificates ngircd
fi
 
DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local"
fi
DEFAULTDOMAIN=$DEFAULT_DOMAIN_NAME
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
DEFAULTDOMAIN="${DEFAULT_DOMAIN_NAME}.local"
fi
echo '**************************************************' > /etc/ngircd/motd
echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd
echo '* *' >> /etc/ngircd/motd
echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd
echo '**************************************************' >> /etc/ngircd/motd
sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf
sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf
if [[ $ONION_ONLY != 'yes' ]]; then
sed -i "s/;Ports =.*/;Ports = $IRC_PORT, $IRC_ONION_PORT/1" /etc/ngircd/ngircd.conf
else
sed -i "s/;Ports =.*/Ports = $IRC_PORT, $IRC_ONION_PORT/1" /etc/ngircd/ngircd.conf
fi
sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf
sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
IRC_SALT="$(openssl rand -base64 32 | cut -c1-30)"
if [ -f $IMAGE_PASSWORD_FILE ]; then
IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
IRC_OPERATOR_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)"
fi
sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
if [ $IRC_PASSWORD ]; then
sed -i "0,/RE/s/Password =.*/Password = $IRC_PASSWORD/" /etc/ngircd/ngircd.conf
fi
# If we are on a mesh then DNS is not available
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf
fi
# upgrade a cypher
sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf
mkdir /var/run/ircd
chown -R irc:irc /var/run/ircd
mkdir /var/run/ngircd
touch /var/run/ngircd/ngircd.pid
chown -R irc:irc /var/run/ngircd
 
echo '**************************************************' > /etc/ngircd/motd
echo $'* F R E E D O M B O N E I R C *' >> /etc/ngircd/motd
echo '* *' >> /etc/ngircd/motd
echo $'* Freedom in the Cloud *' >> /etc/ngircd/motd
echo '**************************************************' >> /etc/ngircd/motd
sed -i 's|MotdFile = /etc/ngircd/ngircd.motd|MotdFile = /etc/ngircd/motd|g' /etc/ngircd/ngircd.conf
sed -i "s/irc@irc.example.com/$MY_EMAIL_ADDRESS/g" /etc/ngircd/ngircd.conf
sed -i "s/irc.example.net/$DEFAULTDOMAIN/g" /etc/ngircd/ngircd.conf
sed -i "s|Yet another IRC Server running on Debian GNU/Linux|IRC Server of $DEFAULTDOMAIN|g" /etc/ngircd/ngircd.conf
sed -i 's/;Password = wealllikedebian/Password =/g' /etc/ngircd/ngircd.conf
sed -i 's|;CertFile = /etc/ssl/certs/server.crt|CertFile = /etc/ssl/certs/ngircd.crt|g' /etc/ngircd/ngircd.conf
sed -i 's|;DHFile = /etc/ngircd/dhparams.pem|DHFile = /etc/ssl/certs/ngircd.dhparam|g' /etc/ngircd/ngircd.conf
sed -i 's|;KeyFile = /etc/ssl/private/server.key|KeyFile = /etc/ssl/private/ngircd.key|g' /etc/ngircd/ngircd.conf
sed -i "s/;Ports =.*/Ports = $IRC_PORT/2" /etc/ngircd/ngircd.conf
if [[ $ONION_ONLY != 'yes' ]]; then
sed -i "s/;Ports =.*/;Ports = $IRC_PORT, $IRC_ONION_PORT/1" /etc/ngircd/ngircd.conf
else
sed -i "s/;Ports =.*/Ports = $IRC_PORT, $IRC_ONION_PORT/1" /etc/ngircd/ngircd.conf
fi
sed -i "s/;Name = #ngircd/Name = #${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
sed -i "s/;Topic = Our ngircd testing channel/Topic = ${PROJECT_NAME} chat channel/g" /etc/ngircd/ngircd.conf
sed -i 's/;MaxUsers = 23/MaxUsers = 23/g' /etc/ngircd/ngircd.conf
sed -i "s|;KeyFile = /etc/ngircd/#chan.key|KeyFile = /etc/ngircd/#${PROJECT_NAME}.key|g" /etc/ngircd/ngircd.conf
sed -i "s/;CloakHost = cloaked.host/CloakHost = ${PROJECT_NAME}/g" /etc/ngircd/ngircd.conf
IRC_SALT="$(openssl rand -base64 32 | cut -c1-30)"
if [ -f $IMAGE_PASSWORD_FILE ]; then
IRC_OPERATOR_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
IRC_OPERATOR_PASSWORD="$(openssl rand -base64 10 | cut -c1-8)"
fi
sed -i "s|;CloakHostSalt = abcdefghijklmnopqrstuvwxyz|CloakHostSalt = $IRC_SALT|g" /etc/ngircd/ngircd.conf
sed -i 's/;ConnectIPv4 = yes/ConnectIPv4 = yes/g' /etc/ngircd/ngircd.conf
sed -i 's/;MorePrivacy = no/MorePrivacy = yes/g' /etc/ngircd/ngircd.conf
sed -i 's/;RequireAuthPing = no/RequireAuthPing = no/g' /etc/ngircd/ngircd.conf
sed -i "s/;Name = TheOper/Name = $MY_USERNAME/g" /etc/ngircd/ngircd.conf
sed -i "s/;Password = ThePwd/Password = $IRC_OPERATOR_PASSWORD/g" /etc/ngircd/ngircd.conf
sed -i 's|;Listen =.*|Listen = 0.0.0.0,0.0.0.0:9050,127.0.0.1,127.0.0.1:9050|g' /etc/ngircd/ngircd.conf
if [ $IRC_PASSWORD ]; then
sed -i "0,/RE/s/Password =.*/Password = $IRC_PASSWORD/" /etc/ngircd/ngircd.conf
fi
# If we are on a mesh then DNS is not available
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
sed -i "s/;DNS =.*/DNS = no/g" /etc/ngircd/ngircd.conf
fi
# upgrade a cypher
sed -i 's|SECURE128|SECURE256|g' /etc/ngircd/ngircd.conf
mkdir /var/run/ircd
chown -R irc:irc /var/run/ircd
mkdir /var/run/ngircd
touch /var/run/ngircd/ngircd.pid
chown -R irc:irc /var/run/ngircd
IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT})
if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then
echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE
fi
IRC_ONION_HOSTNAME=$(add_onion_service irc ${IRC_PORT} ${IRC_ONION_PORT})
if ! grep -q $"IRC onion domain" $COMPLETION_FILE; then
echo "IRC onion domain:$IRC_ONION_HOSTNAME" >> $COMPLETION_FILE
fi
 
systemctl restart ngircd
systemctl restart ngircd
 
# keep the daemon running
echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
# keep the daemon running
echo '' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo '# keep irc daemon running' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'IRC_RUNNING=$(pgrep ngircd > /dev/null && echo Running)' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'if [ ! $IRC_RUNNING ]; then' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' systemctl start ngircd' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo " IRC daemon restarted" >> $LOGFILE' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'fi' >> /usr/bin/$WATCHDOG_SCRIPT_NAME
 
if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'IRC Server' >> /home/$MY_USERNAME/README
echo '==========' >> /home/$MY_USERNAME/README
echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
if [[ $ONION_ONLY != 'yes' ]]; then
echo " irssi" >> /home/$MY_USERNAME/README
echo " /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README
echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
else
echo " usetorwith irssi" >> /home/$MY_USERNAME/README
echo " /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README
echo " /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
fi
echo " /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
if ! grep -q $"IRC Server" /home/$MY_USERNAME/README; then
echo '' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
echo $'IRC Server' >> /home/$MY_USERNAME/README
echo '==========' >> /home/$MY_USERNAME/README
echo $'To connect to your IRC server in irssi:' >> /home/$MY_USERNAME/README
echo '' >> /home/$MY_USERNAME/README
if [[ $ONION_ONLY != 'yes' ]]; then
echo " irssi" >> /home/$MY_USERNAME/README
echo " /server add -auto -ssl $DEFAULTDOMAIN $IRC_PORT" >> /home/$MY_USERNAME/README
echo " /connect $DEFAULT_DOMAIN_NAME" >> /home/$MY_USERNAME/README
else
echo " usetorwith irssi" >> /home/$MY_USERNAME/README
echo " /server add -auto $IRC_ONION_HOSTNAME $IRC_PORT" >> /home/$MY_USERNAME/README
echo " /connect $IRC_ONION_HOSTNAME" >> /home/$MY_USERNAME/README
fi
echo " /join #${PROJECT_NAME}" >> /home/$MY_USERNAME/README
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
chmod 600 /home/$MY_USERNAME/README
fi
 
echo 'install_irc_server' >> $COMPLETION_FILE
}
echo 'install_irc_server' >> $COMPLETION_FILE
}
 
function get_wiki_admin_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "Wiki password" /home/$MY_USERNAME/README; then
WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
}
function get_wiki_admin_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "Wiki password" /home/$MY_USERNAME/README; then
WIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Wiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')
fi
fi
}
 
function install_wiki {
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MASH" ]]; then
return
fi
if grep -Fxq "install_wiki" $COMPLETION_FILE; then
return
fi
if [ ! $WIKI_DOMAIN_NAME ]; then
return
fi
apt-get -y install dokuwiki
apt-get -y remove --purge apache*
if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2
echo $'Removed Apache installation after Dokuwiki install'
fi
function install_wiki {
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MASH" ]]; then
return
fi
if grep -Fxq "install_wiki" $COMPLETION_FILE; then
return
fi
if [ ! $WIKI_DOMAIN_NAME ]; then
return
fi
apt-get -y install dokuwiki
apt-get -y remove --purge apache*
if [ -d /etc/apache2 ]; then
rm -rf /etc/apache2
echo $'Removed Apache installation after Dokuwiki install'
fi
 
if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
mkdir /var/www/$WIKI_DOMAIN_NAME
fi
if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then
rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
fi
if [ ! -d /var/www/$WIKI_DOMAIN_NAME ]; then
mkdir /var/www/$WIKI_DOMAIN_NAME
fi
if [ -d /var/www/$WIKI_DOMAIN_NAME/htdocs ]; then
rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
fi
 
ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs
ln -s /usr/share/dokuwiki /var/www/$WIKI_DOMAIN_NAME/htdocs
 
mkdir /var/lib/dokuwiki/custom
cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
mkdir /var/lib/dokuwiki/custom
cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php
ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php
 
chown www-data /var/lib/dokuwiki/custom
chown www-data /var/lib/dokuwiki/custom/local.php
chown -R www-data /etc/dokuwiki
chown -R www-data /usr/share/dokuwiki/lib/
chmod 600 /var/lib/dokuwiki/custom/local.php
chmod -R 755 /usr/share/dokuwiki/lib
chown www-data /var/lib/dokuwiki/custom
chown www-data /var/lib/dokuwiki/custom/local.php
chown -R www-data /etc/dokuwiki
chown -R www-data /usr/share/dokuwiki/lib/
chmod 600 /var/lib/dokuwiki/custom/local.php
chmod -R 755 /usr/share/dokuwiki/lib
 
sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php
sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php
 
sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php
sed -i "s|Debian DokuWiki|$WIKI_TITLE|g" /etc/dokuwiki/local.php
 
# set the admin user
sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
# set the admin user
sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php
 
# disallow registration of new users
if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
fi
if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
fi
# disallow registration of new users
if ! grep -q "disableactions" /etc/dokuwiki/local.php; then
echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php
fi
if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then
echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php
fi
 
if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
fi
if ! grep -q "authtype" /etc/dokuwiki/local.php; then
echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
fi
if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then
echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php
fi
if ! grep -q "authtype" /etc/dokuwiki/local.php; then
echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php
fi
 
get_wiki_admin_password
if [ ! $WIKI_ADMIN_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
WIKI_ADMIN_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)"
fi
fi
HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
chmod 640 /var/lib/dokuwiki/acl/users.auth.php
get_wiki_admin_password
if [ ! $WIKI_ADMIN_PASSWORD ]; then
if [ -f $IMAGE_PASSWORD_FILE ]; then
WIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
else
WIKI_ADMIN_PASSWORD="$(openssl rand -base64 18 | cut -c1-16)"
fi
fi
HASHED_WIKI_PASSWORD=$(echo -n "$WIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')
echo -n "$MY_USERNAME:$HASHED_WIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php
chmod 640 /var/lib/dokuwiki/acl/users.auth.php
 
if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf
fi
if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf
fi
if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
echo 'webm video/webm' >> /etc/dokuwiki/mime.conf
fi
if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then
echo 'ogv video/ogg' >> /etc/dokuwiki/mime.conf
fi
if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then
echo 'mp4 video/mp4' >> /etc/dokuwiki/mime.conf
fi
if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then
echo 'webm video/webm' >> /etc/dokuwiki/mime.conf
fi
 
WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT})
WIKI_ONION_HOSTNAME=$(add_onion_service wiki 80 ${WIKI_ONION_PORT})
 
if [[ $ONION_ONLY == "no" ]]; then
echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
nginx_disable_sniffing $WIKI_DOMAIN_NAME
nginx_limits $WIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
nginx_limits $WIKI_DOMAIN_NAME
nginx_ssl $WIKI_DOMAIN_NAME
nginx_disable_sniffing $WIKI_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
else
echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
fi
echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
nginx_limits $WIKI_DOMAIN_NAME
nginx_disable_sniffing $WIKI_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
echo 'server {' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' listen 80;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
nginx_disable_sniffing $WIKI_DOMAIN_NAME
nginx_limits $WIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' listen 443 ssl;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " server_name $WIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
nginx_limits $WIKI_DOMAIN_NAME
nginx_ssl $WIKI_DOMAIN_NAME
nginx_disable_sniffing $WIKI_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' expires 30d;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # block these file types' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # or a unix socket' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-cgi alone:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # With php5-fpm:' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # deny access to all dot files' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\. {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' #deny access to store' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /store {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ~ /\.ht {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' deny all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '}' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
else
echo -n '' > /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
fi
echo 'server {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " listen 127.0.0.1:${WIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " root /var/www/$WIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " server_name $WIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' access_log off;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " error_log /var/log/nginx/${WIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' index index.php;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' charset utf-8;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
nginx_limits $WIKI_DOMAIN_NAME
nginx_disable_sniffing $WIKI_DOMAIN_NAME
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location / {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo " # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' allow all;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' }' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
echo ' # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
......@@ -10841,7 +10790,6 @@ install_web_server
install_web_server_access_control
configure_firewall_for_web_server
install_owncloud_official_deb
install_owncloud_repo_music_app
upgrade_golang
install_gogs
install_xmpp
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment