diff --git a/src/freedombone-app-zap b/src/freedombone-app-zap
index ec70e5c1e33b2d3f28ee0d539c4e7ebb1d950456..e9a8d0f03f522594c2c61849d863901ce06665f7 100755
--- a/src/freedombone-app-zap
+++ b/src/freedombone-app-zap
@@ -34,7 +34,6 @@ NOT_ON_ONION=1
ZAP_DOMAIN_NAME=
ZAP_CODE=
-ZAP_ONION_PORT=8193
ZAP_REPO="https://framagit.org/macgirvin/osada"
ZAP_COMMIT='20f7479b83da8d3735a32ffd2d2e19cb4087bf6a'
ZAP_ADDONS_REPO="https://framagit.org/macgirvin/osada-addons"
@@ -188,8 +187,6 @@ function remove_zap {
fi
function_check drop_database
drop_database zap
- function_check remove_onion_service
- remove_onion_service zap ${ZAP_ONION_PORT}
sed -i '/zap/d' "$COMPLETION_FILE"
sed -i '/Zotlabs/d' /etc/crontab
@@ -268,156 +265,95 @@ function install_zap {
exit 252782
fi
- ZAP_ONION_HOSTNAME=
- if [[ $ONION_ONLY != "no" ]]; then
- ZAP_ONION_HOSTNAME=$(add_onion_service zap 80 ${ZAP_ONION_PORT})
- fi
-
zap_create_database
function_check add_ddns_domain
add_ddns_domain "$ZAP_DOMAIN_NAME"
- if [[ "$ONION_ONLY" == "no" ]]; then
- function_check nginx_http_redirect
- nginx_http_redirect "$ZAP_DOMAIN_NAME"
- { echo 'server {';
- echo ' listen 443 ssl;';
- echo ' #listen [::]:443 ssl;';
- echo " root $ZAP_PATH;";
- echo " server_name $ZAP_DOMAIN_NAME;";
- echo " error_log /dev/null;";
- echo ' index index.php;';
- echo ' charset utf-8;';
- echo ' access_log /dev/null;'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
- function_check nginx_ssl
- nginx_ssl "$ZAP_DOMAIN_NAME"
- function_check nginx_security_options
- nginx_security_options "$ZAP_DOMAIN_NAME"
- { echo ' add_header Strict-Transport-Security max-age=15768000;';
- echo '';
- echo ' # rewrite to front controller as default rule';
- echo ' location / {'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
- function_check nginx_limits
- nginx_limits "$ZAP_DOMAIN_NAME"
- { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
- echo ' }';
- echo '';
- echo ' # statically serve these file types when possible';
- echo ' # otherwise fall back to front controller';
- echo ' # allow browser to cache them';
- echo ' # added .htm for advanced source code editor library';
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
- echo ' expires 30d;';
- echo " try_files \$uri /index.php?q=\$uri&\$args;";
- echo ' }';
- echo '';
- echo ' # block these file types';
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
- echo ' deny all;';
- echo ' }';
- echo '';
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
- echo ' # or a unix socket';
- echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
- function_check nginx_limits
- nginx_limits "$ZAP_DOMAIN_NAME"
- { echo ' # Zero-day exploit defense.';
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
- echo " # Won't work properly (404 error) if the file is not stored on this";
- echo " # server, which is entirely possible with php-fpm/php-fcgi.";
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
- echo " # another machine. And then cross your fingers that you won't get hacked.";
- echo " try_files \$uri \$uri/ /index.php;";
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
- echo ' # With php-cgi alone:';
- echo ' # fastcgi_pass 127.0.0.1:9000;';
- echo ' # With php-fpm:';
- echo " fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock;";
- echo ' include fastcgi_params;';
- echo ' fastcgi_index index.php;';
- echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
- echo ' fastcgi_read_timeout 300;';
- echo ' }';
- echo '';
- echo ' # deny access to all dot files';
- echo ' location ~ /\. {';
- echo ' deny all;';
- echo ' }';
- echo '';
- echo ' location ~ /\.ht {';
- echo ' deny all;';
- echo ' }';
- echo '}';
- echo ''; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
- else
- { echo 'server {';
- echo " listen 127.0.0.1:${ZAP_ONION_PORT} default_server;";
- echo ' port_in_redirect off;';
- echo " root $ZAP_PATH;";
- echo " server_name $ZAP_ONION_HOSTNAME;";
- echo " error_log /dev/null;";
- echo ' index index.php;';
- echo ' charset utf-8;';
- echo ' access_log /dev/null;';
- echo ' add_header Strict-Transport-Security max-age=15768000;';
- echo '';
- echo ' # rewrite to front controller as default rule';
- echo ' location / {'; } > "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
- nginx_limits "$ZAP_DOMAIN_NAME"
- nginx_security_options "$ZAP_DOMAIN_NAME"
- { echo " rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
- echo ' }';
- echo '';
- echo ' # statically serve these file types when possible';
- echo ' # otherwise fall back to front controller';
- echo ' # allow browser to cache them';
- echo ' # added .htm for advanced source code editor library';
- echo ' location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
- echo ' expires 30d;';
- echo " try_files \$uri /index.php?q=\$uri&\$args;";
- echo ' }';
- echo '';
- echo ' # block these file types';
- echo ' location ~* \.(tpl|md|tgz|log|out)$ {';
- echo ' deny all;';
- echo ' }';
- echo '';
- echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
- echo ' # or a unix socket';
- echo ' location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
- nginx_limits "$ZAP_DOMAIN_NAME"
- nginx_security_options "$ZAP_DOMAIN_NAME"
- { echo ' # Zero-day exploit defense.';
- echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
- echo " # Won't work properly (404 error) if the file is not stored on this";
- echo " # server, which is entirely possible with php-fpm/php-fcgi.";
- echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
- echo " # another machine. And then cross your fingers that you won't get hacked.";
- echo " try_files \$uri \$uri/ /index.php;";
- echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
- echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;';
- echo ' # With php-cgi alone:';
- echo ' # fastcgi_pass 127.0.0.1:9000;';
- echo ' # With php-fpm:';
- echo " fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock;";
- echo ' include fastcgi_params;';
- echo ' fastcgi_index index.php;';
- echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
- echo ' fastcgi_read_timeout 300;';
- echo ' }';
- echo '';
- echo ' # deny access to all dot files';
- echo ' location ~ /\. {';
- echo ' deny all;';
- echo ' }';
- echo '';
- echo ' location ~ /\.ht {';
- echo ' deny all;';
- echo ' }';
- echo '}'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
- fi
+ function_check nginx_http_redirect
+ nginx_http_redirect "$ZAP_DOMAIN_NAME"
+ { echo 'server {';
+ echo ' listen 443 ssl;';
+ echo ' #listen [::]:443 ssl;';
+ echo " root $ZAP_PATH;";
+ echo " server_name $ZAP_DOMAIN_NAME;";
+ echo " error_log /dev/null;";
+ echo ' index index.php;';
+ echo ' charset utf-8;';
+ echo ' access_log /dev/null;'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
+ function_check nginx_ssl
+ nginx_ssl "$ZAP_DOMAIN_NAME"
+ function_check nginx_security_options
+ nginx_security_options "$ZAP_DOMAIN_NAME"
+ { echo ' add_header Strict-Transport-Security max-age=15768000;';
+ echo '';
+ echo ' fastcgi_param HTTPS on;';
+ echo ' include mime.types;';
+ echo '';
+ echo ' # rewrite to front controller as default rule';
+ echo ' location / {';
+ echo " if (!-e \$request_filename) {";
+ echo " rewrite ^(.*)\$ /index.php?req=\$1;";
+ echo ' }';
+ echo ' }';
+ echo '';
+ echo " # make sure webfinger and other well known services aren't blocked";
+ echo " # by denying dot files and rewrite request to the front controller";
+ echo ' location ^~ /.well-known/ {';
+ echo ' allow all;';
+ echo " if (!-e \$request_filename) {";
+ echo " rewrite ^(.*)\$ /index.php?req=\$1;";
+ echo ' }';
+ echo ' }';
+ echo '';
+ echo ' # statically serve these file types when possible';
+ echo ' # otherwise fall back to front controller';
+ echo ' # allow browser to cache them';
+ echo ' # added .htm for advanced source code editor library';
+ echo " # location ~* \\.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)\$ {";
+ echo ' # expires 30d;';
+ echo " # try_files \$uri /index.php?req=\$uri&\$args;";
+ echo ' # }';
+ echo '';
+ echo ' # block these file types';
+ echo " location ~* \\.(tpl|md|tgz|log|out)\$ {";
+ echo ' deny all;';
+ echo ' }';
+ echo '';
+ echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+ echo ' # or a unix socket';
+ echo " location ~* \\.php\$ {";
+ echo ' # Zero-day exploit defense.';
+ echo ' # http://forum.nginx.org/read.php?2,88845,page=3';
+ echo " # Won't work properly (404 error) if the file is not stored on this";
+ echo ' # server, which is entirely possible with php-fpm/php-fcgi.';
+ echo " # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+ echo " # another machine. And then cross your fingers that you won't get hacked.";
+ echo " try_files \$uri =404;";
+ echo '';
+ echo ' # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+ echo " fastcgi_split_path_info ^(.+\\.php)(/.+)\$;";
+ echo '';
+ echo " fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock;";
+ echo ' fastcgi_read_timeout 300;';
+ echo '';
+ echo ' include fastcgi_params;';
+ echo ' fastcgi_index index.php;';
+ echo " fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+ echo ' }';
+ echo '';
+ echo ' # deny access to all dot files';
+ echo ' location ~ /\. {';
+ echo ' deny all;';
+ echo ' }';
+ echo '';
+ echo ' #deny access to store';
+ echo '';
+ echo ' location ~ /store {';
+ echo ' deny all;';
+ echo ' }';
+ echo '}';
+ echo ''; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
function_check configure_php
configure_php