os-init/debian-12/apps/nextcloud-26/nextcloud-26.sh
2023-11-19 22:25:32 +01:00

117 lines
4.8 KiB
Bash

#!/bin/bash
# https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
DBNAME=$(whiptail --title "DB" --inputbox "DB Name :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
DBUSER=$(whiptail --title "DB" --inputbox "DB User :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
DBPASS=$(whiptail --title "DB" --inputbox "DB Pass :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
DATAPATH=$(whiptail --title "DATA" --inputbox "DATA Path :" 0 30 "/srv/nextcloud/data" 3>&1 1>&2 2>&3)
NCUSER=$(whiptail --title "NextCloud" --inputbox "Admin Name :" 0 30 "admin" 3>&1 1>&2 2>&3)
NCPASS=$(whiptail --title "NextCloud" --inputbox "Admin Pass :" 0 30 "admin" 3>&1 1>&2 2>&3)
PHPVER=8.2
curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg
echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ bookworm main" > /etc/apt/sources.list.d/php-${PHPVER}.list
apt update -y
apt install -y sudo bzip2 apache2 coturn
apt install -y php${PHPVER} php${PHPVER}-curl php${PHPVER}-gd php${PHPVER}-mbstring php${PHPVER}-zip php${PHPVER}-xml php${PHPVER}-bz2 php${PHPVER}-intl php${PHPVER}-fpm php${PHPVER}-apcu php${PHPVER}-memcached php${PHPVER}-redis php${PHPVER}-imagick php${PHPVER}-bcmath php${PHPVER}-gmp libapache2-mod-php${PHPVER}
apt install -y php${PHPVER}-mysql mariadb-server
apt install -y smbclient ffmpeg libmagickcore-6.q16-6-extra
a2dissite 000-default
a2dissite default-ssl.conf
a2enmod rewrite
a2enmod headers
a2enmod env
a2enmod dir
a2enmod mime
a2enmod ssl
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/${PHPVER}/apache2/php.ini
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/${PHPVER}/fpm/php.ini
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/${PHPVER}/cli/php.ini
echo "apc.enable_cli=1" >> /etc/php/${PHPVER}/cli/php.ini
mysql -e "CREATE DATABASE ${DBNAME};CREATE USER '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}';GRANT ALL ON ${DBNAME}.* TO '${DBUSER}'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;"
wget https://download.nextcloud.com/server/releases/latest-26.tar.bz2
tar -xvf latest-26.tar.bz2
mv nextcloud /var/www
chown -R www-data:www-data /var/www/nextcloud
mkdir -p ${DATAPATH}
chown -R www-data:www-data ${DATAPATH}
cat > /etc/apache2/sites-available/nextcloud.conf << "EOF"
<VirtualHost *:443>
Protocols h2 http:/1.1
DocumentRoot "/var/www/nextcloud"
#ServerName nextcloud.your-domain.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateChainFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLProtocol TLSv1.2
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
Satisfy Any
</Directory>
</VirtualHost>
EOF
a2ensite nextcloud
systemctl restart apache2
cd /var/www/nextcloud/
sudo -u www-data php occ maintenance:install \
--database "mysql" \
--database-name "${DBNAME}" \
--database-user "${DBUSER}" \
--database-pass "${DBPASS}" \
--admin-user "${NCUSER}" \
--admin-pass "${NCPASS}" \
--data-dir "${DATAPATH}"
sed -i "s/0 => 'localhost/0 => '${IPV4}/" /var/www/nextcloud/config/config.php
sed -i "s/\/\/localhost/\/\/${IPV4}/" /var/www/nextcloud/config/config.php
sed -i "s/http:/https:/" /var/www/nextcloud/config/config.php
sed -i "/^);*/i\ \ 'memcache.local' => '\\\\OC\\\\Memcache\\\\APCu'," /var/www/nextcloud/config/config.php
sed -i "/^);*/i\ \ 'default_phone_region' => 'CH'," /var/www/nextcloud/config/config.php
echo "*/5 * * * * php -f /var/www/nextcloud/cron.php" | crontab -u www-data -
sudo -u www-data php occ background:cron
cat >> /etc/turnserver.conf << "EOF"
listening-port=8080
listening-ip=0.0.0.0
fingerprint
use-auth-secret
static-auth-secret=AUTHSECRET
# realm=nextcloud.dom.lan
total-quota=0
bps-capacity=0
stale-nonce
no-multicast-peers
EOF
AUTHSECRET=$(openssl rand -hex 32)
sed "s/AUTHSECRET/${AUTHSECRET}/" turnserver.conf
if [ -f "/etc/iptables/rules.v4" ]; then
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NextCloud' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TurnServer' /etc/iptables/rules.v4
iptables-restore /etc/iptables/rules.v4
fi