d6becddbe5
* Download and verify Nextcloud download before deleting old install directory * Changed install logic to look at config.php and not version.php for database version number. When restoring from a backup, config.php in STORAGE_ROOT will hold the Nextcloud version that corresponds to the user's database and version.php in /usr/local won't even exist, so we were missing Nextcloud migration steps. In other cases they should be the same.
326 lines
13 KiB
Bash
Executable file
326 lines
13 KiB
Bash
Executable file
#!/bin/bash
|
|
# Nextcloud
|
|
##########################
|
|
|
|
source setup/functions.sh # load our functions
|
|
source /etc/mailinabox.conf # load global vars
|
|
|
|
# ### Installing Nextcloud
|
|
|
|
echo "Installing Nextcloud (contacts/calendar)..."
|
|
|
|
apt-get purge -qq -y owncloud* # we used to use the package manager
|
|
|
|
apt_install php php-fpm \
|
|
php-cli php-sqlite3 php-gd php-imap php-curl php-pear curl \
|
|
php-dev php-gd php-xml php-mbstring php-zip php-apcu php-json \
|
|
php-intl php-imagick
|
|
|
|
InstallNextcloud() {
|
|
|
|
version=$1
|
|
hash=$2
|
|
|
|
echo
|
|
echo "Upgrading to Nextcloud version $version"
|
|
echo
|
|
|
|
# Download and verify
|
|
wget_verify https://download.nextcloud.com/server/releases/nextcloud-$version.zip $hash /tmp/nextcloud.zip
|
|
|
|
# Remove the current owncloud/Nextcloud
|
|
rm -rf /usr/local/lib/owncloud
|
|
|
|
# Extract ownCloud/Nextcloud
|
|
unzip -q /tmp/nextcloud.zip -d /usr/local/lib
|
|
mv /usr/local/lib/nextcloud /usr/local/lib/owncloud
|
|
rm -f /tmp/nextcloud.zip
|
|
|
|
# The two apps we actually want are not in Nextcloud core. Download the releases from
|
|
# their github repositories.
|
|
mkdir -p /usr/local/lib/owncloud/apps
|
|
|
|
wget_verify https://github.com/nextcloud/contacts/releases/download/v3.1.1/contacts.tar.gz a06bd967197dcb03c94ec1dbd698c037018669e5 /tmp/contacts.tgz
|
|
tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/
|
|
rm /tmp/contacts.tgz
|
|
|
|
wget_verify https://github.com/nextcloud/calendar/releases/download/v1.6.5/calendar.tar.gz 79941255521a5172f7e4ce42dc7773838b5ede2f /tmp/calendar.tgz
|
|
tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/
|
|
rm /tmp/calendar.tgz
|
|
|
|
# Starting with Nextcloud 15, the app user_external is no longer included in Nextcloud core,
|
|
# we will install from their github repository.
|
|
if [[ $version =~ ^15 ]]; then
|
|
wget_verify https://github.com/nextcloud/user_external/releases/download/v0.6.3/user_external-0.6.3.tar.gz 0f756d35fef6b64a177d6a16020486b76ea5799c /tmp/user_external.tgz
|
|
tar -xf /tmp/user_external.tgz -C /usr/local/lib/owncloud/apps/
|
|
rm /tmp/user_external.tgz
|
|
fi
|
|
|
|
# Fix weird permissions.
|
|
chmod 750 /usr/local/lib/owncloud/{apps,config}
|
|
|
|
# Create a symlink to the config.php in STORAGE_ROOT (for upgrades we're restoring the symlink we previously
|
|
# put in, and in new installs we're creating a symlink and will create the actual config later).
|
|
ln -sf $STORAGE_ROOT/owncloud/config.php /usr/local/lib/owncloud/config/config.php
|
|
|
|
# Make sure permissions are correct or the upgrade step won't run.
|
|
# $STORAGE_ROOT/owncloud may not yet exist, so use -f to suppress
|
|
# that error.
|
|
chown -f -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud || /bin/true
|
|
|
|
# If this isn't a new installation, immediately run the upgrade script.
|
|
# Then check for success (0=ok and 3=no upgrade needed, both are success).
|
|
if [ -e $STORAGE_ROOT/owncloud/owncloud.db ]; then
|
|
# ownCloud 8.1.1 broke upgrades. It may fail on the first attempt, but
|
|
# that can be OK.
|
|
sudo -u www-data php /usr/local/lib/owncloud/occ upgrade
|
|
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
|
|
echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..."
|
|
sudo -u www-data php /usr/local/lib/owncloud/occ upgrade
|
|
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
|
|
sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off
|
|
echo "...which seemed to work."
|
|
fi
|
|
|
|
# Add missing indices. NextCloud didn't include this in the normal upgrade because it might take some time.
|
|
sudo -u www-data php /usr/local/lib/owncloud/occ db:add-missing-indices
|
|
|
|
# Run conversion to BigInt identifiers, this process may take some time on large tables.
|
|
sudo -u www-data php /usr/local/lib/owncloud/occ db:convert-filecache-bigint --no-interaction
|
|
fi
|
|
}
|
|
|
|
# Nextcloud Version to install. Checks are done down below to step through intermediate versions.
|
|
nextcloud_ver=15.0.8
|
|
nextcloud_hash=4129d8d4021c435f2e86876225fb7f15adf764a3
|
|
|
|
# Current Nextcloud Version, #1623
|
|
# Checking /usr/local/lib/owncloud/version.php shows version of the Nextcloud application, not the DB
|
|
# $STORAGE_ROOT/owncloud is kept together even during a backup. It is better to rely on config.php than
|
|
# version.php since the restore procedure can leave the system in a state where you have a newer Nextcloud
|
|
# application version than the database.
|
|
|
|
# If config.php exists, get version number, otherwise CURRENT_NEXTCLOUD_VER is empty.
|
|
if [ -f "$STORAGE_ROOT/owncloud/config.php" ]; then
|
|
CURRENT_NEXTCLOUD_VER=$(php -r "include(\"$STORAGE_ROOT/owncloud/config.php\"); echo(\$CONFIG['version']);")
|
|
else
|
|
CURRENT_NEXTCLOUD_VER=""
|
|
fi
|
|
|
|
# If the Nextcloud directory is missing (never been installed before, or the nextcloud version to be installed is different
|
|
# from the version currently installed, do the install/upgrade
|
|
if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextcloud_ver ]]; then
|
|
|
|
# Stop php-fpm if running. If theyre not running (which happens on a previously failed install), dont bail.
|
|
service php7.2-fpm stop &> /dev/null || /bin/true
|
|
|
|
# Backup the existing ownCloud/Nextcloud.
|
|
# Create a backup directory to store the current installation and database to
|
|
BACKUP_DIRECTORY=$STORAGE_ROOT/owncloud-backup/`date +"%Y-%m-%d-%T"`
|
|
mkdir -p "$BACKUP_DIRECTORY"
|
|
if [ -d /usr/local/lib/owncloud/ ]; then
|
|
echo "Upgrading Nextcloud --- backing up existing installation, configuration, and database to directory to $BACKUP_DIRECTORY..."
|
|
cp -r /usr/local/lib/owncloud "$BACKUP_DIRECTORY/owncloud-install"
|
|
fi
|
|
if [ -e $STORAGE_ROOT/owncloud/owncloud.db ]; then
|
|
cp $STORAGE_ROOT/owncloud/owncloud.db $BACKUP_DIRECTORY
|
|
fi
|
|
if [ -e $STORAGE_ROOT/owncloud/config.php ]; then
|
|
cp $STORAGE_ROOT/owncloud/config.php $BACKUP_DIRECTORY
|
|
fi
|
|
|
|
# If ownCloud or Nextcloud was previously installed....
|
|
if [ ! -z ${CURRENT_NEXTCLOUD_VER} ]; then
|
|
# Database migrations from ownCloud are no longer possible because ownCloud cannot be run under
|
|
# PHP 7.
|
|
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^[89] ]]; then
|
|
echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 8 or 9) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup aborting."
|
|
exit 1
|
|
elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[012] ]]; then
|
|
echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 10, 11 or 12) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup aborting."
|
|
exit 1
|
|
elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^13 ]]; then
|
|
# If we are running Nextcloud 13, upgrade to Nextcloud 14
|
|
InstallNextcloud 14.0.6 4e43a57340f04c2da306c8eea98e30040399ae5a
|
|
elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^14 ]]; then
|
|
# During the upgrade from Nextcloud 14 to 15, user_external may cause the upgrade to fail.
|
|
# We will disable it here before the upgrade and install it again after the upgrade.
|
|
hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable user_external
|
|
fi
|
|
fi
|
|
|
|
InstallNextcloud $nextcloud_ver $nextcloud_hash
|
|
fi
|
|
|
|
# ### Configuring Nextcloud
|
|
|
|
# Setup Nextcloud if the Nextcloud database does not yet exist. Running setup when
|
|
# the database does exist wipes the database and user data.
|
|
if [ ! -f $STORAGE_ROOT/owncloud/owncloud.db ]; then
|
|
# Create user data directory
|
|
mkdir -p $STORAGE_ROOT/owncloud
|
|
|
|
# Create an initial configuration file.
|
|
instanceid=oc$(echo $PRIMARY_HOSTNAME | sha1sum | fold -w 10 | head -n 1)
|
|
cat > $STORAGE_ROOT/owncloud/config.php <<EOF;
|
|
<?php
|
|
\$CONFIG = array (
|
|
'datadirectory' => '$STORAGE_ROOT/owncloud',
|
|
|
|
'instanceid' => '$instanceid',
|
|
|
|
'forcessl' => true, # if unset/false, Nextcloud sends a HSTS=0 header, which conflicts with nginx config
|
|
|
|
'overwritewebroot' => '/cloud',
|
|
'overwrite.cli.url' => '/cloud',
|
|
'user_backends' => array(
|
|
array(
|
|
'class' => 'OC_User_IMAP',
|
|
'arguments' => array(
|
|
'127.0.0.1', 143, null
|
|
),
|
|
),
|
|
),
|
|
'memcache.local' => '\OC\Memcache\APCu',
|
|
'mail_smtpmode' => 'sendmail',
|
|
'mail_smtpsecure' => '',
|
|
'mail_smtpauthtype' => 'LOGIN',
|
|
'mail_smtpauth' => false,
|
|
'mail_smtphost' => '',
|
|
'mail_smtpport' => '',
|
|
'mail_smtpname' => '',
|
|
'mail_smtppassword' => '',
|
|
'mail_from_address' => 'owncloud',
|
|
);
|
|
?>
|
|
EOF
|
|
|
|
# Create an auto-configuration file to fill in database settings
|
|
# when the install script is run. Make an administrator account
|
|
# here or else the install can't finish.
|
|
adminpassword=$(dd if=/dev/urandom bs=1 count=40 2>/dev/null | sha1sum | fold -w 30 | head -n 1)
|
|
cat > /usr/local/lib/owncloud/config/autoconfig.php <<EOF;
|
|
<?php
|
|
\$AUTOCONFIG = array (
|
|
# storage/database
|
|
'directory' => '$STORAGE_ROOT/owncloud',
|
|
'dbtype' => 'sqlite3',
|
|
|
|
# create an administrator account with a random password so that
|
|
# the user does not have to enter anything on first load of Nextcloud
|
|
'adminlogin' => 'root',
|
|
'adminpass' => '$adminpassword',
|
|
);
|
|
?>
|
|
EOF
|
|
|
|
# Set permissions
|
|
chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud
|
|
|
|
# Execute Nextcloud's setup step, which creates the Nextcloud sqlite database.
|
|
# It also wipes it if it exists. And it updates config.php with database
|
|
# settings and deletes the autoconfig.php file.
|
|
(cd /usr/local/lib/owncloud; sudo -u www-data php /usr/local/lib/owncloud/index.php;)
|
|
fi
|
|
|
|
# Update config.php.
|
|
# * trusted_domains is reset to localhost by autoconfig starting with ownCloud 8.1.1,
|
|
# so set it here. It also can change if the box's PRIMARY_HOSTNAME changes, so
|
|
# this will make sure it has the right value.
|
|
# * Some settings weren't included in previous versions of Mail-in-a-Box.
|
|
# * We need to set the timezone to the system timezone to allow fail2ban to ban
|
|
# users within the proper timeframe
|
|
# * We need to set the logdateformat to something that will work correctly with fail2ban
|
|
# * mail_domain' needs to be set every time we run the setup. Making sure we are setting
|
|
# the correct domain name if the domain is being change from the previous setup.
|
|
# Use PHP to read the settings file, modify it, and write out the new settings array.
|
|
TIMEZONE=$(cat /etc/timezone)
|
|
CONFIG_TEMP=$(/bin/mktemp)
|
|
php <<EOF > $CONFIG_TEMP && mv $CONFIG_TEMP $STORAGE_ROOT/owncloud/config.php;
|
|
<?php
|
|
include("$STORAGE_ROOT/owncloud/config.php");
|
|
|
|
\$CONFIG['trusted_domains'] = array('$PRIMARY_HOSTNAME');
|
|
|
|
\$CONFIG['memcache.local'] = '\OC\Memcache\APCu';
|
|
\$CONFIG['overwrite.cli.url'] = '/cloud';
|
|
\$CONFIG['mail_from_address'] = 'administrator'; # just the local part, matches our master administrator address
|
|
|
|
\$CONFIG['logtimezone'] = '$TIMEZONE';
|
|
\$CONFIG['logdateformat'] = 'Y-m-d H:i:s';
|
|
|
|
\$CONFIG['mail_domain'] = '$PRIMARY_HOSTNAME';
|
|
|
|
\$CONFIG['user_backends'] = array(array('class' => 'OC_User_IMAP','arguments' => array('127.0.0.1', 143, null),),);
|
|
|
|
echo "<?php\n\\\$CONFIG = ";
|
|
var_export(\$CONFIG);
|
|
echo ";";
|
|
?>
|
|
EOF
|
|
chown www-data.www-data $STORAGE_ROOT/owncloud/config.php
|
|
|
|
# Enable/disable apps. Note that this must be done after the Nextcloud setup.
|
|
# The firstrunwizard gave Josh all sorts of problems, so disabling that.
|
|
# user_external is what allows Nextcloud to use IMAP for login. The contacts
|
|
# and calendar apps are the extensions we really care about here.
|
|
hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable firstrunwizard
|
|
hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable user_external
|
|
hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable contacts
|
|
hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable calendar
|
|
|
|
# When upgrading, run the upgrade script again now that apps are enabled. It seems like
|
|
# the first upgrade at the top won't work because apps may be disabled during upgrade?
|
|
# Check for success (0=ok, 3=no upgrade needed).
|
|
sudo -u www-data php /usr/local/lib/owncloud/occ upgrade
|
|
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
|
|
|
|
# Set PHP FPM values to support large file uploads
|
|
# (semicolon is the comment character in this file, hashes produce deprecation warnings)
|
|
tools/editconf.py /etc/php/7.2/fpm/php.ini -c ';' \
|
|
upload_max_filesize=16G \
|
|
post_max_size=16G \
|
|
output_buffering=16384 \
|
|
memory_limit=512M \
|
|
max_execution_time=600 \
|
|
short_open_tag=On
|
|
|
|
# Set Nextcloud recommended opcache settings
|
|
tools/editconf.py /etc/php/7.2/cli/conf.d/10-opcache.ini -c ';' \
|
|
opcache.enable=1 \
|
|
opcache.enable_cli=1 \
|
|
opcache.interned_strings_buffer=8 \
|
|
opcache.max_accelerated_files=10000 \
|
|
opcache.memory_consumption=128 \
|
|
opcache.save_comments=1 \
|
|
opcache.revalidate_freq=1
|
|
|
|
# Configure the path environment for php-fpm
|
|
tools/editconf.py /etc/php/7.2/fpm/pool.d/www.conf -c ';' \
|
|
env[PATH]=/usr/local/bin:/usr/bin:/bin
|
|
|
|
# If apc is explicitly disabled we need to enable it
|
|
if grep -q apc.enabled=0 /etc/php/7.2/mods-available/apcu.ini; then
|
|
tools/editconf.py /etc/php/7.2/mods-available/apcu.ini -c ';' \
|
|
apc.enabled=1
|
|
fi
|
|
|
|
# Set up a cron job for Nextcloud.
|
|
cat > /etc/cron.hourly/mailinabox-owncloud << EOF;
|
|
#!/bin/bash
|
|
# Mail-in-a-Box
|
|
sudo -u www-data php -f /usr/local/lib/owncloud/cron.php
|
|
EOF
|
|
chmod +x /etc/cron.hourly/mailinabox-owncloud
|
|
|
|
# There's nothing much of interest that a user could do as an admin for Nextcloud,
|
|
# and there's a lot they could mess up, so we don't make any users admins of Nextcloud.
|
|
# But if we wanted to, we would do this:
|
|
# ```
|
|
# for user in $(tools/mail.py user admins); do
|
|
# sqlite3 $STORAGE_ROOT/owncloud/owncloud.db "INSERT OR IGNORE INTO oc_group_user VALUES ('admin', '$user')"
|
|
# done
|
|
# ```
|
|
|
|
# Enable PHP modules and restart PHP.
|
|
restart_service php7.2-fpm
|