116 lines
4.5 KiB
Bash
116 lines
4.5 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
echo "For the following, please only use digits, UPPERCASE and lowercase."
|
||
|
|
||
|
echo -n "Please provide a root password for your MariaDB: "
|
||
|
read sqlrootpass
|
||
|
echo -n "Please provide a name for the Nextcloud database: "
|
||
|
read dbname
|
||
|
echo -n "Please provide a user for the Nextcloud database: "
|
||
|
read dbuser
|
||
|
echo -n "Please provide a password for the Nextcloud database: "
|
||
|
read dbpass
|
||
|
echo -n "Please provide a name for the Nextcloud admin user: "
|
||
|
read adminuser
|
||
|
echo -n "Please provide a password for the Nextcloud admin user: "
|
||
|
read adminpass
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
## First we update the server
|
||
|
|
||
|
apt update && apt -y upgrade
|
||
|
|
||
|
## Now install some basic tools:
|
||
|
## curl - Tool for doing advanced http calls etc. Useful for working with APIs.
|
||
|
## wget - Tool for doing http downloads.
|
||
|
## apache2 - Web Server
|
||
|
## extrepo - Tool for automatic configuration of external repos for Debian
|
||
|
## unzip - Needed to extract the Nextcloud zip file
|
||
|
|
||
|
apt -y install curl wget apache2 extrepo unzip
|
||
|
|
||
|
## Now we enable Sury for installing the very latest PHP files
|
||
|
|
||
|
extrepo enable sury && apt update
|
||
|
|
||
|
## Now we install PHP 8.2 and required modules
|
||
|
|
||
|
apt -y install php8.2-{ctype,curl,dom,gd,common,mysql,mbstring,posix,simplexml,xmlreader,xmlwriter,xmlrpc,xml,cli,zip,bz2,fpm,intl,ldap,smbclient,ftp,imap,bcmath,gmp,exif,apcu,memcached,redis,imagick} libapache2-mod-php libapache2-mod-fcgid libxml2
|
||
|
|
||
|
## Let's install MariaDB
|
||
|
|
||
|
apt -y install mariadb-server mariadb-client
|
||
|
|
||
|
## Configure Apache2 and php8.2
|
||
|
|
||
|
systemctl stop apache2 && a2dismod php8.2 && a2dismod mpm_prefork && a2enmod mpm_event proxy proxy_fcgi setenvif rewrite && a2enconf php8.2-fpm && systemctl restart apache2
|
||
|
|
||
|
## Time to harden MariaDB
|
||
|
|
||
|
systemctl enable mariadb
|
||
|
systemctl start mariadb
|
||
|
echo "UPDATE mysql.global_priv SET priv=json_set(priv, '$.password_last_changed', UNIX_TIMESTAMP(), '$.plugin', 'mysql_native_password', '$.authentication_string', 'invalid', '$.auth_or', json_array(json_object(), json_object('plugin', 'unix_socket'))) WHERE User='root';" | mysql
|
||
|
echo "FLUSH PRIVILEGES;" | mysql
|
||
|
echo "UPDATE mysql.global_priv SET priv=json_set(priv, '$.plugin', 'mysql_native_password', '$.authentication_string', PASSWORD('basic_single_escape \"$sqlrootpass\"')) WHERE User='root';" | mysql
|
||
|
echo "DELETE FROM mysql.global_priv WHERE User='';" | mysql
|
||
|
echo "DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" | mysql
|
||
|
echo "DROP DATABASE IF EXISTS test;" | mysql
|
||
|
echo "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" | mysql
|
||
|
echo "FLUSH PRIVILEGES;" | mysql
|
||
|
|
||
|
## Let's setup the database for Nextcloud
|
||
|
|
||
|
echo "CREATE DATABASE $dbname; CREATE USER $dbuser@localhost IDENTIFIED BY '$dbpass'; GRANT ALL PRIVILEGES ON $dbname.* TO $dbuser@localhost; FLUSH PRIVILEGES;" | mysql
|
||
|
|
||
|
## Time to download the latest copy of Nextcloud
|
||
|
|
||
|
wget https://download.nextcloud.com/server/releases/latest.zip
|
||
|
|
||
|
## Unzip files to /var/www/html
|
||
|
|
||
|
unzip latest.zip -d /var/www/
|
||
|
rm -R /var/www/html
|
||
|
mv /var/www/nextcloud /var/www/html
|
||
|
chown -R www-data:www-data /var/www/html
|
||
|
|
||
|
## Let's create a safe place for your files
|
||
|
|
||
|
mkdir /home/nextcloudfiles
|
||
|
chown -R www-data:www-data /home/nextcloudfiles
|
||
|
|
||
|
## Do webconfig
|
||
|
|
||
|
## Get token
|
||
|
|
||
|
temp=$(curl -S http://localhost/index.php | grep "data-requesttoken")
|
||
|
token=${temp:20:-2}
|
||
|
|
||
|
## Submit Installation
|
||
|
|
||
|
curl -s -X POST "http://localhost/index.php" -H "Content-Type: application/x-www-form-urlencoded" -d "install=true&adminlogin=$adminuser&adminpass=$adminpass&directory=%2Fhome%2Fnextcloudfiles&dbtype=mysql&dbuser=$dbuser&dbpass=$dbpass&dbpass-clone=$dbpass&dbname=$dbname&dbhost=localhost"
|
||
|
|
||
|
## Setup https (selfsigned)
|
||
|
|
||
|
a2enmod ssl && a2ensite default-ssl.conf && systemctl restart apache2
|
||
|
|
||
|
## Overridding the need for a domain name
|
||
|
|
||
|
mv /var/www/html/config/config.php /var/www/html/config/config.php.old
|
||
|
head -n 8 /var/www/html/config/config.php.old > /var/www/html/config/config.php
|
||
|
echo " 1 => '*'," >> /var/www/html/config/config.php
|
||
|
tail -n 14 /var/www/html/config/config.php.old >> /var/www/html/config/config.php
|
||
|
chown www-data:www-data /var/www/html/config/config.php
|
||
|
|
||
|
## DONE
|
||
|
|
||
|
echo "You can now configure your networking for static IP, but what I do,"
|
||
|
echo "is assign a static IP by using DHCP reservation in my Router."
|
||
|
echo "You can forward port 80 and 443. But even if you connect on port 80"
|
||
|
echo "it will switch to port 443 (https) and give you a security warning."
|
||
|
echo "This is because it's a selfsigned certificate. But at least your data"
|
||
|
echo "is encrypted between browser and server."
|
||
|
echo "If you have any issues, DM me on Reddit u/thisiszeev"
|