Added setupnc.sh

setupnc.sh

@@ -0,0 +1,115 @@
+#!/bin/bash
+
+echo "For the following, please only use digits, UPPERCASE and lowercase."
+
+echo -n "Please provide a root password for your MariaDB: "
+read sqlrootpass
+echo -n "Please provide a name for the Nextcloud database: "
+read dbname
+echo -n "Please provide a user for the Nextcloud database: "
+read dbuser
+echo -n "Please provide a password for the Nextcloud database: "
+read dbpass
+echo -n "Please provide a name for the Nextcloud admin user: "
+read adminuser
+echo -n "Please provide a password for the Nextcloud admin user: "
+read adminpass
+
+
+
+
+
+## First we update the server
+
+apt update && apt -y upgrade
+
+## Now install some basic tools:
+##  curl    - Tool for doing advanced http calls etc. Useful for working with APIs.
+##  wget    - Tool for doing http downloads.
+##  apache2 - Web Server
+##  extrepo - Tool for automatic configuration of external repos for Debian
+##  unzip   - Needed to extract the Nextcloud zip file
+
+apt -y install curl wget apache2 extrepo unzip
+
+## Now we enable Sury for installing the very latest PHP files
+
+extrepo enable sury && apt update
+
+## Now we install PHP 8.2 and required modules
+
+apt -y install php8.2-{ctype,curl,dom,gd,common,mysql,mbstring,posix,simplexml,xmlreader,xmlwriter,xmlrpc,xml,cli,zip,bz2,fpm,intl,ldap,smbclient,ftp,imap,bcmath,gmp,exif,apcu,memcached,redis,imagick} libapache2-mod-php libapache2-mod-fcgid libxml2
+
+## Let's install MariaDB
+
+apt -y install mariadb-server mariadb-client
+
+## Configure Apache2 and php8.2
+
+systemctl stop apache2 && a2dismod php8.2 && a2dismod mpm_prefork && a2enmod mpm_event proxy proxy_fcgi setenvif rewrite && a2enconf php8.2-fpm && systemctl restart apache2
+
+## Time to harden MariaDB
+
+systemctl enable mariadb
+systemctl start mariadb
+echo "UPDATE mysql.global_priv SET priv=json_set(priv, '$.password_last_changed', UNIX_TIMESTAMP(), '$.plugin', 'mysql_native_password', '$.authentication_string', 'invalid', '$.auth_or', json_array(json_object(), json_object('plugin', 'unix_socket'))) WHERE User='root';" | mysql
+echo "FLUSH PRIVILEGES;" | mysql
+echo "UPDATE mysql.global_priv SET priv=json_set(priv, '$.plugin', 'mysql_native_password', '$.authentication_string', PASSWORD('basic_single_escape \"$sqlrootpass\"')) WHERE User='root';" | mysql
+echo "DELETE FROM mysql.global_priv WHERE User='';" | mysql
+echo "DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" | mysql
+echo "DROP DATABASE IF EXISTS test;" | mysql
+echo "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" | mysql
+echo "FLUSH PRIVILEGES;" | mysql
+
+## Let's setup the database for Nextcloud
+
+echo "CREATE DATABASE $dbname; CREATE USER $dbuser@localhost IDENTIFIED BY '$dbpass'; GRANT ALL PRIVILEGES ON $dbname.* TO $dbuser@localhost; FLUSH PRIVILEGES;" | mysql
+
+## Time to download the latest copy of Nextcloud
+
+wget https://download.nextcloud.com/server/releases/latest.zip
+
+## Unzip files to /var/www/html
+
+unzip latest.zip -d /var/www/
+rm -R /var/www/html
+mv /var/www/nextcloud /var/www/html
+chown -R www-data:www-data /var/www/html
+
+## Let's create a safe place for your files
+
+mkdir /home/nextcloudfiles
+chown -R www-data:www-data /home/nextcloudfiles
+
+## Do webconfig
+
+## Get token
+
+temp=$(curl -S http://localhost/index.php | grep "data-requesttoken")
+token=${temp:20:-2}
+
+## Submit Installation
+
+curl -s -X POST "http://localhost/index.php" -H "Content-Type: application/x-www-form-urlencoded" -d "install=true&adminlogin=$adminuser&adminpass=$adminpass&directory=%2Fhome%2Fnextcloudfiles&dbtype=mysql&dbuser=$dbuser&dbpass=$dbpass&dbpass-clone=$dbpass&dbname=$dbname&dbhost=localhost"
+
+## Setup https (selfsigned)
+
+a2enmod ssl && a2ensite default-ssl.conf && systemctl restart apache2
+
+## Overridding the need for a domain name
+
+mv /var/www/html/config/config.php /var/www/html/config/config.php.old
+head -n 8 /var/www/html/config/config.php.old > /var/www/html/config/config.php
+echo "    1 => '*'," >> /var/www/html/config/config.php
+tail -n 14 /var/www/html/config/config.php.old >> /var/www/html/config/config.php
+chown www-data:www-data /var/www/html/config/config.php
+
+## DONE
+
+echo "You can now configure your networking for static IP, but what I do,"
+echo "is assign a static IP by using DHCP reservation in my Router."
+echo "You can forward port 80 and 443. But even if you connect on port 80"
+echo "it will switch to port 443 (https) and give you a security warning."
+echo "This is because it's a selfsigned certificate. But at least your data"
+echo "is encrypted between browser and server."
+echo "If you have any issues, DM me on Reddit u/thisiszeev"