diff --git a/setupnc.sh b/setupnc.sh new file mode 100644 index 0000000..b3f0c95 --- /dev/null +++ b/setupnc.sh @@ -0,0 +1,115 @@ +#!/bin/bash + +echo "For the following, please only use digits, UPPERCASE and lowercase." + +echo -n "Please provide a root password for your MariaDB: " +read sqlrootpass +echo -n "Please provide a name for the Nextcloud database: " +read dbname +echo -n "Please provide a user for the Nextcloud database: " +read dbuser +echo -n "Please provide a password for the Nextcloud database: " +read dbpass +echo -n "Please provide a name for the Nextcloud admin user: " +read adminuser +echo -n "Please provide a password for the Nextcloud admin user: " +read adminpass + + + + + +## First we update the server + +apt update && apt -y upgrade + +## Now install some basic tools: +## curl - Tool for doing advanced http calls etc. Useful for working with APIs. +## wget - Tool for doing http downloads. +## apache2 - Web Server +## extrepo - Tool for automatic configuration of external repos for Debian +## unzip - Needed to extract the Nextcloud zip file + +apt -y install curl wget apache2 extrepo unzip + +## Now we enable Sury for installing the very latest PHP files + +extrepo enable sury && apt update + +## Now we install PHP 8.2 and required modules + +apt -y install php8.2-{ctype,curl,dom,gd,common,mysql,mbstring,posix,simplexml,xmlreader,xmlwriter,xmlrpc,xml,cli,zip,bz2,fpm,intl,ldap,smbclient,ftp,imap,bcmath,gmp,exif,apcu,memcached,redis,imagick} libapache2-mod-php libapache2-mod-fcgid libxml2 + +## Let's install MariaDB + +apt -y install mariadb-server mariadb-client + +## Configure Apache2 and php8.2 + +systemctl stop apache2 && a2dismod php8.2 && a2dismod mpm_prefork && a2enmod mpm_event proxy proxy_fcgi setenvif rewrite && a2enconf php8.2-fpm && systemctl restart apache2 + +## Time to harden MariaDB + +systemctl enable mariadb +systemctl start mariadb +echo "UPDATE mysql.global_priv SET priv=json_set(priv, '$.password_last_changed', UNIX_TIMESTAMP(), '$.plugin', 'mysql_native_password', '$.authentication_string', 'invalid', '$.auth_or', json_array(json_object(), json_object('plugin', 'unix_socket'))) WHERE User='root';" | mysql +echo "FLUSH PRIVILEGES;" | mysql +echo "UPDATE mysql.global_priv SET priv=json_set(priv, '$.plugin', 'mysql_native_password', '$.authentication_string', PASSWORD('basic_single_escape \"$sqlrootpass\"')) WHERE User='root';" | mysql +echo "DELETE FROM mysql.global_priv WHERE User='';" | mysql +echo "DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" | mysql +echo "DROP DATABASE IF EXISTS test;" | mysql +echo "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" | mysql +echo "FLUSH PRIVILEGES;" | mysql + +## Let's setup the database for Nextcloud + +echo "CREATE DATABASE $dbname; CREATE USER $dbuser@localhost IDENTIFIED BY '$dbpass'; GRANT ALL PRIVILEGES ON $dbname.* TO $dbuser@localhost; FLUSH PRIVILEGES;" | mysql + +## Time to download the latest copy of Nextcloud + +wget https://download.nextcloud.com/server/releases/latest.zip + +## Unzip files to /var/www/html + +unzip latest.zip -d /var/www/ +rm -R /var/www/html +mv /var/www/nextcloud /var/www/html +chown -R www-data:www-data /var/www/html + +## Let's create a safe place for your files + +mkdir /home/nextcloudfiles +chown -R www-data:www-data /home/nextcloudfiles + +## Do webconfig + +## Get token + +temp=$(curl -S http://localhost/index.php | grep "data-requesttoken") +token=${temp:20:-2} + +## Submit Installation + +curl -s -X POST "http://localhost/index.php" -H "Content-Type: application/x-www-form-urlencoded" -d "install=true&adminlogin=$adminuser&adminpass=$adminpass&directory=%2Fhome%2Fnextcloudfiles&dbtype=mysql&dbuser=$dbuser&dbpass=$dbpass&dbpass-clone=$dbpass&dbname=$dbname&dbhost=localhost" + +## Setup https (selfsigned) + +a2enmod ssl && a2ensite default-ssl.conf && systemctl restart apache2 + +## Overridding the need for a domain name + +mv /var/www/html/config/config.php /var/www/html/config/config.php.old +head -n 8 /var/www/html/config/config.php.old > /var/www/html/config/config.php +echo " 1 => '*'," >> /var/www/html/config/config.php +tail -n 14 /var/www/html/config/config.php.old >> /var/www/html/config/config.php +chown www-data:www-data /var/www/html/config/config.php + +## DONE + +echo "You can now configure your networking for static IP, but what I do," +echo "is assign a static IP by using DHCP reservation in my Router." +echo "You can forward port 80 and 443. But even if you connect on port 80" +echo "it will switch to port 443 (https) and give you a security warning." +echo "This is because it's a selfsigned certificate. But at least your data" +echo "is encrypted between browser and server." +echo "If you have any issues, DM me on Reddit u/thisiszeev"