#!/bin/bash echo "For the following, please only use digits, UPPERCASE and lowercase." echo -n "Please provide a root password for your MariaDB: " read sqlrootpass echo -n "Please provide a name for the Nextcloud database: " read dbname echo -n "Please provide a user for the Nextcloud database: " read dbuser echo -n "Please provide a password for the Nextcloud database: " read dbpass echo -n "Please provide a name for the Nextcloud admin user: " read adminuser echo -n "Please provide a password for the Nextcloud admin user: " read adminpass ## First we update the server apt update && apt -y upgrade ## Now install some basic tools: ## curl - Tool for doing advanced http calls etc. Useful for working with APIs. ## wget - Tool for doing http downloads. ## apache2 - Web Server ## extrepo - Tool for automatic configuration of external repos for Debian ## unzip - Needed to extract the Nextcloud zip file apt -y install curl wget apache2 extrepo unzip ## Now we enable Sury for installing the very latest PHP files extrepo enable sury && apt update ## Now we install PHP 8.2 and required modules apt -y install php8.2-{ctype,curl,dom,gd,common,mysql,mbstring,posix,simplexml,xmlreader,xmlwriter,xmlrpc,xml,cli,zip,bz2,fpm,intl,ldap,smbclient,ftp,imap,bcmath,gmp,exif,apcu,memcached,redis,imagick} libapache2-mod-php8.2 libapache2-mod-fcgid libxml2 ## Let's install MariaDB apt -y install mariadb-server mariadb-client ## Configure Apache2 and php8.2 systemctl stop apache2 && a2dismod php8.2 && a2dismod mpm_prefork && a2enmod mpm_event proxy proxy_fcgi setenvif rewrite && a2enconf php8.2-fpm && systemctl restart apache2 ## Time to harden MariaDB systemctl enable mariadb systemctl start mariadb echo "UPDATE mysql.global_priv SET priv=json_set(priv, '$.password_last_changed', UNIX_TIMESTAMP(), '$.plugin', 'mysql_native_password', '$.authentication_string', 'invalid', '$.auth_or', json_array(json_object(), json_object('plugin', 'unix_socket'))) WHERE User='root';" | mysql echo "FLUSH PRIVILEGES;" | mysql echo "UPDATE mysql.global_priv SET priv=json_set(priv, '$.plugin', 'mysql_native_password', '$.authentication_string', PASSWORD('basic_single_escape \"$sqlrootpass\"')) WHERE User='root';" | mysql echo "DELETE FROM mysql.global_priv WHERE User='';" | mysql echo "DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" | mysql echo "DROP DATABASE IF EXISTS test;" | mysql echo "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" | mysql echo "FLUSH PRIVILEGES;" | mysql ## Let's setup the database for Nextcloud echo "CREATE DATABASE $dbname; CREATE USER $dbuser@localhost IDENTIFIED BY '$dbpass'; GRANT ALL PRIVILEGES ON $dbname.* TO $dbuser@localhost; FLUSH PRIVILEGES;" | mysql ## Time to download the latest copy of Nextcloud wget https://download.nextcloud.com/server/releases/latest.zip ## Unzip files to /var/www/html unzip latest.zip -d /var/www/ rm -R /var/www/html mv /var/www/nextcloud /var/www/html chown -R www-data:www-data /var/www/html ## Let's create a safe place for your files mkdir /home/nextcloudfiles chown -R www-data:www-data /home/nextcloudfiles ## Do webconfig ## Get token temp=$(curl -S http://localhost/index.php | grep "data-requesttoken") token=${temp:20:-2} ## Submit Installation curl -s -X POST "http://localhost/index.php" -H "Content-Type: application/x-www-form-urlencoded" -d "install=true&adminlogin=$adminuser&adminpass=$adminpass&directory=%2Fhome%2Fnextcloudfiles&dbtype=mysql&dbuser=$dbuser&dbpass=$dbpass&dbpass-clone=$dbpass&dbname=$dbname&dbhost=localhost" ## Setup https (selfsigned) a2enmod ssl && a2ensite default-ssl.conf && systemctl restart apache2 ## Overridding the need for a domain name mv /var/www/html/config/config.php /var/www/html/config/config.php.old head -n 8 /var/www/html/config/config.php.old > /var/www/html/config/config.php echo " 1 => '*'," >> /var/www/html/config/config.php tail -n 14 /var/www/html/config/config.php.old >> /var/www/html/config/config.php chown www-data:www-data /var/www/html/config/config.php ## DONE echo "You can now configure your networking for static IP, but what I do," echo "is assign a static IP by using DHCP reservation in my Router." echo "You can forward port 80 and 443. But even if you connect on port 80" echo "it will switch to port 443 (https) and give you a security warning." echo "This is because it's a selfsigned certificate. But at least your data" echo "is encrypted between browser and server." echo "If you have any issues, DM me on Reddit u/thisiszeev"