|
|
@@ -178,6 +178,7 @@ MEDIAGOBLIN_ADMIN_PASSWORD=
|
|
178
|
178
|
# Domain name for microblog installation
|
|
179
|
179
|
MICROBLOG_DOMAIN_NAME=
|
|
180
|
180
|
MICROBLOG_CODE=
|
|
|
181
|
+MICROBLOG_ONION_PORT=8087
|
|
181
|
182
|
MICROBLOG_REPO="git://gitorious.org/social/mainline.git"
|
|
182
|
183
|
MICROBLOG_ADMIN_PASSWORD=
|
|
183
|
184
|
GNUSOCIAL_COMMIT='5b847eff120264c3e9571e8a939e6b3a30e68032'
|
|
|
@@ -7263,7 +7264,7 @@ function install_blog {
|
|
7263
|
7264
|
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
|
|
7264
|
7265
|
chmod 600 /home/$MY_USERNAME/README
|
|
7265
|
7266
|
fi
|
|
7266
|
|
- echo "Blog onion domain:${HUBZILLA_ONION_HOSTNAME}" >> $COMPLETION_FILE
|
|
|
7267
|
+ echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
|
|
7267
|
7268
|
|
|
7268
|
7269
|
# update the dynamic DNS
|
|
7269
|
7270
|
CURRENT_DDNS_DOMAIN=$FULLBLOG_DOMAIN_NAME
|
|
|
@@ -7303,7 +7304,6 @@ function install_gnu_social {
|
|
7303
|
7304
|
return
|
|
7304
|
7305
|
fi
|
|
7305
|
7306
|
|
|
7306
|
|
-
|
|
7307
|
7307
|
install_mariadb
|
|
7308
|
7308
|
get_mariadb_password
|
|
7309
|
7309
|
repair_databases_script
|
|
|
@@ -7444,6 +7444,49 @@ quit" > $INSTALL_DIR/batch.sql
|
|
7444
|
7444
|
echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
7445
|
7445
|
echo " error_log /var/log/nginx/${MICROBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
7446
|
7446
|
echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7447
|
+ echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7448
|
+ echo 'server {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7449
|
+ echo " listen 127.0.0.1:${MICROBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7450
|
+ echo " server_name $MICROBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7451
|
+ echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7452
|
+ echo ' index index.php index.html index.htm;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7453
|
+ echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7454
|
+ echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7455
|
+ echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7456
|
+ echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7457
|
+ echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7458
|
+ echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7459
|
+ echo ' # Zero-day exploit defense.' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7460
|
+ echo ' # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7461
|
+ echo ' try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7462
|
+ echo ' fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7463
|
+ echo ' fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7464
|
+ echo ' include fastcgi_params;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7465
|
+ echo ' fastcgi_index index.php;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7466
|
+ echo ' fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7467
|
+ echo ' fastcgi_read_timeout 300;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7468
|
+ echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7469
|
+ echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7470
|
+ echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7471
|
+ echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7472
|
+ echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7473
|
+ echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7474
|
+ echo ' location / {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7475
|
+ echo ' rewrite ^(.*)$ /index.php?p=$1 last;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7476
|
+ echo ' break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7477
|
+ echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7478
|
+ echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7479
|
+ echo ' location ~* ^/(.*)\.(ico|css|js|gif|png|jpg|bmp|JPG|jpeg)$ {' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7480
|
+ echo " root /var/www/$MICROBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7481
|
+ echo ' rewrite ^/(.*)$ /$1 break;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7482
|
+ echo ' access_log off;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7483
|
+ echo ' expires max;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7484
|
+ echo ' }' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7485
|
+ echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7486
|
+ echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7487
|
+ echo '' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7488
|
+ echo " error_log /var/log/nginx/${MICROBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
|
7489
|
+ echo '}' >> /etc/nginx/sites-available/$MICROBLOG_DOMAIN_NAME
|
|
7447
|
7490
|
|
|
7448
|
7491
|
configure_php
|
|
7449
|
7492
|
|
|
|
@@ -7504,8 +7547,34 @@ quit" > $INSTALL_DIR/batch.sql
|
|
7504
|
7547
|
echo "${PROJECT_NAME}-repair-database gnusocial" >> /etc/cron.hourly/repair
|
|
7505
|
7548
|
fi
|
|
7506
|
7549
|
nginx_ensite $MICROBLOG_DOMAIN_NAME
|
|
|
7550
|
+
|
|
|
7551
|
+ if [ ! -d /var/lib/tor ]; then
|
|
|
7552
|
+ echo $'No Tor installation found. GNU Social onion site cannot be configured.'
|
|
|
7553
|
+ exit 45927
|
|
|
7554
|
+ fi
|
|
|
7555
|
+ if ! grep -q "hidden_service_microblog" /etc/tor/torrc; then
|
|
|
7556
|
+ echo 'HiddenServiceDir /var/lib/tor/hidden_service_microblog/' >> /etc/tor/torrc
|
|
|
7557
|
+ echo "HiddenServicePort 80 127.0.0.1:${MICROBLOG_ONION_PORT}" >> /etc/tor/torrc
|
|
|
7558
|
+ echo $'Added onion site for GNU Social'
|
|
|
7559
|
+ fi
|
|
|
7560
|
+
|
|
7507
|
7561
|
service php5-fpm restart
|
|
7508
|
7562
|
service nginx restart
|
|
|
7563
|
+ systemctl restart tor
|
|
|
7564
|
+
|
|
|
7565
|
+ if [ ! -f /var/lib/tor/hidden_service_microblog/hostname ]; then
|
|
|
7566
|
+ echo $'GNU Social onion site hostname not found'
|
|
|
7567
|
+ exit 12054
|
|
|
7568
|
+ fi
|
|
|
7569
|
+ MICROBLOG_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_microblog/hostname)
|
|
|
7570
|
+
|
|
|
7571
|
+ if ! grep -q "GNU Social onion domain" /home/$MY_USERNAME/README; then
|
|
|
7572
|
+ echo "GNU Social onion domain: ${MICROBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
|
|
|
7573
|
+ echo '' >> /home/$MY_USERNAME/README
|
|
|
7574
|
+ chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
|
|
|
7575
|
+ chmod 600 /home/$MY_USERNAME/README
|
|
|
7576
|
+ fi
|
|
|
7577
|
+ echo "GNU Social onion domain:${MICROBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE
|
|
7509
|
7578
|
|
|
7510
|
7579
|
# some post-install instructions for the user
|
|
7511
|
7580
|
if ! grep -q $"To set up your microblog go to" /home/$MY_USERNAME/README; then
|
Bob Mottram
9 years ago