9 gadus atpakaļ · 73ca1e0bbf
--- a/src/freedombone
+++ b/src/freedombone
@@ -257,6 +257,7 @@ SEARCH_ENGINE_COMMIT='fee556c9904637051a9ba874ba7e71cd9f10789f'
 
				 SEARCH_ENGINE_PATH=/etc
			
 
				 SEARCH_ENGINE_ONION_PORT=8094
			
 
				 SEARCH_ENGINE_ONION_HOSTNAME=
			
 
				+SEARCH_ENGINE_LOGIN_TEXT=$"Search engine login"
			
 
				 
			
 
				 GPG_KEYSERVER="hkp://keys.gnupg.net"
			
 
				 
			
@@ -6235,6 +6236,15 @@ function install_web_server {
 
				     echo 'install_web_server' >> $COMPLETION_FILE
			
 
				 }
			
 
				 
			
 
				+function install_web_server_access_control {
			
 
				+    if [ ! -f /etc/pam.d/nginx ]; then
			
 
				+        echo '#%PAM-1.0' > /etc/pam.d/nginx
			
 
				+        echo '@include common-auth' >> /etc/pam.d/nginx
			
 
				+        echo '@include common-account' >> /etc/pam.d/nginx
			
 
				+        echo '@include common-session' >> /etc/pam.d/nginx
			
 
				+    fi
			
 
				+}
			
 
				+
			
 
				 function configure_php {
			
 
				     sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini
			
 
				     sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini
			
@@ -9160,14 +9170,7 @@ function install_gnu_social_markdown {
 
				 }
			
 
				 
			
 
				 function install_search_engine {
			
 
				-    # Note: having a search engine is a nice idea, but at present there are a couple
			
 
				-    # of problems. One is that there is no access control, such that J random web surfer
			
 
				-    # could use your search engine. Secondly, the outgoing connection to other search
			
 
				-    # engines currently can't be socks5 proxied. This potentially causes legal liability
			
 
				-    # issues for the user - (i) providing secondard services beyond household members
			
 
				-    # and (ii) adversaries could try to incriminate you by searching for things illegal
			
 
				-    # within your zone.
			
 
				-    # Until these factors are addressed it's unwise to have this enabled by default.
			
 
				+    # Note: currently socks5 outgoing proxies to other search engines does not work
			
 
				     if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
			
 
				         return
			
 
				     fi
			
@@ -9293,6 +9296,8 @@ function install_search_engine {
 
				     echo '        proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx
			
 
				     echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx
			
 
				     echo '        proxy_redirect off;' >> /etc/nginx/sites-available/searx
			
 
				+    echo "        auth_pam \"${SEARCH_ENGINE_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx
			
 
				+    echo '        auth_pam_service_name "nginx";' >> /etc/nginx/sites-available/searx
			
 
				     echo '    }' >> /etc/nginx/sites-available/searx
			
 
				     echo '' >> /etc/nginx/sites-available/searx
			
 
				     echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx
			
@@ -10680,6 +10685,7 @@ encrypt_all_email
 
				 import_email
			
 
				 script_for_attaching_usb_drive
			
 
				 install_web_server
			
 
				+install_web_server_access_control
			
 
				 configure_firewall_for_web_server
			
 
				 install_owncloud
			
 
				 install_owncloud_music_app