9 years ago · 73ca1e0bbf
--- a/src/freedombone
+++ b/src/freedombone
 
															 SEARCH_ENGINE_PATH=/etc
														
 
															 SEARCH_ENGINE_ONION_PORT=8094
														
 
															 SEARCH_ENGINE_ONION_HOSTNAME=
														
 
															+SEARCH_ENGINE_LOGIN_TEXT=$"Search engine login"
														
 
															 GPG_KEYSERVER="hkp://keys.gnupg.net"
														
 
															     echo 'install_web_server' >> $COMPLETION_FILE
														
 
															 }
														
 
															+function install_web_server_access_control {
														
 
															+    if [ ! -f /etc/pam.d/nginx ]; then
														
 
															+        echo '#%PAM-1.0' > /etc/pam.d/nginx
														
 
															+        echo '@include common-auth' >> /etc/pam.d/nginx
														
 
															+        echo '@include common-account' >> /etc/pam.d/nginx
														
 
															+        echo '@include common-session' >> /etc/pam.d/nginx
														
 
															+    fi
														
 
															+}
														
 
															+
														
 
															 function configure_php {
														
 
															     sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini
														
 
															     sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini
														
 
															 }
														
 
															 function install_search_engine {
														
 
															-    # Note: having a search engine is a nice idea, but at present there are a couple
														
 
															-    # of problems. One is that there is no access control, such that J random web surfer
														
 
															-    # could use your search engine. Secondly, the outgoing connection to other search
														
 
															-    # engines currently can't be socks5 proxied. This potentially causes legal liability
														
 
															-    # issues for the user - (i) providing secondard services beyond household members
														
 
															-    # and (ii) adversaries could try to incriminate you by searching for things illegal
														
 
															-    # within your zone.
														
 
															-    # Until these factors are addressed it's unwise to have this enabled by default.
														
 
															+    # Note: currently socks5 outgoing proxies to other search engines does not work
														
 
															     if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
														
 
															         return
														
 
															     fi
														
 
															     echo '        proxy_set_header X-Remote-Port $remote_port;' >> /etc/nginx/sites-available/searx
														
 
															     echo '        proxy_set_header X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/searx
														
 
															     echo '        proxy_redirect off;' >> /etc/nginx/sites-available/searx
														
 
															+    echo "        auth_pam \"${SEARCH_ENGINE_LOGIN_TEXT}\";" >> /etc/nginx/sites-available/searx
														
 
															+    echo '        auth_pam_service_name "nginx";' >> /etc/nginx/sites-available/searx
														
 
															     echo '    }' >> /etc/nginx/sites-available/searx
														
 
															     echo '' >> /etc/nginx/sites-available/searx
														
 
															     echo '    fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/searx
														
 
															 import_email
														
 
															 script_for_attaching_usb_drive
														
 
															 install_web_server
														
 
															+install_web_server_access_control
														
 
															 configure_firewall_for_web_server
														
 
															 install_owncloud
														
 
															 install_owncloud_music_app