pelican web site

src/freedombone-app-pelican

 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=0
 
-PELICAN_BLOG_DOMAIN=
+PELICAN_DOMAIN_NAME=
 PELICAN_BLOG_CODE=
 
 PELICAN_THEMES_REPO="https://github.com/getpelican/pelican-themes"
 
 pelican_variables=(MY_USERNAME
                    ONION_ONLY
-                   PELICAN_BLOG_DOMAIN
+                   PELICAN_DOMAIN_NAME
                    PELICAN_BLOG_CODE)
 
+
+function install_pelican_website {
+    if [[ $ONION_ONLY == 'no' ]]; then
+        echo -n '' > /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+        return
+    fi
+    function_check nginx_http_redirect
+    nginx_http_redirect $PELICAN_DOMAIN_NAME
+    echo 'server {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    listen [::]:443 ssl;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo "    server_name ${PELICAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    index index.html;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    charset utf-8;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    function_check nginx_ssl
+    nginx_ssl $PELICAN_DOMAIN_NAME
+    function_check nginx_disable_sniffing
+    nginx_disable_sniffing $PELICAN_DOMAIN_NAME
+    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    location / {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    function_check nginx_limits
+    nginx_limits $PELICAN_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_keybase ${PELICAN_DOMAIN_NAME}
+    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '      deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '      deny  all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '}' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+
+    function_check create_site_certificate
+    create_site_certificate $PELICAN_DOMAIN_NAME 'yes'
+}
+
+function install_pelican_website_onion {
+    echo 'server {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo "    listen 127.0.0.1:${HTMLY_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo "    root /var/www/${PELICAN_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo "    server_name ${PELICAN_DOMAIN_NAME};" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    index index.html;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    charset utf-8;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    function_check nginx_disable_sniffing
+    nginx_disable_sniffing $PELICAN_DOMAIN_NAME
+    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    location / {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    function_check nginx_limits
+    nginx_limits $PELICAN_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    nginx_keybase ${PELICAN_DOMAIN_NAME}
+    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '      deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '      deny  all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+    echo '}' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
+}
+
 function pelican_editor_config {
     if [ ! -f $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican ]; then
         echo "(add-hook 'before-save-hook 'delete-trailing-whitespace)" > $PELICAN_BLOG_INSTALL_DIR/.emacs-pelican
 
     cd $PELICAN_BLOG_INSTALL_DIR
     make html
-    cp -r $PELICAN_BLOG_INSTALL_DIR/output/* /var/www/$PELICAN_BLOG_DOMAIN/htdocs/
-    chown -R www-data:www-data /var/www/$PELICAN_BLOG_DOMAIN/htdocs
+    cp -r $PELICAN_BLOG_INSTALL_DIR/output/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
+    chown -R www-data:www-data /var/www/$PELICAN_DOMAIN_NAME/htdocs
 }
 
 function pelican_new_blog {
     fi
 
     if [[ $ONION_ONLY != "no" ]]; then
-        PELICAN_BLOG_DOMAIN='pelican.local'
+        PELICAN_DOMAIN_NAME='pelican.local'
     else
         PELICAN_DETAILS_COMPLETE=
         while [ ! $PELICAN_DETAILS_COMPLETE ]
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Pelican Blog Configuration" \
                        --form $"\nPlease enter your blog details.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
-                       $"Domain:" 1 1 "$(grep 'PELICAN_BLOG_DOMAIN' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
+                       $"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        $"Code:" 2 1 "$(grep 'PELICAN_BLOG_CODE' temp.cfg | awk -F '=' '{print $2}')" 2 25 33 255 \
                        2> $data
             else
                 dialog --backtitle $"Freedombone Configuration" \
                        --title $"Pelican Blog Configuration" \
                        --form $"\nPlease enter your GNU Social details. The background image URL can be left blank.\n\nIMPORTANT: This should be a domain name which is supported by Let's Encrypt:" 14 65 2 \
-                       $"Domain:" 1 1 "$(grep 'PELICAN_BLOG_DOMAIN' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
+                       $"Domain:" 1 1 "$(grep 'PELICAN_DOMAIN_NAME' temp.cfg | awk -F '=' '{print $2}')" 1 25 33 40 \
                        2> $data
             fi
             sel=$?
                 1) exit 1;;
                 255) exit 1;;
             esac
-            PELICAN_BLOG_DOMAIN=$(cat $data | sed -n 1p)
-            if [ $PELICAN_BLOG_DOMAIN ]; then
-                if [[ $PELICAN_BLOG_DOMAIN == "$HUBZILLA_DOMAIN_NAME" ]]; then
-                    PELICAN_BLOG_DOMAIN=""
+            PELICAN_DOMAIN_NAME=$(cat $data | sed -n 1p)
+            if [ $PELICAN_DOMAIN_NAME ]; then
+                if [[ $PELICAN_DOMAIN_NAME == "$HUBZILLA_DOMAIN_NAME" ]]; then
+                    PELICAN_DOMAIN_NAME=""
                 fi
-                TEST_DOMAIN_NAME=$PELICAN_BLOG_DOMAIN
+                TEST_DOMAIN_NAME=$PELICAN_DOMAIN_NAME
                 validate_domain_name
-                if [[ $TEST_DOMAIN_NAME != $PELICAN_BLOG_DOMAIN ]]; then
-                    PELICAN_BLOG_DOMAIN=
+                if [[ $TEST_DOMAIN_NAME != $PELICAN_DOMAIN_NAME ]]; then
+                    PELICAN_DOMAIN_NAME=
                     dialog --title $"Domain name validation" --msgbox "$TEST_DOMAIN_NAME" 15 50
                 else
                     if [[ $DDNS_PROVIDER == "default@freedns.afraid.org" ]]; then
                         PELICAN_BLOG_CODE=$(cat $data | sed -n 2p)
                         validate_freedns_code "$PELICAN_BLOG_CODE"
                         if [ ! $VALID_CODE ]; then
-                            PELICAN_BLOG_DOMAIN=
+                            PELICAN_DOMAIN_NAME=
                         fi
                     fi
                 fi
             fi
-            if [ $PELICAN_BLOG_DOMAIN ]; then
+            if [ $PELICAN_DOMAIN_NAME ]; then
                 PELICAN_DETAILS_COMPLETE="yes"
             fi
         done
         # save the results in the config file
         write_config_param "PELICAN_BLOG_CODE" "$PELICAN_BLOG_CODE"
     fi
-    write_config_param "PELICAN_BLOG_DOMAIN" "$PELICAN_BLOG_DOMAIN"
+    write_config_param "PELICAN_DOMAIN_NAME" "$PELICAN_DOMAIN_NAME"
     APP_INSTALLED=1
 }
 
         function_check backup_directory_to_usb
         backup_directory_to_usb $source_directory $dest_directory
     fi
-    source_directory=/var/www/$PELICAN_BLOG_DOMAIN/htdocs
+    source_directory=/var/www/$PELICAN_DOMAIN_NAME/htdocs
     if [ -d $source_directory ]; then
         dest_directory=pelican-site
         function_check backup_directory_to_usb
             rm -rf $temp_restore_dir
         fi
     fi
-    if [ -d /var/www/$PELICAN_BLOG_DOMAIN/htdocs ]; then
+    if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then
         if [ -d $USB_MOUNT_DLNA/backup/pelican-site ]; then
             temp_restore_dir=/root/temppelican-site
             function_check restore_directory_from_usb
             restore_directory_from_usb $temp_restore_dir pelican-site
-            cp -r $temp_restore_dir/var/www/$PELICAN_BLOG_DOMAIN/htdocs/* /var/www/$PELICAN_BLOG_DOMAIN/htdocs/
+            cp -r $temp_restore_dir/var/www/$PELICAN_DOMAIN_NAME/htdocs/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
             if [ ! "$?" = "0" ]; then
                 rm -rf $temp_restore_dir
                 function_check set_user_permissions
     if [ -d /etc/blog ]; then
         backup_directory_to_friend /etc/blog pelican
     fi
-    if [ -d /var/www/$PELICAN_BLOG_DOMAIN/htdocs ]; then
-        backup_directory_to_friend /var/www/$PELICAN_BLOG_DOMAIN/htdocs pelican-site
+    if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then
+        backup_directory_to_friend /var/www/$PELICAN_DOMAIN_NAME/htdocs pelican-site
     fi
 }
 
             rm -rf $temp_restore_dir
         fi
     fi
-    if [ -d /var/www/$PELICAN_BLOG_DOMAIN/htdocs ]; then
+    if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then
         if [ -d $SERVER_DIRECTORY/backup/pelican-site ]; then
             temp_restore_dir=/root/temppelican-site
             function_check restore_directory_from_friend
             restore_directory_from_friend $temp_restore_dir pelican-site
-            cp -r $temp_restore_dir/var/www/$PELICAN_BLOG_DOMAIN/htdocs/* /var/www/$PELICAN_BLOG_DOMAIN/htdocs/
+            cp -r $temp_restore_dir/var/www/$PELICAN_DOMAIN_NAME/htdocs/* /var/www/$PELICAN_DOMAIN_NAME/htdocs/
             if [ ! "$?" = "0" ]; then
                 exit 76382562
             fi
 }
 
 function remove_pelican {
-    if [ -d /var/www/$PELICAN_BLOG_DOMAIN/htdocs ]; then
-        rm -rf /var/www/$PELICAN_BLOG_DOMAIN/htdocs
+    if [ -d /var/www/$PELICAN_DOMAIN_NAME/htdocs ]; then
+        rm -rf /var/www/$PELICAN_DOMAIN_NAME/htdocs
     fi
     pip uninstall pelican
-    remove_certs $PELICAN_BLOG_DOMAIN
+    remove_certs $PELICAN_DOMAIN_NAME
 }
 
 function create_pelican_conf {
     pip install typogrify
     pip install pelican
 
-    PELICAN_BLOG_PATH=/var/www/$PELICAN_BLOG_DOMAIN/htdocs
+    PELICAN_BLOG_PATH=/var/www/$PELICAN_DOMAIN_NAME/htdocs
 
     if [ ! -d $PELICAN_BLOG_INSTALL_DIR ]; then
         mkdir -p $PELICAN_BLOG_INSTALL_DIR
 
     pelican_editor_config
 
+    install_pelican_website
+    install_pelican_website_onion
+
+    function_check nginx_ensite
+    nginx_ensite $PELICAN_DOMAIN_NAME
+    systemctl restart nginx
+
     APP_INSTALLED=1
 }