freedombone-app-ghost 17KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444
  1. #!/bin/bash
  2. #
  3. # .---. . .
  4. # | | |
  5. # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
  6. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
  7. # ' ' --' --' -' - -' ' ' -' -' -' ' - --'
  8. #
  9. # Freedom in the Cloud
  10. #
  11. # Ghost blog
  12. #
  13. # License
  14. # =======
  15. #
  16. # Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
  17. #
  18. # This program is free software: you can redistribute it and/or modify
  19. # it under the terms of the GNU Affero General Public License as published by
  20. # the Free Software Foundation, either version 3 of the License, or
  21. # (at your option) any later version.
  22. #
  23. # This program is distributed in the hope that it will be useful,
  24. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  25. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  26. # GNU Affero General Public License for more details.
  27. #
  28. # You should have received a copy of the GNU Affero General Public License
  29. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  30. VARIANTS="full full-vim writer"
  31. IN_DEFAULT_INSTALL=0
  32. SHOW_ON_ABOUT=1
  33. GHOST_DOMAIN_NAME=
  34. GHOST_CODE=
  35. GHOST_ONION_PORT=8104
  36. GHOST_VERSION='0.11.3'
  37. GHOST_PORT=2368
  38. ghost_variables=(GHOST_VERSION
  39. GHOST_DOMAIN_NAME
  40. GHOST_CODE
  41. GHOST_ADMIN_PASSWORD
  42. ONION_ONLY
  43. DDNS_PROVIDER
  44. MY_USERNAME)
  45. function remove_user_ghost {
  46. remove_username="$1"
  47. }
  48. function add_user_ghost {
  49. if [[ $(app_is_installed ghost) == "0" ]]; then
  50. echo '0'
  51. return
  52. fi
  53. new_username="$1"
  54. new_user_password="$2"
  55. echo '0'
  56. }
  57. function install_interactive_ghost {
  58. if [ ! $ONION_ONLY ]; then
  59. ONION_ONLY='no'
  60. fi
  61. if [[ $ONION_ONLY != "no" ]]; then
  62. GHOST_DOMAIN_NAME='ghost.local'
  63. write_config_param "GHOST_DOMAIN_NAME" "$GHOST_DOMAIN_NAME"
  64. else
  65. function_check interactive_site_details
  66. interactive_site_details "ghost" "GHOST_DOMAIN_NAME" "GHOST_CODE"
  67. fi
  68. APP_INSTALLED=1
  69. }
  70. function change_password_ghost {
  71. set_completion_param "ghost domain" "$GHOST_DOMAIN_NAME"
  72. GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
  73. GHOST_USERNAME="$1"
  74. GHOST_PASSWORD="$2"
  75. if [ ${#GHOST_PASSWORD} -lt 8 ]; then
  76. echo $'Ghost password is too short'
  77. return
  78. fi
  79. }
  80. function reconfigure_ghost {
  81. echo -n ''
  82. }
  83. function upgrade_ghost {
  84. read_config_param "GHOST_DOMAIN_NAME"
  85. }
  86. function backup_local_ghost {
  87. GHOST_DOMAIN_NAME='ghost.local'
  88. if grep -q "ghost domain" $COMPLETION_FILE; then
  89. GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
  90. fi
  91. ghost_path=/var/www/${GHOST_DOMAIN_NAME}/htdocs
  92. if [ -d $ghost_path ]; then
  93. function_check backup_database_to_usb
  94. backup_database_to_usb ghost
  95. backup_directory_to_usb $ghost_path ghost
  96. restart_site
  97. fi
  98. }
  99. function restore_local_ghost {
  100. GHOST_DOMAIN_NAME='ghost.local'
  101. if grep -q "ghost domain" $COMPLETION_FILE; then
  102. GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
  103. fi
  104. if [ $GHOST_DOMAIN_NAME ]; then
  105. function_check ghost_create_database
  106. ghost_create_database
  107. function_check restore_database
  108. restore_database ghost ${GHOST_DOMAIN_NAME}
  109. fi
  110. }
  111. function backup_remote_ghost {
  112. GHOST_DOMAIN_NAME='ghost.local'
  113. if grep -q "ghost domain" $COMPLETION_FILE; then
  114. GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
  115. fi
  116. temp_backup_dir=/var/www/${GHOST_DOMAIN_NAME}/htdocs
  117. if [ -d $temp_backup_dir ]; then
  118. suspend_site ${GHOST_DOMAIN_NAME}
  119. backup_database_to_friend ghost
  120. backup_directory_to_friend $temp_backup_dir ghost
  121. restart_site
  122. else
  123. echo $"Ghost domain specified but not found in /var/www/${GHOST_DOMAIN_NAME}"
  124. exit 2578
  125. fi
  126. }
  127. function restore_remote_ghost {
  128. GHOST_DOMAIN_NAME='ghost.local'
  129. if grep -q "ghost domain" $COMPLETION_FILE; then
  130. GHOST_DOMAIN_NAME=$(get_completion_param "ghost domain")
  131. fi
  132. function_check restore_database_from_friend
  133. function_check ghost_create_database
  134. ghost_create_database
  135. restore_database_from_friend ghost ${GHOST_DOMAIN_NAME}
  136. restart_site
  137. chown -R ghost: /var/www/$GHOST_DOMAIN_NAME/htdocs/
  138. }
  139. function remove_ghost {
  140. if [ ${#GHOST_DOMAIN_NAME} -eq 0 ]; then
  141. return
  142. fi
  143. systemctl stop ghost
  144. systemctl disable ghost
  145. rm /etc/systemd/system/ghost.service
  146. function_check remove_nodejs
  147. remove_nodejs ghost
  148. drop_database ghost
  149. remove_backup_database_local ghost
  150. read_config_param "GHOST_DOMAIN_NAME"
  151. nginx_dissite $GHOST_DOMAIN_NAME
  152. remove_certs ${GHOST_DOMAIN_NAME}
  153. deluser --remove-all-files ghost
  154. if [ -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME ]; then
  155. rm -f /etc/nginx/sites-available/$GHOST_DOMAIN_NAME
  156. fi
  157. if [ -d /var/www/$GHOST_DOMAIN_NAME ]; then
  158. rm -rf /var/www/$GHOST_DOMAIN_NAME
  159. fi
  160. remove_config_param GHOST_DOMAIN_NAME
  161. remove_config_param GHOST_CODE
  162. function_check remove_onion_service
  163. remove_onion_service ghost ${GHOST_ONION_PORT}
  164. remove_completion_param "install_ghost"
  165. sed -i '/Ghost/d' $COMPLETION_FILE
  166. sed -i '/ghost/d' $COMPLETION_FILE
  167. sed -i '/ghost/d' /home/$MY_USERNAME/README
  168. sed -i '/Ghost/d' /home/$MY_USERNAME/README
  169. function_check remove_ddns_domain
  170. remove_ddns_domain $GHOST_DOMAIN_NAME
  171. }
  172. function get_ghost_admin_password {
  173. if [ -f /home/$MY_USERNAME/README ]; then
  174. if grep -q "Your ghost password is" /home/$MY_USERNAME/README; then
  175. GHOST_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your ghost password is" | awk -F ':' '{print $2}' | sed 's/^ *//')
  176. fi
  177. fi
  178. }
  179. function ghost_create_config {
  180. ghost_config=/var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
  181. echo "var path = require('path')," > $ghost_config
  182. echo ' config;' >> $ghost_config
  183. echo '' >> $ghost_config
  184. echo 'config = {' >> $ghost_config
  185. echo ' production: {' >> $ghost_config
  186. if [[ $ONION_ONLY == 'no' ]]; then
  187. echo " url: 'https://${GHOST_DOMAIN_NAME}'," >> $ghost_config
  188. else
  189. echo " url: 'http://${GHOST_DOMAIN_NAME}'," >> $ghost_config
  190. fi
  191. echo ' mail: {' >> $ghost_config
  192. echo " transport: 'SMTP'," >> $ghost_config
  193. echo ' options: {' >> $ghost_config
  194. echo " service: 'Sendmail'," >> $ghost_config
  195. echo ' }' >> $ghost_config
  196. echo ' },' >> $ghost_config
  197. echo ' database: {' >> $ghost_config
  198. echo " client: 'mysql'," >> $ghost_config
  199. echo ' connection: {' >> $ghost_config
  200. echo " host : '127.0.0.1'," >> $ghost_config
  201. echo " user : 'root'," >> $ghost_config
  202. echo " password : '${MARIADB_PASSWORD}'," >> $ghost_config
  203. echo " database : 'ghost'," >> $ghost_config
  204. echo " charset : 'utf8'" >> $ghost_config
  205. echo ' }' >> $ghost_config
  206. echo ' },' >> $ghost_config
  207. echo '' >> $ghost_config
  208. echo ' server: {' >> $ghost_config
  209. echo " host: '127.0.0.1'," >> $ghost_config
  210. echo " port: '${GHOST_PORT}'" >> $ghost_config
  211. echo ' },' >> $ghost_config
  212. echo ' logging: false' >> $ghost_config
  213. echo ' }' >> $ghost_config
  214. echo '};' >> $ghost_config
  215. echo '' >> $ghost_config
  216. echo 'module.exports = config;' >> $ghost_config
  217. chmod 700 $ghost_config
  218. }
  219. function ghost_create_database {
  220. function_check get_mariadb_git_admin_password
  221. get_mariadb_git_admin_password
  222. if [ ! ${GIT_ADMIN_PASSWORD} ]; then
  223. if [ -f ${IMAGE_PASSWORD_FILE} ]; then
  224. GIT_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
  225. else
  226. GIT_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
  227. fi
  228. fi
  229. if [ ! $GIT_ADMIN_PASSWORD ]; then
  230. return
  231. fi
  232. function_check create_database
  233. create_database ghost "$GHOST_ADMIN_PASSWORD"
  234. }
  235. function install_ghost {
  236. if [ ! $ONION_ONLY ]; then
  237. ONION_ONLY='no'
  238. fi
  239. if [ ! $GHOST_DOMAIN_NAME ]; then
  240. echo $'The ghost domain name was not specified'
  241. exit 5062
  242. fi
  243. # for the avatar changing command
  244. apt-get -yq install unzip wget
  245. if [ ! -d /var/www/$GHOST_DOMAIN_NAME/htdocs ]; then
  246. mkdir -p /var/www/$GHOST_DOMAIN_NAME/htdocs
  247. fi
  248. cd /var/www/$GHOST_DOMAIN_NAME/htdocs
  249. wget https://ghost.org/zip/ghost-${GHOST_VERSION}.zip
  250. if [ ! -f ghost-${GHOST_VERSION}.zip ]; then
  251. echo $'Unable to download ghost'
  252. rm -rf /var/www/$GHOST_DOMAIN_NAME
  253. exit 63892
  254. fi
  255. unzip ghost-${GHOST_VERSION}.zip
  256. if [ ! -f /var/www/${GHOST_DOMAIN_NAME}/htdocs/index.js ]; then
  257. echo $'ghost failed to unzip'
  258. rm -rf /var/www/$GHOST_DOMAIN_NAME
  259. exit 63835
  260. fi
  261. function_check install_nodejs
  262. install_nodejs ghost
  263. sed -i "/sqlite/d" /var/www/${GHOST_DOMAIN_NAME}/htdocs/package.json
  264. npm install --production
  265. function_check install_mariadb
  266. install_mariadb
  267. function_check get_mariadb_password
  268. get_mariadb_password
  269. function_check ghost_create_database
  270. ghost_create_database
  271. ghost_create_config
  272. adduser --system --home=/var/www/${GHOST_DOMAIN_NAME}/htdocs/ --group ghost
  273. chown -R ghost: /var/www/${GHOST_DOMAIN_NAME}/htdocs/
  274. echo '[Unit]' > /etc/systemd/system/ghost.service
  275. echo 'Description=Ghost Blog' >> /etc/systemd/system/ghost.service
  276. echo 'After=syslog.target' >> /etc/systemd/system/ghost.service
  277. echo 'After=network.target' >> /etc/systemd/system/ghost.service
  278. echo 'After=mysqld.service' >> /etc/systemd/system/ghost.service
  279. echo '' >> /etc/systemd/system/ghost.service
  280. echo '[Service]' >> /etc/systemd/system/ghost.service
  281. echo 'Type=simple' >> /etc/systemd/system/ghost.service
  282. echo 'User=ghost' >> /etc/systemd/system/ghost.service
  283. echo 'Group=ghost' >> /etc/systemd/system/ghost.service
  284. echo "WorkingDirectory=/var/www/${GHOST_DOMAIN_NAME}/htdocs" >> /etc/systemd/system/ghost.service
  285. echo "ExecStart=/usr/local/bin/node /var/www/${GHOST_DOMAIN_NAME}/htdocs/index.js" >> /etc/systemd/system/ghost.service
  286. echo 'Restart=always' >> /etc/systemd/system/ghost.service
  287. echo 'RestartSec=60' >> /etc/systemd/system/ghost.service
  288. echo "Environment=NODE_ENV=production PORT=${GHOST_PORT}" >> /etc/systemd/system/ghost.service
  289. echo '' >> /etc/systemd/system/ghost.service
  290. echo '[Install]' >> /etc/systemd/system/ghost.service
  291. echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ghost.service
  292. systemctl enable ghost
  293. systemctl daemon-reload
  294. systemctl start ghost
  295. if [[ ${ONION_ONLY} == "no" ]]; then
  296. function_check nginx_http_redirect
  297. nginx_http_redirect ${GHOST_DOMAIN_NAME}
  298. echo 'server {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  299. echo ' listen 443 ssl;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  300. echo " root /var/www/${GHOST_DOMAIN_NAME}/htdocs;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  301. echo " server_name ${GHOST_DOMAIN_NAME};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  302. echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  303. echo " error_log /var/log/nginx/${GHOST_DOMAIN_NAME}_error.log ${WEBSERVER_LOG_LEVEL};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  304. echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  305. function_check nginx_ssl
  306. nginx_ssl ${GHOST_DOMAIN_NAME}
  307. function_check nginx_disable_sniffing
  308. nginx_disable_sniffing ${GHOST_DOMAIN_NAME}
  309. echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  310. echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  311. echo ' location / {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  312. function_check nginx_limits
  313. nginx_limits ${GHOST_DOMAIN_NAME} '10G'
  314. echo " proxy_pass http://localhost:${GHOST_PORT};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  315. echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  316. echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  317. echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  318. echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  319. echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  320. echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  321. echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  322. echo ' location = /robots.txt {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  323. echo ' allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  324. echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  325. echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  326. echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  327. echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  328. echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  329. else
  330. echo -n '' > /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  331. fi
  332. echo 'server {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  333. echo " listen 127.0.0.1:${GHOST_ONION_PORT} default_server;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  334. echo " root /var/www/$GHOST_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  335. echo " server_name $GHOST_DOMAIN_NAME;" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  336. echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  337. echo " error_log /var/log/nginx/${GHOST_DOMAIN_NAME}_error.log ${WEBSERVER_LOG_LEVEL};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  338. echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  339. function_check nginx_disable_sniffing
  340. nginx_disable_sniffing ${GHOST_DOMAIN_NAME}
  341. echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  342. echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  343. echo ' location / {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  344. function_check nginx_limits
  345. nginx_limits ${GHOST_DOMAIN_NAME} '10G'
  346. echo " proxy_pass http://localhost:${GHOST_PORT};" >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  347. echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  348. echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  349. echo ' fastcgi_buffers 64 4K;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  350. echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  351. echo ' error_page 403 /core/templates/403.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  352. echo ' error_page 404 /core/templates/404.php;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  353. echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  354. echo ' location = /robots.txt {' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  355. echo ' allow all;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  356. echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  357. echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  358. echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  359. echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
  360. function_check create_site_certificate
  361. create_site_certificate $GHOST_DOMAIN_NAME 'yes'
  362. function_check configure_php
  363. configure_php
  364. GHOST_ONION_HOSTNAME=$(add_onion_service ghost 80 ${GHOST_ONION_PORT})
  365. if [[ $ONION_ONLY != 'no' ]]; then
  366. sed -i "s|url: .*|url: 'http://${GHOST_ONION_HOSTNAME}',|g" /var/www/${GHOST_DOMAIN_NAME}/htdocs/config.js
  367. systemctl restart ghost
  368. fi
  369. function_check nginx_ensite
  370. nginx_ensite $GHOST_DOMAIN_NAME
  371. systemctl restart nginx
  372. if ! grep -q "Ghost onion domain" /home/$MY_USERNAME/README; then
  373. echo $"Ghost onion domain: ${GHOST_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README
  374. echo '' >> /home/$MY_USERNAME/README
  375. chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
  376. chmod 600 /home/$MY_USERNAME/README
  377. fi
  378. function_check add_ddns_domain
  379. add_ddns_domain $GHOST_DOMAIN_NAME
  380. set_completion_param "ghost domain" "$GHOST_DOMAIN_NAME"
  381. APP_INSTALLED=1
  382. }
  383. # NOTE: deliberately no exit 0