free
/
freedombone
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
4411 提交
5 分支
目录树: 48466cebd2
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '48466cebd2'
${ noResults }
freedombone/src/freedombone-app-blog

freedombone-app-blog 29KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540 
  1. #!/bin/bash

  2. #

  3. # .---.                  .              .

  4. # |                      |              |

  5. # |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.

  6. # |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'

  7. # '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'

  8. #

  9. #                    Freedom in the Cloud

  10. #

  11. # Blog functions

  12. #

  13. # License

  14. # =======

  15. #

  16. # Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>

  17. #

  18. # This program is free software: you can redistribute it and/or modify

  19. # it under the terms of the GNU Affero General Public License as published by

  20. # the Free Software Foundation, either version 3 of the License, or

  21. # (at your option) any later version.

  22. #

  23. # This program is distributed in the hope that it will be useful,

  24. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  25. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  26. # GNU Affero General Public License for more details.

  27. #

  28. # You should have received a copy of the GNU Affero General Public License

  29. # along with this program.  If not, see <http://www.gnu.org/licenses/>.

  30. 

  31. VARIANTS="full writer"

  32. 

  33. FULLBLOG_DOMAIN_NAME=

  34. FULLBLOG_CODE=

  35. FULLBLOG_ONION_PORT=8086

  36. FULLBLOG_REPO="https://github.com/danpros/htmly"

  37. FULLBLOG_COMMIT='bf5fe9486160be4da86d8987d3e5c977e1dc6d32'

  38. MY_BLOG_TITLE="My Blog"

  39. MY_BLOG_SUBTITLE="Another ${PROJECT_NAME} Blog"

  40. 

  41. function change_password_blog {

  42.     if ! grep -q "Blog domain:" $COMPLETION_FILE; then

  43.         return

  44.         echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE

  45.     fi

  46.     FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | head -n 1 | awk -F ':' '{print $2}')

  47. 

  48.     BLOG_USERNAME="$1"

  49.     BLOG_PASSWORD="$2"

  50.     if [ ${#BLOG_PASSWORD} -lt 8 ]; then

  51.         echo $'Blog password is too short'

  52.         return

  53.     fi

  54.     BLOG_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$BLOG_PASSWORD")

  55.     if [ ${#BLOG_PASSWORD_HASH} -lt 8 ]; then

  56.         echo $'Blog admin password could not be hashed'

  57.         exit 625728

  58.     fi

  59.     sed -i "s|password =.*|password = $BLOG_PASSWORD_HASH|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$BLOG_USERNAME.ini

  60. }

  61. 

  62. function reconfigure_blog {

  63.     echo -n ''

  64. }

  65. 

  66. function upgrade_blog {

  67.     if ! grep -Fxq "install_blog" $COMPLETION_FILE; then

  68.         return

  69.     fi

  70.     function_check set_repo_commit

  71.     set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO

  72. 

  73.     # update blog avatar

  74.     ${PROJECT_NAME}-blog

  75. }

  76. 

  77. function backup_local_blog {

  78.     FULLBLOG_DOMAIN_NAME='blog'

  79.     if grep -q "Blog domain" $COMPLETION_FILE; then

  80.         FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')

  81.     fi

  82. 

  83.     source_directory=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs

  84.     if [ -d $source_directory ]; then

  85.         dest_directory=blog

  86.         echo $"Backing up $source_directory to $dest_directory"

  87. 

  88.         function_check suspend_site

  89.         suspend_site ${FULLBLOG_DOMAIN_NAME}

  90. 

  91.         function_check backup_directory_to_usb

  92.         backup_directory_to_usb $source_directory $dest_directory

  93. 

  94.         function_check restart_site

  95.         restart_site

  96. 

  97.         echo $"Backup to $dest_directory complete"

  98.     fi

  99. }

  100. 

  101. function restore_local_blog {

  102.     FULLBLOG_DOMAIN_NAME='blog'

  103.     if grep -q "Blog domain" $COMPLETION_FILE; then

  104.         FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')

  105.     fi

  106.     if [ $FULLBLOG_DOMAIN_NAME ]; then

  107.         echo $"Restoring blog installation"

  108.         temp_restore_dir=/root/tempblog

  109.         restore_directory_from_usb $temp_restore_dir blog

  110.         rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs

  111.         cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/

  112.         if [ ! "$?" = "0" ]; then

  113.             set_user_permissions

  114.             backup_unmount_drive

  115.             exit 593

  116.         fi

  117.         rm -rf $temp_restore_dir

  118.         if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then

  119.             echo $"No content directory found after restoring blog"

  120.             set_user_permissions

  121.             backup_unmount_drive

  122.             exit 287

  123.         fi

  124.         chown -R www-data:www-data /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs

  125.         # Ensure that the bundled SSL cert is being used

  126.         if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then

  127.             sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME}

  128.         fi

  129.         for d in /home/*/ ; do

  130.             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')

  131.             if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then

  132.                 if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then

  133.                     mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post

  134.                 fi

  135.             fi

  136.         done

  137.         if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then

  138.             ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key

  139.             ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem

  140.         fi

  141.     fi

  142. }

  143. 

  144. function backup_remote_blog {

  145.     if grep -q "Blog domain" $COMPLETION_FILE; then

  146.         FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')

  147.         temp_backup_dir=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs

  148.         if [ -d $temp_backup_dir ]; then

  149.             echo $"Backing up blog"

  150.             backup_directory_to_friend $temp_backup_dir blog

  151.             echo $"Backup of blog complete"

  152.         else

  153.             echo $"Blog domain specified but not found in $temp_backup_dir"

  154.             exit 2578

  155.         fi

  156.     fi

  157. }

  158. 

  159. function restore_remote_blog {

  160.     if [ -d $SERVER_DIRECTORY/backup/blog ]; then

  161.         FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')

  162.         echo $"Restoring blog installation $FULLBLOG_DOMAIN_NAME"

  163.         temp_restore_dir=/root/tempblog

  164.         mkdir $temp_restore_dir

  165.         function_check restore_directory_from_friend

  166.         restore_directory_from_friend $temp_restore_dir blog

  167.         rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs

  168.         cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/

  169.         if [ ! "$?" = "0" ]; then

  170.             exit 593

  171.         fi

  172.         rm -rf $temp_restore_dir

  173.         if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then

  174.             echo $"No content directory found after restoring blog"

  175.             exit 287

  176.         fi

  177.         # Ensure that the bundled SSL cert is being used

  178.         if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then

  179.             sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME}

  180.         fi

  181.         for d in /home/*/ ; do

  182.             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')

  183.             if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then

  184.                 if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then

  185.                     mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post

  186.                 fi

  187.             fi

  188.         done

  189.         if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then

  190.             ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key

  191.             ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem

  192.         fi

  193.         echo $"Restore of blog complete"

  194.     fi

  195. }

  196. 

  197. function remove_blog {

  198.     if ! grep -Fxq "install_blog" $COMPLETION_FILE; then

  199.         return

  200.     fi

  201.     if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then

  202.         rm -rf /var/www/$FULLBLOG_DOMAIN_NAME

  203.     fi

  204.     nginx_dissite $FULLBLOG_DOMAIN_NAME

  205.     if [ ! -f /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME ]; then

  206.         rm -rf /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  207.     fi

  208.     if [ $FULLBLOG_CODE ]; then

  209.         if [ -f /usr/bin/dynamicdns ]; then

  210.             sed -i "/$FULLBLOG_DOMAIN_NAME/d" /usr/bin/dynamicdns

  211.             sed -i "/$FULLBLOG_CODE/d" /usr/bin/dynamicdns

  212.         fi

  213.     fi

  214.     function_check remove_onion_service

  215.     remove_onion_service blog ${FULLBLOG_ONION_PORT}

  216.     sed -i '/install_blog/d' $COMPLETION_FILE

  217.     sed -i '/Blog .*/d' $COMPLETION_FILE

  218. }

  219. 

  220. function get_blog_admin_password {

  221.     if [ -f /home/$MY_USERNAME/README ]; then

  222.         if grep -q "Your blog password is" /home/$MY_USERNAME/README; then

  223.             FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//')

  224.         fi

  225.     fi

  226. }

  227. 

  228. function install_blog_social_networks {

  229.     # set social networks

  230.     if grep -q "social.hubzilla" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then

  231.         sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  232.         sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  233.     fi

  234.     if grep -q "social.gnusocial" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then

  235.         sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  236.         sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROBLOG_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  237.     fi

  238. 

  239.     # clear proprietary social network strings

  240.     sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  241.     sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  242.     sed -i 's|social.google.*|social.google = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  243. }

  244. 

  245. function install_blog_user {

  246.     # create a user password

  247.     function_check get_blog_admin_password

  248.     get_blog_admin_password

  249.     if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then

  250.         if [ -f $IMAGE_PASSWORD_FILE ]; then

  251.             FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"

  252.         else

  253.             FULLBLOG_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"

  254.         fi

  255.         echo '' >> /home/$MY_USERNAME/README

  256.         echo '' >> /home/$MY_USERNAME/README

  257.         echo $'HTMLy Blog' >> /home/$MY_USERNAME/README

  258.         echo '==========' >> /home/$MY_USERNAME/README

  259.         echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README

  260.         echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README

  261.         if [[ $ONION_ONLY == 'no' ]]; then

  262.             echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README

  263.         fi

  264.         chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  265.         chmod 600 /home/$MY_USERNAME/README

  266.     fi

  267. 

  268.     # create a user

  269.     FULLBLOG_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$FULLBLOG_ADMIN_PASSWORD")

  270.     if [ ${#FULLBLOG_ADMIN_PASSWORD_HASH} -lt 8 ]; then

  271.         echo $'Blog admin password could not be hashed'

  272.         exit 625728

  273.     fi

  274.     echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  275.     echo "password = $FULLBLOG_ADMIN_PASSWORD_HASH" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  276.     echo 'encryption = password_hash' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  277.     echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  278.     echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  279. }

  280. 

  281. function install_blog_settings {

  282.     cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  283.     sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  284.     sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  285.     sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  286.     sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  287.     sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  288. }

  289. 

  290. function install_blog_website {

  291.     function_check nginx_http_redirect

  292.     nginx_http_redirect $FULLBLOG_DOMAIN_NAME

  293.     echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  294.     echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  295.     echo "    root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  296.     echo "    server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  297.     echo '    access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  298.     echo "    error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  299.     echo '    index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  300.     echo '    charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  301.     echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  302.     function_check nginx_limits

  303.     nginx_limits $FULLBLOG_DOMAIN_NAME

  304.     function_check nginx_ssl

  305.     nginx_ssl $FULLBLOG_DOMAIN_NAME

  306.     function_check nginx_disable_sniffing

  307.     nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME

  308.     echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  309.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  310.     echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  311.     echo '    location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  312.     echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  313.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  314.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  315.     echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  316.     echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  317.     echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  318.     echo '        allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  319.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  320.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  321.     echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  322.     echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  323.     echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  324.     echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  325.     echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  326.     echo '        expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  327.     echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  328.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  329.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  330.     echo '    # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  331.     echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  332.     echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  333.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  334.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  335.     echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  336.     echo '    # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  337.     echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  338.     echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  339.     echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  340.     echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  341.     echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  342.     echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  343.     echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  344.     echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  345.     echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  346.     echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  347.     echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  348.     echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  349.     echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  350.     echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  351.     echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  352.     echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  353.     echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  354.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  355.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  356.     echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  357.     echo '    location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  358.     echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  359.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  360.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  361.     echo '    #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  362.     echo '    location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  363.     echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  364.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  365.     echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  366.     echo '      deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  367.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  368.     echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  369.     echo '      deny  all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  370.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  371.     echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  372.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  373. }

  374. 

  375. function install_blog_website_onion {

  376.     echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  377.     echo "    listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  378.     echo "    root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  379.     echo "    server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  380.     echo '    access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  381.     echo "    error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  382.     echo '    index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  383.     echo '    charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  384.     echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  385.     function_check nginx_limits

  386.     nginx_limits $FULLBLOG_DOMAIN_NAME

  387.     function_check nginx_disable_sniffing

  388.     nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME

  389.     echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  390.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  391.     echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  392.     echo '    location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  393.     echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  394.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  395.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  396.     echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  397.     echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  398.     echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  399.     echo '        allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  400.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  401.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  402.     echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  403.     echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  404.     echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  405.     echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  406.     echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  407.     echo '        expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  408.     echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  409.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  410.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  411.     echo '    # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  412.     echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  413.     echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  414.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  415.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  416.     echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  417.     echo '    # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  418.     echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  419.     echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  420.     echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  421.     echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  422.     echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  423.     echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  424.     echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  425.     echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  426.     echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  427.     echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  428.     echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  429.     echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  430.     echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  431.     echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  432.     echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  433.     echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  434.     echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  435.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  436.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  437.     echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  438.     echo '    location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  439.     echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  440.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  441.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  442.     echo '    #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  443.     echo '    location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  444.     echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  445.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  446.     echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  447.     echo '      deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  448.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  449.     echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  450.     echo '      deny  all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  451.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  452.     echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  453. }

  454. 

  455. function install_blog_from_repo {

  456.     if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then

  457.         mkdir /var/www/$FULLBLOG_DOMAIN_NAME

  458.     fi

  459. 

  460.     cd /var/www/$FULLBLOG_DOMAIN_NAME

  461.     git_clone $FULLBLOG_REPO htdocs

  462.     cd htdocs

  463.     git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT

  464.     if ! grep -q "Blog commit" $COMPLETION_FILE; then

  465.         echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE

  466.     else

  467.         sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE

  468.     fi

  469. }

  470. 

  471. function install_blog {

  472.     if [ ! $FULLBLOG_DOMAIN_NAME ]; then

  473.         echo $'The blog domain name was not specified'

  474.         exit 5062

  475.     fi

  476. 

  477.     if grep -Fxq "install_blog" $COMPLETION_FILE; then

  478.         return

  479.     fi

  480. 

  481.     # for the avatar changing command

  482.     apt-get -y install imagemagick

  483. 

  484.     function_check install_blog_from_repo

  485.     install_blog_from_repo

  486. 

  487.     if [[ $ONION_ONLY == "no" ]]; then

  488.         function_check install_blog_website

  489.         install_blog_website

  490.     else

  491.         echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  492.     fi

  493.     function_check install_blog_website_onion

  494.     install_blog_website_onion

  495. 

  496.     function_check create_site_certificate

  497.     create_site_certificate $FULLBLOG_DOMAIN_NAME 'yes'

  498. 

  499.     function_check configure_php

  500.     configure_php

  501. 

  502.     function_check install_blog_settings

  503.     install_blog_settings

  504. 

  505.     function_check install_blog_social_networks

  506.     install_blog_social_networks

  507. 

  508.     function_check install_blog_user

  509.     install_blog_user

  510. 

  511.     chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs

  512. 

  513.     FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT})

  514. 

  515.     function_check nginx_ensite

  516.     nginx_ensite $FULLBLOG_DOMAIN_NAME

  517. 

  518.     systemctl restart php5-fpm

  519.     systemctl restart nginx

  520. 

  521.     if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then

  522.         echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README

  523.         echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README

  524.         echo '' >> /home/$MY_USERNAME/README

  525.         chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  526.         chmod 600 /home/$MY_USERNAME/README

  527.     fi

  528.     echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE

  529. 

  530.     function_check add_ddns_domain

  531.     add_ddns_domain $FULLBLOG_DOMAIN_NAME

  532. 

  533.     if ! grep -q "Blog domain:" $COMPLETION_FILE; then

  534.         echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE

  535.     fi

  536. 

  537.     echo 'install_blog' >> $COMPLETION_FILE

  538. }

  539. 

  540. # NOTE: deliberately no exit 0