free
/
freedombone
關注 1
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
4975 提交
5 分支
目錄樹: 795da819f9
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
from '795da819f9'
${ noResults }
freedombone/src/freedombone-app-dokuwiki

freedombone-app-dokuwiki 27KB
歷史記錄 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506 
  1. #!/bin/bash

  2. #

  3. # .---.                  .              .

  4. # |                      |              |

  5. # |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.

  6. # |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'

  7. # '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'

  8. #

  9. #                    Freedom in the Cloud

  10. #

  11. # Dokuwiki application

  12. #

  13. # License

  14. # =======

  15. #

  16. # Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>

  17. #

  18. # This program is free software: you can redistribute it and/or modify

  19. # it under the terms of the GNU Affero General Public License as published by

  20. # the Free Software Foundation, either version 3 of the License, or

  21. # (at your option) any later version.

  22. #

  23. # This program is distributed in the hope that it will be useful,

  24. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  25. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  26. # GNU Affero General Public License for more details.

  27. #

  28. # You should have received a copy of the GNU Affero General Public License

  29. # along with this program.  If not, see <http://www.gnu.org/licenses/>.

  30. 

  31. VARIANTS='full full-vim writer'

  32. 

  33. IN_DEFAULT_INSTALL=0

  34. 

  35. SHOW_ON_ABOUT=1

  36. 

  37. DOKUWIKI_DOMAIN_NAME=

  38. DOKUWIKI_ADMIN_PASSWORD=

  39. DOKUWIKI_TITLE="${PROJECT_NAME} Dokuwiki"

  40. DOKUWIKI_CODE=

  41. DOKUWIKI_ONION_PORT=8089

  42. 

  43. dokuwiki_variables=(ONION_ONLY

  44.                 MY_USERNAME

  45.                 DOKUWIKI_TITLE

  46.                 DOKUWIKI_DOMAIN_NAME

  47.                 DOKUWIKI_CODE

  48.                 DDNS_PROVIDER)

  49. 

  50. function install_interactive_dokuwiki {

  51.     if [[ $ONION_ONLY != "no" ]]; then

  52.         DOKUWIKI_TITLE=$'My Dokuwiki'

  53.         DOKUWIKI_DOMAIN_NAME='dokuwiki.local'

  54.         write_config_param "DOKUWIKI_TITLE" "$DOKUWIKI_TITLE"

  55.         write_config_param "DOKUWIKI_DOMAIN_NAME" "$DOKUWIKI_DOMAIN_NAME"

  56.     else

  57.         function_check interactive_site_details_with_title

  58.         interactive_site_details_with_title "dokuwiki" "DOKUWIKI_TITLE" "DOKUWIKI_DOMAIN_NAME" "DOKUWIKI_CODE"

  59.     fi

  60.     APP_INSTALLED=1

  61. }

  62. 

  63. function change_password_dokuwiki {

  64.     echo -n ''

  65. }

  66. 

  67. function reconfigure_dokuwiki {

  68.     echo -n ''

  69. }

  70. 

  71. function upgrade_dokuwiki {

  72.     echo -n ''

  73. }

  74. 

  75. function backup_local_dokuwiki {

  76.     source_directory=/var/lib/dokuwiki

  77.     if [ -d $source_directory ]; then

  78.         dest_directory=dokuwiki

  79.         echo $"Backing up $source_directory to $dest_directory"

  80. 

  81.         function_check backup_directory_to_usb

  82.         backup_directory_to_usb $source_directory $dest_directory

  83.         backup_directory_to_usb /etc/dokuwiki dokuwiki2

  84. 

  85.         echo $"Backup to $dest_directory complete"

  86.     fi

  87. }

  88. 

  89. function restore_local_dokuwiki {

  90.     if [ -d /var/lib/dokuwiki ]; then

  91.         echo $"Restoring Dokuwiki installation"

  92.         function_check get_completion_param

  93.         DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")

  94.         temp_restore_dir=/root/tempdokuwiki

  95.         function_check restore_directory_from_usb

  96.         restore_directory_from_usb $temp_restore_dir wiki

  97.         restore_directory_from_usb $temp_restore_dir dokuwiki

  98.         cp -r $temp_restore_dir/var/lib/dokuwiki/* /var/lib/dokuwiki/

  99.         if [ ! "$?" = "0" ]; then

  100.             function_check restore_directory_from_usb

  101.             set_user_permissions

  102.             function_check backup_unmount_drive

  103.             backup_unmount_drive

  104.             exit 868

  105.         fi

  106.         restore_directory_from_usb ${temp_restore_dir}2 dokuwiki2

  107.         cp -r ${temp_restore_dir}2/etc/dokuwiki/* /etc/dokuwiki/

  108.         if [ ! "$?" = "0" ]; then

  109.             function_check set_user_permissions

  110.             set_user_permissions

  111.             function_check backup_unmount_drive

  112.             backup_unmount_drive

  113.             exit 869

  114.         fi

  115.         rm -rf $temp_restore_dir

  116.         rm -rf ${temp_restore_dir}2

  117.         rm -rf /var/lib/dokuwiki/data/cache/*

  118.         rm -rf /var/lib/dokuwiki/data/meta/*

  119.         chmod -R 755 /var/lib/dokuwiki/data

  120.         chown -R www-data:www-data /var/lib/dokuwiki/data

  121.         chown -R www-data:www-data /var/lib/dokuwiki/*

  122.         # Ensure that the bundled SSL cert is being used

  123.         if [ -f /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.bundle.crt ]; then

  124.             sed -i "s|${DOKUWIKI_DOMAIN_NAME}.crt|${DOKUWIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${DOKUWIKI_DOMAIN_NAME}

  125.         fi

  126.         if [ -d /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME} ]; then

  127.             ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${DOKUWIKI_DOMAIN_NAME}.key

  128.             ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.pem

  129.         fi

  130.         echo $"Restore of Dokuwiki complete"

  131.     fi

  132. }

  133. 

  134. function backup_remote_dokuwiki {

  135.     if [ -d /etc/dokuwiki ]; then

  136.         echo $"Backing up dokuwiki"

  137.         backup_directory_to_friend /var/lib/dokuwiki dokuwiki

  138.         backup_directory_to_friend /etc/dokuwiki dokuwiki2

  139.     fi

  140. }

  141. 

  142. function restore_remote_dokuwiki {

  143.     if [ -d $SERVER_DIRECTORY/backup/dokuwiki ]; then

  144.         function_check get_completion_param

  145.         DOKUWIKI_DOMAIN_NAME=$(get_completion_param "dokuwiki domain")

  146.         echo $"Restoring Dokuwiki installation $DOKUWIKI_DOMAIN_NAME"

  147.         function_check restore_directory_from_friend

  148.         restore_directory_from_friend /root/tempdokuwiki dokuwiki

  149.         cp -r /root/tempdokuwiki/var/lib/dokuwiki/* /var/lib/dokuwiki/

  150.         if [ ! "$?" = "0" ]; then

  151.             exit 868

  152.         fi

  153.         restore_directory_from_friend /root/tempdokuwiki2 dokuwiki2

  154.         cp -r /root/tempdokuwiki2/etc/dokuwiki/* /etc/dokuwiki/

  155.         if [ ! "$?" = "0" ]; then

  156.             exit 869

  157.         fi

  158.         rm -rf /root/tempdokuwiki

  159.         rm -rf /root/tempdokuwiki2

  160.         rm -rf /var/lib/dokuwiki/data/cache/*

  161.         rm -rf /var/lib/dokuwiki/data/meta/*

  162.         chmod -R 755 /var/lib/dokuwiki/data

  163.         chown -R www-data:www-data /var/lib/dokuwiki/data

  164.         chown -R www-data:www-data /var/lib/dokuwiki/*

  165.         # Ensure that the bundled SSL cert is being used

  166.         if [ -f /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.bundle.crt ]; then

  167.             sed -i "s|${DOKUWIKI_DOMAIN_NAME}.crt|${DOKUWIKI_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${DOKUWIKI_DOMAIN_NAME}

  168.         fi

  169.         if [ -d /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME} ]; then

  170.             ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${DOKUWIKI_DOMAIN_NAME}.key

  171.             ln -s /etc/letsencrypt/live/${DOKUWIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${DOKUWIKI_DOMAIN_NAME}.pem

  172.         fi

  173.         echo $"Restore of Dokuwiki complete"

  174.     fi

  175. }

  176. 

  177. function remove_dokuwiki {

  178.     if [ ${#DOKUWIKI_DOMAIN_NAME} -eq 0 ]; then

  179.         return

  180.     fi

  181.     function_check remove_onion_service

  182.     remove_onion_service dokuwiki ${DOKUWIKI_ONION_PORT}

  183.     nginx_dissite $DOKUWIKI_DOMAIN_NAME

  184.     remove_certs $DOKUWIKI_DOMAIN_NAME

  185.     if [ -f /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME ]; then

  186.         rm /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  187.     fi

  188.     apt-get -yq remove --purge dokuwiki

  189.     if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then

  190.         rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME

  191.     fi

  192.     if [ -d /var/lib/dokuwiki ]; then

  193.         rm -rf /var/lib/dokuwiki

  194.     fi

  195.     if [ -d /etc/dokuwiki ]; then

  196.         rm -rf /etc/dokuwiki

  197.     fi

  198.     if [ -d /usr/share/dokuwiki ]; then

  199.         rm -rf /usr/share/dokuwiki

  200.     fi

  201.     remove_completion_param "install_dokuwiki"

  202.     remove_completion_param "dokuwiki domain"

  203.     sed -i '/Dokuwiki/d' /home/$MY_USERNAME/README

  204.     sed -i '/dokuwiki/d' $COMPLETION_FILE

  205. }

  206. 

  207. function get_dokuwiki_admin_password {

  208.     if [ -f /home/$MY_USERNAME/README ]; then

  209.         if grep -q "Dokuwiki password" /home/$MY_USERNAME/README; then

  210.             DOKUWIKI_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Dokuwiki password:" | awk -F ':' '{print $2}' | sed 's/^ *//')

  211.         fi

  212.     fi

  213. }

  214. 

  215. function install_dokuwiki {

  216.     if [ ! $DOKUWIKI_DOMAIN_NAME ]; then

  217.         return

  218.     fi

  219.     apt-get -yq install dokuwiki

  220.     apt-get -yq remove --purge apache*

  221.     if [ -d /etc/apache2 ]; then

  222.         rm -rf /etc/apache2

  223.         echo $'Removed Apache installation after Dokuwiki install'

  224.     fi

  225. 

  226.     if [ ! -d /var/www/$DOKUWIKI_DOMAIN_NAME ]; then

  227.         mkdir /var/www/$DOKUWIKI_DOMAIN_NAME

  228.     fi

  229.     if [ -d /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs ]; then

  230.         rm -rf /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs

  231.     fi

  232. 

  233.     ln -s /usr/share/dokuwiki /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs

  234. 

  235.     if [ ! -d /var/lib/dokuwiki/custom ]; then

  236.         mkdir /var/lib/dokuwiki/custom

  237.     fi

  238.     cp /etc/dokuwiki/local.php.dist /var/lib/dokuwiki/custom/local.php

  239.     if [ ! -f /etc/dokuwiki/local.php ]; then

  240.         ln -s /var/lib/dokuwiki/custom/local.php /etc/dokuwiki/local.php

  241.     fi

  242. 

  243.     chown www-data /var/lib/dokuwiki/custom

  244.     chown www-data /var/lib/dokuwiki/custom/local.php

  245.     chown -R www-data /etc/dokuwiki

  246.     chown -R www-data /usr/share/dokuwiki/lib/

  247.     chmod 600 /var/lib/dokuwiki/custom/local.php

  248.     chmod -R 755 /usr/share/dokuwiki/lib

  249. 

  250.     sed -i 's|//$conf|$conf|g' /var/lib/dokuwiki/custom/local.php

  251.     sed -i "s|joe|$MY_USERNAME|g" /var/lib/dokuwiki/custom/local.php

  252. 

  253.     sed -i "s|Debian Dokuwiki|$DOKUWIKI_TITLE|g" /etc/dokuwiki/local.php

  254.     sed -i "s|Debian DokuWiki|$DOKUWIKI_TITLE|g" /etc/dokuwiki/local.php

  255. 

  256.     # set the admin user

  257.     sed -i "s/@admin/$MY_USERNAME/g" /etc/dokuwiki/local.php

  258. 

  259.     # disallow registration of new users

  260.     if ! grep -q "disableactions" /etc/dokuwiki/local.php; then

  261.         echo "\$conf['disableactions'] = 'register';" >> /etc/dokuwiki/local.php

  262.     fi

  263.     if ! grep -q "disableactions" /var/lib/dokuwiki/custom/local.php; then

  264.         echo "\$conf['disableactions'] = 'register';" >> /var/lib/dokuwiki/custom/local.php

  265.     fi

  266. 

  267.     if ! grep -q "authtype" /var/lib/dokuwiki/custom/local.php; then

  268.         echo "\$conf['authtype'] = 'authplain';" >> /var/lib/dokuwiki/custom/local.php

  269.     fi

  270.     if ! grep -q "authtype" /etc/dokuwiki/local.php; then

  271.         echo "\$conf['authtype'] = 'authplain';" >> /etc/dokuwiki/local.php

  272.     fi

  273. 

  274.     function_check get_dokuwiki_admin_password

  275.     get_dokuwiki_admin_password

  276.     if [ ! $DOKUWIKI_ADMIN_PASSWORD ]; then

  277.         if [ -f $IMAGE_PASSWORD_FILE ]; then

  278.             DOKUWIKI_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"

  279.         else

  280.             DOKUWIKI_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"

  281.         fi

  282.     fi

  283.     HASHED_DOKUWIKI_PASSWORD=$(echo -n "$DOKUWIKI_ADMIN_PASSWORD" | md5sum | awk -F ' ' '{print $1}')

  284.     echo -n "$MY_USERNAME:$HASHED_DOKUWIKI_PASSWORD:$MY_NAME:$MY_EMAIL:admin,user,upload" > /var/lib/dokuwiki/acl/users.auth.php

  285.     chmod 640 /var/lib/dokuwiki/acl/users.auth.php

  286. 

  287.     if ! grep -q "video/ogg" /etc/dokuwiki/mime.conf; then

  288.         echo 'ogv     video/ogg' >> /etc/dokuwiki/mime.conf

  289.     fi

  290.     if ! grep -q "video/mp4" /etc/dokuwiki/mime.conf; then

  291.         echo 'mp4     video/mp4' >> /etc/dokuwiki/mime.conf

  292.     fi

  293.     if ! grep -q "video/webm" /etc/dokuwiki/mime.conf; then

  294.         echo 'webm    video/webm' >> /etc/dokuwiki/mime.conf

  295.     fi

  296. 

  297.     DOKUWIKI_ONION_HOSTNAME=$(add_onion_service dokuwiki 80 ${DOKUWIKI_ONION_PORT})

  298.     set_completion_param "dokuwiki domain" "${DOKUWIKI_DOMAIN_NAME}"

  299. 

  300.     if [[ $ONION_ONLY == "no" ]]; then

  301.         function_check nginx_http_redirect

  302.         nginx_http_redirect $DOKUWIKI_DOMAIN_NAME

  303.         echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  304.         echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  305.         echo "    root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  306.         echo "    server_name $DOKUWIKI_DOMAIN_NAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  307.         echo '    access_log off;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  308.         echo "    error_log /var/log/nginx/${DOKUWIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  309.         echo '    index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  310.         echo '    charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  311.         echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  312.         function_check nginx_ssl

  313.         nginx_ssl $DOKUWIKI_DOMAIN_NAME

  314.         function_check nginx_disable_sniffing

  315.         nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME

  316.         echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  317.         echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  318.         echo '    # webmail' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  319.         echo '    location /webmail {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  320.         function_check nginx_limits

  321.         nginx_limits $DOKUWIKI_DOMAIN_NAME

  322.         echo '        rewrite ^/(.*) /webmail/index.php last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  323.         echo '        rewrite ^/(.*) /webmail/installer/index.php last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  324.         echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  325.         echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  326.         echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  327.         echo '    location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  328.         function_check nginx_limits

  329.         nginx_limits $DOKUWIKI_DOMAIN_NAME

  330.         echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  331.         echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  332.         echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  333.         echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  334.         echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  335.         echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  336.         echo '        allow all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  337.         echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  338.         echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  339.         echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  340.         echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  341.         echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  342.         echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  343.         echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  344.         echo '        expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  345.         echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  346.         echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  347.         echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  348.         echo '    # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  349.         echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  350.         echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  351.         echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  352.         echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  353.         echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  354.         echo '    # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  355.         echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  356.         function_check nginx_limits

  357.         nginx_limits $DOKUWIKI_DOMAIN_NAME

  358.         echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  359.         echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  360.         echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  361.         echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  362.         echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  363.         echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  364.         echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  365.         echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  366.         echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  367.         echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  368.         echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  369.         echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  370.         echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  371.         echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  372.         echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  373.         echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  374.         echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  375.         echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  376.         echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  377.         echo '    location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  378.         echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  379.         echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  380.         echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  381.         echo '    #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  382.         echo '    location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  383.         echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  384.         echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  385.         echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  386.         echo '      deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  387.         echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  388.         echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  389.         echo '      deny  all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  390.         echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  391.         echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  392.         echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  393.     else

  394.         echo -n '' > /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  395.     fi

  396.     echo 'server {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  397.     echo "    listen 127.0.0.1:${DOKUWIKI_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  398.     echo "    root /var/www/$DOKUWIKI_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  399.     echo "    server_name $DOKUWIKI_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  400.     echo '    access_log off;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  401.     echo "    error_log /var/log/nginx/${DOKUWIKI_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  402.     echo '    index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  403.     echo '    charset utf-8;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  404.     echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  405.     function_check nginx_disable_sniffing

  406.     nginx_disable_sniffing $DOKUWIKI_DOMAIN_NAME

  407.     echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  408.     echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  409.     echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  410.     echo '    location / {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  411.     function_check nginx_limits

  412.     nginx_limits $DOKUWIKI_DOMAIN_NAME

  413.     echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  414.     echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  415.     echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  416.     echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  417.     echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  418.     echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  419.     echo '        allow all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  420.     echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  421.     echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  422.     echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  423.     echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  424.     echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  425.     echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  426.     echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  427.     echo '        expires 30d;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  428.     echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  429.     echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  430.     echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  431.     echo '    # block these file types' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  432.     echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  433.     echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  434.     echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  435.     echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  436.     echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  437.     echo '    # or a unix socket' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  438.     echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  439.     function_check nginx_limits

  440.     nginx_limits $DOKUWIKI_DOMAIN_NAME

  441.     echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  442.     echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  443.     echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  444.     echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  445.     echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  446.     echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  447.     echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  448.     echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  449.     echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  450.     echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  451.     echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  452.     echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  453.     echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  454.     echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  455.     echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  456.     echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  457.     echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  458.     echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  459.     echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  460.     echo '    location ~ /\. {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  461.     echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  462.     echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  463.     echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  464.     echo '    #deny access to store' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  465.     echo '    location ~ /store {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  466.     echo '        deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  467.     echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  468.     echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  469.     echo '      deny all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  470.     echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  471.     echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  472.     echo '      deny  all;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  473.     echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  474.     echo '}' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

  475. 

  476.     function_check create_site_certificate

  477.     create_site_certificate $DOKUWIKI_DOMAIN_NAME

  478. 

  479.     function_check configure_php

  480.     configure_php

  481. 

  482.     nginx_ensite $DOKUWIKI_DOMAIN_NAME

  483. 

  484.     systemctl restart php5-fpm

  485.     systemctl restart nginx

  486. 

  487.     function_check add_ddns_domain

  488.     add_ddns_domain $DOKUWIKI_DOMAIN_NAME

  489. 

  490.     # add some post-install instructions

  491.     if ! grep -q $"Dokuwiki password" /home/$MY_USERNAME/README; then

  492.         echo '' >> /home/$MY_USERNAME/README

  493.         echo '' >> /home/$MY_USERNAME/README

  494.         echo $'# Dokuwiki' >> /home/$MY_USERNAME/README

  495.         echo $"Dokuwiki onion domain: ${DOKUWIKI_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README

  496.         echo $"Dokuwiki username: $MY_USERNAME" >> /home/$MY_USERNAME/README

  497.         echo $"Dokuwiki password: $DOKUWIKI_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README

  498.         echo '' >> /home/$MY_USERNAME/README

  499.         chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  500.         chmod 600 /home/$MY_USERNAME/README

  501.     fi

  502. 

  503.     APP_INSTALLED=1

  504. }

  505. 

  506. # NOTE: deliberately no exit 0