free
/
freedombone
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
4291 提交
5 分支
目录树: c3cecdad1f
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'c3cecdad1f'
${ noResults }
freedombone/src/freedombone-app-blog

freedombone-app-blog 28KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519 
  1. #!/bin/bash

  2. #

  3. # .---.                  .              .

  4. # |                      |              |

  5. # |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.

  6. # |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'

  7. # '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'

  8. #

  9. #                    Freedom in the Cloud

  10. #

  11. # Blog functions

  12. #

  13. # License

  14. # =======

  15. #

  16. # Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>

  17. #

  18. # This program is free software: you can redistribute it and/or modify

  19. # it under the terms of the GNU Affero General Public License as published by

  20. # the Free Software Foundation, either version 3 of the License, or

  21. # (at your option) any later version.

  22. #

  23. # This program is distributed in the hope that it will be useful,

  24. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  25. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  26. # GNU Affero General Public License for more details.

  27. #

  28. # You should have received a copy of the GNU Affero General Public License

  29. # along with this program.  If not, see <http://www.gnu.org/licenses/>.

  30. 

  31. VARIANTS="full writer"

  32. 

  33. FULLBLOG_DOMAIN_NAME=

  34. FULLBLOG_CODE=

  35. FULLBLOG_ONION_PORT=8086

  36. FULLBLOG_REPO="https://github.com/danpros/htmly"

  37. FULLBLOG_COMMIT='bf5fe9486160be4da86d8987d3e5c977e1dc6d32'

  38. MY_BLOG_TITLE="My Blog"

  39. MY_BLOG_SUBTITLE="Another ${PROJECT_NAME} Blog"

  40. 

  41. function reconfigure_blog {

  42.     echo -n ''

  43. }

  44. 

  45. function upgrade_blog {

  46.     if ! grep -Fxq "install_blog" $COMPLETION_FILE; then

  47.         return

  48.     fi

  49.     function_check set_repo_commit

  50.     set_repo_commit /var/www/$FULLBLOG_DOMAIN_NAME/htdocs "Blog commit" "$FULLBLOG_COMMIT" $FULLBLOG_REPO

  51. 

  52.     # update blog avatar

  53.     ${PROJECT_NAME}-blog

  54. }

  55. 

  56. function backup_local_blog {

  57.     FULLBLOG_DOMAIN_NAME='blog'

  58.     if grep -q "Blog domain" $COMPLETION_FILE; then

  59.         FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')

  60.     fi

  61. 

  62.     source_directory=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs

  63.     if [ -d $source_directory ]; then

  64.         dest_directory=blog

  65.         echo $"Backing up $source_directory to $dest_directory"

  66. 

  67.         function_check suspend_site

  68.         suspend_site ${FULLBLOG_DOMAIN_NAME}

  69. 

  70.         function_check backup_directory_to_usb

  71.         backup_directory_to_usb $source_directory $dest_directory

  72. 

  73.         function_check restart_site

  74.         restart_site

  75. 

  76.         echo $"Backup to $dest_directory complete"

  77.     fi

  78. }

  79. 

  80. function restore_local_blog {

  81.     FULLBLOG_DOMAIN_NAME='blog'

  82.     if grep -q "Blog domain" $COMPLETION_FILE; then

  83.         FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')

  84.     fi

  85.     if [ $FULLBLOG_DOMAIN_NAME ]; then

  86.         echo $"Restoring blog installation"

  87.         temp_restore_dir=/root/tempblog

  88.         restore_directory_from_usb $temp_restore_dir blog

  89.         rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs

  90.         cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/

  91.         if [ ! "$?" = "0" ]; then

  92.             set_user_permissions

  93.             backup_unmount_drive

  94.             exit 593

  95.         fi

  96.         rm -rf $temp_restore_dir

  97.         if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then

  98.             echo $"No content directory found after restoring blog"

  99.             set_user_permissions

  100.             backup_unmount_drive

  101.             exit 287

  102.         fi

  103.         chown -R www-data:www-data /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs

  104.         # Ensure that the bundled SSL cert is being used

  105.         if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then

  106.             sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME}

  107.         fi

  108.         for d in /home/*/ ; do

  109.             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')

  110.             if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then

  111.                 if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then

  112.                     mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post

  113.                 fi

  114.             fi

  115.         done

  116.         if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then

  117.             ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key

  118.             ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem

  119.         fi

  120.     fi

  121. }

  122. 

  123. function backup_remote_blog {

  124.     if grep -q "Blog domain" $COMPLETION_FILE; then

  125.         FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')

  126.         temp_backup_dir=/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs

  127.         if [ -d $temp_backup_dir ]; then

  128.             echo $"Backing up blog"

  129.             backup_directory_to_friend $temp_backup_dir blog

  130.             echo $"Backup of blog complete"

  131.         else

  132.             echo $"Blog domain specified but not found in $temp_backup_dir"

  133.             exit 2578

  134.         fi

  135.     fi

  136. }

  137. 

  138. function restore_remote_blog {

  139.     if [ -d $SERVER_DIRECTORY/backup/blog ]; then

  140.         FULLBLOG_DOMAIN_NAME=$(cat $COMPLETION_FILE | grep "Blog domain" | awk -F ':' '{print $2}')

  141.         echo $"Restoring blog installation $FULLBLOG_DOMAIN_NAME"

  142.         temp_restore_dir=/root/tempblog

  143.         mkdir $temp_restore_dir

  144.         function_check restore_directory_from_friend

  145.         restore_directory_from_friend $temp_restore_dir blog

  146.         rm -rf /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs

  147.         cp -r $temp_restore_dir/var/www/${FULLBLOG_DOMAIN_NAME}/htdocs /var/www/${FULLBLOG_DOMAIN_NAME}/

  148.         if [ ! "$?" = "0" ]; then

  149.             exit 593

  150.         fi

  151.         rm -rf $temp_restore_dir

  152.         if [ ! -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content ]; then

  153.             echo $"No content directory found after restoring blog"

  154.             exit 287

  155.         fi

  156.         # Ensure that the bundled SSL cert is being used

  157.         if [ -f /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.bundle.crt ]; then

  158.             sed -i "s|${FULLBLOG_DOMAIN_NAME}.crt|${FULLBLOG_DOMAIN_NAME}.bundle.crt|g" /etc/nginx/sites-available/${FULLBLOG_DOMAIN_NAME}

  159.         fi

  160.         for d in /home/*/ ; do

  161.             USERNAME=$(echo "$d" | awk -F '/' '{print $3}')

  162.             if [[ $USERNAME != "git" && $USERNAME != "mirrors" && $USERNAME != "sync" && $USERNAME != "tahoelafs" ]]; then

  163.                 if [ -d /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post ]; then

  164.                     mv /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/*.md /var/www/${FULLBLOG_DOMAIN_NAME}/htdocs/content/$USERNAME/blog/uncategorized/post

  165.                 fi

  166.             fi

  167.         done

  168.         if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then

  169.             ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key

  170.             ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem

  171.         fi

  172.         echo $"Restore of blog complete"

  173.     fi

  174. }

  175. 

  176. function remove_blog {

  177.     if ! grep -Fxq "install_blog" $COMPLETION_FILE; then

  178.         return

  179.     fi

  180.     if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then

  181.         rm -rf /var/www/$FULLBLOG_DOMAIN_NAME

  182.     fi

  183.     nginx_dissite $FULLBLOG_DOMAIN_NAME

  184.     if [ ! -f /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME ]; then

  185.         rm -rf /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  186.     fi

  187.     if [ $FULLBLOG_CODE ]; then

  188.         if [ -f /usr/bin/dynamicdns ]; then

  189.             sed -i "/$FULLBLOG_DOMAIN_NAME/d" /usr/bin/dynamicdns

  190.             sed -i "/$FULLBLOG_CODE/d" /usr/bin/dynamicdns

  191.         fi

  192.     fi

  193.     function_check remove_onion_service

  194.     remove_onion_service blog ${FULLBLOG_ONION_PORT}

  195.     sed -i '/install_blog/d' $COMPLETION_FILE

  196.     sed -i '/Blog .*/d' $COMPLETION_FILE

  197. }

  198. 

  199. function get_blog_admin_password {

  200.     if [ -f /home/$MY_USERNAME/README ]; then

  201.         if grep -q "Your blog password is" /home/$MY_USERNAME/README; then

  202.             FULLBLOG_ADMIN_PASSWORD=$(cat /home/$MY_USERNAME/README | grep "Your blog password is" | awk -F ':' '{print $2}' | sed 's/^ *//')

  203.         fi

  204.     fi

  205. }

  206. 

  207. function install_blog_social_networks {

  208.     # set social networks

  209.     if grep -q "social.hubzilla" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then

  210.         sed -i "s|;social.hubzilla|social.hubzilla|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  211.         sed -i "s|social.hubzilla.*|social.hubzilla = \"$HUBZILLA_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  212.     fi

  213.     if grep -q "social.gnusocial" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini; then

  214.         sed -i "s|;social.gnusocial|social.gnusocial|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  215.         sed -i "s|social.gnusocial.*|social.gnusocial = \"$MICROBLOG_DOMAIN_NAME\"|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  216.     fi

  217. 

  218.     # clear proprietary social network strings

  219.     sed -i 's|social.facebook.*|social.facebook = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  220.     sed -i 's|social.twitter.*|social.twitter = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  221.     sed -i 's|social.google.*|social.google = ""|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  222. }

  223. 

  224. function install_blog_user {

  225.     # create a user password

  226.     function_check get_blog_admin_password

  227.     get_blog_admin_password

  228.     if [ ! $FULLBLOG_ADMIN_PASSWORD ]; then

  229.         if [ -f $IMAGE_PASSWORD_FILE ]; then

  230.             FULLBLOG_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"

  231.         else

  232.             FULLBLOG_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"

  233.         fi

  234.         echo '' >> /home/$MY_USERNAME/README

  235.         echo '' >> /home/$MY_USERNAME/README

  236.         echo $'HTMLy Blog' >> /home/$MY_USERNAME/README

  237.         echo '==========' >> /home/$MY_USERNAME/README

  238.         echo $"Your blog username: $MY_USERNAME" >> /home/$MY_USERNAME/README

  239.         echo $"Your blog password is: $FULLBLOG_ADMIN_PASSWORD" >> /home/$MY_USERNAME/README

  240.         if [[ $ONION_ONLY == 'no' ]]; then

  241.             echo $"Log into your blog at https://$FULLBLOG_DOMAIN_NAME/login" >> /home/$MY_USERNAME/README

  242.         fi

  243.         chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  244.         chmod 600 /home/$MY_USERNAME/README

  245.     fi

  246. 

  247.     # create a user

  248.     FULLBLOG_ADMIN_PASSWORD_HASH=$(${PROJECT_NAME}-sec --bloghash "$FULLBLOG_ADMIN_PASSWORD")

  249.     if [ ${#FULLBLOG_ADMIN_PASSWORD_HASH} -lt 8 ]; then

  250.         echo $'Blog admin password could not be hashed'

  251.         exit 625728

  252.     fi

  253.     echo ';Password' > /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  254.     echo "password = $FULLBLOG_ADMIN_PASSWORD_HASH" >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  255.     echo 'encryption = password_hash' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  256.     echo ';Role' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  257.     echo 'role = admin' >> /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/users/$MY_USERNAME.ini

  258. }

  259. 

  260. function install_blog_settings {

  261.     cp /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini.example /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  262.     sed -i "s|site.url.*|site.url = '/'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  263.     sed -i "s|blog.title.*|blog.title = '$MY_BLOG_TITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  264.     sed -i "s|blog.tagline.*|blog.tagline = '$MY_BLOG_SUBTITLE'|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  265.     sed -i 's|timezone.*|timezone = "Europe/London"|g' /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  266.     sed -i "s|Your name|$MY_NAME|g" /var/www/$FULLBLOG_DOMAIN_NAME/htdocs/config/config.ini

  267. }

  268. 

  269. function install_blog_website {

  270.     function_check nginx_http_redirect

  271.     nginx_http_redirect $FULLBLOG_DOMAIN_NAME

  272.     echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  273.     echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  274.     echo "    root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  275.     echo "    server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  276.     echo '    access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  277.     echo "    error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  278.     echo '    index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  279.     echo '    charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  280.     echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  281.     function_check nginx_limits

  282.     nginx_limits $FULLBLOG_DOMAIN_NAME

  283.     function_check nginx_ssl

  284.     nginx_ssl $FULLBLOG_DOMAIN_NAME

  285.     function_check nginx_disable_sniffing

  286.     nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME

  287.     echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  288.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  289.     echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  290.     echo '    location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  291.     echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  292.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  293.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  294.     echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  295.     echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  296.     echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  297.     echo '        allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  298.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  299.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  300.     echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  301.     echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  302.     echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  303.     echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  304.     echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  305.     echo '        expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  306.     echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  307.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  308.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  309.     echo '    # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  310.     echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  311.     echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  312.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  313.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  314.     echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  315.     echo '    # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  316.     echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  317.     echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  318.     echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  319.     echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  320.     echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  321.     echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  322.     echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  323.     echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  324.     echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  325.     echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  326.     echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  327.     echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  328.     echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  329.     echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  330.     echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  331.     echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  332.     echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  333.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  334.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  335.     echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  336.     echo '    location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  337.     echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  338.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  339.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  340.     echo '    #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  341.     echo '    location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  342.     echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  343.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  344.     echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  345.     echo '      deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  346.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  347.     echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  348.     echo '      deny  all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  349.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  350.     echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  351.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  352. }

  353. 

  354. function install_blog_website_onion {

  355.     echo 'server {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  356.     echo "    listen 127.0.0.1:${FULLBLOG_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  357.     echo "    root /var/www/$FULLBLOG_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  358.     echo "    server_name $FULLBLOG_DOMAIN_NAME;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  359.     echo '    access_log off;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  360.     echo "    error_log /var/log/nginx/${FULLBLOG_DOMAIN_NAME}_error_ssl.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  361.     echo '    index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  362.     echo '    charset utf-8;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  363.     echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  364.     function_check nginx_limits

  365.     nginx_limits $FULLBLOG_DOMAIN_NAME

  366.     function_check nginx_disable_sniffing

  367.     nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME

  368.     echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  369.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  370.     echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  371.     echo '    location / {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  372.     echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  373.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  374.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  375.     echo "    # make sure webfinger and other well known services aren't blocked" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  376.     echo '    # by denying dot files and rewrite request to the front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  377.     echo '    location ^~ /.well-known/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  378.     echo '        allow all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  379.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  380.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  381.     echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  382.     echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  383.     echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  384.     echo '    # added .htm for advanced source code editor library' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  385.     echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  386.     echo '        expires 30d;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  387.     echo '        try_files $uri /index.php?q=$uri&$args;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  388.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  389.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  390.     echo '    # block these file types' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  391.     echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  392.     echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  393.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  394.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  395.     echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  396.     echo '    # or a unix socket' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  397.     echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  398.     echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  399.     echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  400.     echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  401.     echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  402.     echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  403.     echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  404.     echo '        try_files $uri $uri/ /index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  405.     echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  406.     echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  407.     echo '        # With php5-cgi alone:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  408.     echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  409.     echo '        # With php5-fpm:' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  410.     echo '        fastcgi_pass unix:/var/run/php5-fpm.sock;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  411.     echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  412.     echo '        fastcgi_index index.php;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  413.     echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  414.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  415.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  416.     echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  417.     echo '    location ~ /\. {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  418.     echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  419.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  420.     echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  421.     echo '    #deny access to store' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  422.     echo '    location ~ /store {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  423.     echo '        deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  424.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  425.     echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  426.     echo '      deny all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  427.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  428.     echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  429.     echo '      deny  all;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  430.     echo '    }' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  431.     echo '}' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  432. }

  433. 

  434. function install_blog_from_repo {

  435.     if [ ! -d /var/www/$FULLBLOG_DOMAIN_NAME ]; then

  436.         mkdir /var/www/$FULLBLOG_DOMAIN_NAME

  437.     fi

  438. 

  439.     cd /var/www/$FULLBLOG_DOMAIN_NAME

  440.     git_clone $FULLBLOG_REPO htdocs

  441.     cd htdocs

  442.     git checkout $FULLBLOG_COMMIT -b $FULLBLOG_COMMIT

  443.     if ! grep -q "Blog commit" $COMPLETION_FILE; then

  444.         echo "Blog commit:$FULLBLOG_COMMIT" >> $COMPLETION_FILE

  445.     else

  446.         sed -i "s/Blog commit.*/Blog commit:$FULLBLOG_COMMIT/g" $COMPLETION_FILE

  447.     fi

  448. }

  449. 

  450. function install_blog {

  451.     if [ ! $FULLBLOG_DOMAIN_NAME ]; then

  452.         echo $'The blog domain name was not specified'

  453.         exit 5062

  454.     fi

  455. 

  456.     if grep -Fxq "install_blog" $COMPLETION_FILE; then

  457.         return

  458.     fi

  459. 

  460.     # for the avatar changing command

  461.     apt-get -y install imagemagick

  462. 

  463.     function_check install_blog_from_repo

  464.     install_blog_from_repo

  465. 

  466.     if [[ $ONION_ONLY == "no" ]]; then

  467.         function_check install_blog_website

  468.         install_blog_website

  469.     else

  470.         echo -n '' > /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME

  471.     fi

  472.     function_check install_blog_website_onion

  473.     install_blog_website_onion

  474. 

  475.     function_check create_site_certificate

  476.     create_site_certificate $FULLBLOG_DOMAIN_NAME 'yes'

  477. 

  478.     function_check configure_php

  479.     configure_php

  480. 

  481.     function_check install_blog_settings

  482.     install_blog_settings

  483. 

  484.     function_check install_blog_social_networks

  485.     install_blog_social_networks

  486. 

  487.     function_check install_blog_user

  488.     install_blog_user

  489. 

  490.     chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs

  491. 

  492.     FULLBLOG_ONION_HOSTNAME=$(add_onion_service blog 80 ${FULLBLOG_ONION_PORT})

  493. 

  494.     function_check nginx_ensite

  495.     nginx_ensite $FULLBLOG_DOMAIN_NAME

  496. 

  497.     systemctl restart php5-fpm

  498.     systemctl restart nginx

  499. 

  500.     if ! grep -q "Blog onion domain" /home/$MY_USERNAME/README; then

  501.         echo $"Blog onion domain: ${FULLBLOG_ONION_HOSTNAME}" >> /home/$MY_USERNAME/README

  502.         echo $"Log into your blog at https://${FULLBLOG_ONION_HOSTNAME}/login" >> /home/$MY_USERNAME/README

  503.         echo '' >> /home/$MY_USERNAME/README

  504.         chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README

  505.         chmod 600 /home/$MY_USERNAME/README

  506.     fi

  507.     echo "Blog onion domain:${FULLBLOG_ONION_HOSTNAME}" >> $COMPLETION_FILE

  508. 

  509.     function_check add_ddns_domain

  510.     add_ddns_domain $FULLBLOG_DOMAIN_NAME

  511. 

  512.     if ! grep -q "Blog domain:" $COMPLETION_FILE; then

  513.         echo "Blog domain:$FULLBLOG_DOMAIN_NAME" >> $COMPLETION_FILE

  514.     fi

  515. 

  516.     echo 'install_blog' >> $COMPLETION_FILE

  517. }

  518. 

  519. # NOTE: deliberately no exit 0