diff options
author | Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com> | 2021-10-06 21:44:37 +0300 |
---|---|---|
committer | nachoparker <nacho@ownyourbits.com> | 2021-10-07 22:29:00 +0300 |
commit | de104a5da83b4c3a1c6567c57cf87809f93c27a1 (patch) | |
tree | 86d7105203b00f3337588b020abc1a90951f40bb | |
parent | 8a6c1c08a21629c048f8ec31bf5707c0875d5705 (diff) |
Make templating safer and more verbose (#1343)v1.40.4
* letsencrypt: fix active status check
Signed-off-by: nachoparker <nacho@ownyourbits.com>
* letsencrypt: take into account duplicate domains ending in -0001
Signed-off-by: nachoparker <nacho@ownyourbits.com>
* letsencrypt: fix renewal with httpsonly enabled
Signed-off-by: nachoparker <nacho@ownyourbits.com>
* fix inverted template logic for docker
Signed-off-by: nachoparker <nacho@ownyourbits.com>
* library.sh: Move templating to separate function
- Backup old file before templating (and restore on failure)
- Use stderr in the template for debug/info output
Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
* library.sh: Fix syntax error
Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
* library.sh: Only fallback to default config if explicitly allowed
Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
* letsencrypt.sh: Set cert-name
Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
* nextcloud.conf.sh: Use certificate named ncp-nextcloud if available
Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
* letsencrypt.sh: Support multiple, comma separated domains in field "OTHER_DOMAIN"
Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
* nextcloud.conf.sh: Fix path resolution for certificates
Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
* letsencrypt.sh: Improve warning about max trusted domains reached
Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
* letsencrypt.sh: Fix max trusted domains check
Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
* letsencrypt.sh: Fix splitting of domain string by comma
Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
* letsencrypt.sh: Fix splitting of domain string to array
Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
* adjustments for docker/lxc
Signed-off-by: nachoparker <nacho@ownyourbits.com>
Co-authored-by: nachoparker <nacho@ownyourbits.com>
-rw-r--r-- | bin/ncp/CONFIG/nc-nextcloud.sh | 7 | ||||
-rw-r--r-- | bin/ncp/NETWORKING/letsencrypt.sh | 23 | ||||
-rw-r--r-- | bin/ncp/SYSTEM/metrics.sh | 7 | ||||
-rw-r--r-- | changelog.md | 8 | ||||
-rw-r--r-- | etc/library.sh | 23 | ||||
-rw-r--r-- | etc/ncp-templates/nextcloud.conf.sh | 10 |
6 files changed, 60 insertions, 18 deletions
diff --git a/bin/ncp/CONFIG/nc-nextcloud.sh b/bin/ncp/CONFIG/nc-nextcloud.sh index 004fc73e..7b60219a 100644 --- a/bin/ncp/CONFIG/nc-nextcloud.sh +++ b/bin/ncp/CONFIG/nc-nextcloud.sh @@ -181,12 +181,9 @@ EOF ## SET APACHE VHOST echo "Setting up Apache..." - bash /usr/local/etc/ncp-templates/nextcloud.conf.sh > /etc/apache2/sites-available/nextcloud.conf || { - echo "ERROR: An error occured while generating the nextcloud apache2 config. Attempting safe mode..." - bash /usr/local/etc/ncp-templates/nextcloud.conf.sh --defaults > /etc/apache2/sites-available/nextcloud.conf || { - echo "ERROR: Safe mode templating failed as well. Nextcloud will not work." + install_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf --allow-fallback || { + echo "ERROR: Parsing template failed. Nextcloud will not work." exit 1 - } } a2ensite nextcloud diff --git a/bin/ncp/NETWORKING/letsencrypt.sh b/bin/ncp/NETWORKING/letsencrypt.sh index 70e10285..84c9e0c0 100644 --- a/bin/ncp/NETWORKING/letsencrypt.sh +++ b/bin/ncp/NETWORKING/letsencrypt.sh @@ -57,24 +57,30 @@ configure() rm -f /etc/cron.weekly/letsencrypt-ncp rm -f /etc/letsencrypt/renewal-hooks/deploy/ncp [[ "$DOCKERBUILD" == 1 ]] && update-rc.d letsencrypt disable - bash /usr/local/etc/ncp-templates/nextcloud.conf.sh > ${nc_vhostcfg} + install_template nextcloud.conf.sh "${nc_vhostcfg}" echo "letsencrypt certificates disabled. Using self-signed certificates instead." exit 0 } local DOMAIN_LOWERCASE="${DOMAIN,,}" + local OTHER_DOMAINS_ARRAY [[ "$DOMAIN" == "" ]] && { echo "empty domain"; return 1; } + local IFS_BK="$IFS" + IFS=",$IFS" OTHER_DOMAINS_ARRAY=(${OTHER_DOMAIN}) + IFS="$IFS_BK" + # Do it local domain_string="" - for domain in $DOMAIN $OTHER_DOMAIN; do + for domain in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"; do [[ "$domain" != "" ]] && { [[ $domain_string == "" ]] && \ domain_string+="${domain}" || \ domain_string+=",${domain}" } done - "${letsencrypt}" certonly -n --force-renew --no-self-upgrade --webroot -w "${ncdir}" --hsts --agree-tos -m "${EMAIL}" -d "${domain_string}" && { + "${letsencrypt}" certonly -n --force-renew --cert-name ncp-nextcloud --no-self-upgrade --webroot -w "${ncdir}" \ + --hsts --agree-tos -m "${EMAIL}" -d "${domain_string}" && { # Set up auto-renewal cat > /etc/cron.weekly/letsencrypt-ncp <<EOF @@ -106,15 +112,20 @@ EOF chmod +x /etc/letsencrypt/renewal-hooks/deploy/ncp # Configure Apache - bash /usr/local/etc/ncp-templates/nextcloud.conf.sh > ${nc_vhostcfg} + install_template nextcloud.conf.sh "${nc_vhostcfg}" sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $vhostcfg2 sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $vhostcfg2 # Configure Nextcloud local domain_index="${TRUSTED_DOMAINS[letsencrypt_1]}" - for dom in $DOMAIN $OTHER_DOMAIN; do + for dom in $DOMAIN "${OTHER_DOMAINS_ARRAY[@]}"; do [[ "$dom" != "" ]] && { - ncc config:system:set trusted_domains $domain_index --value=$dom + [[ $domain_index -lt 20 ]] || { + echo "WARN: $dom will not be included in trusted domains for Nextcloud (maximum reached)." \ + "It will still be included in the SSL certificate" + continue + } + ncc config:system:set trusted_domains "$domain_index" --value="$dom" ((domain_index++)) } done diff --git a/bin/ncp/SYSTEM/metrics.sh b/bin/ncp/SYSTEM/metrics.sh index 24963a85..0790f76f 100644 --- a/bin/ncp/SYSTEM/metrics.sh +++ b/bin/ncp/SYSTEM/metrics.sh @@ -35,7 +35,7 @@ configure() { if [[ "$ACTIVE" != yes ]] then - bash /usr/local/etc/ncp-templates/nextcloud.conf.sh --defaults > /etc/apache2/sites-available/nextcloud.conf + install_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf systemctl disable prometheus-node-exporter service prometheus-node-exporter stop @@ -59,9 +59,8 @@ configure() { rm -f "${htpasswd_file}" echo "$PASSWORD" | htpasswd -ciB "${htpasswd_file}" "$USER" - bash /usr/local/etc/ncp-templates/nextcloud.conf.sh > /etc/apache2/sites-available/nextcloud.conf || { - echo "An unexpected error occurred while configuring apache. Rolling back..." >&2 - bash /usr/local/etc/ncp-templates/nextcloud.conf.sh --defaults > /etc/apache2/sites-available/nextcloud.conf + install_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf || { + echo "ERROR while generating nextcloud.conf! Exiting..." return 1 } diff --git a/changelog.md b/changelog.md index 8a8b8836..db684f01 100644 --- a/changelog.md +++ b/changelog.md @@ -1,7 +1,11 @@ -[v1.40.2](https://github.com/nextcloud/nextcloudpi/commit/fc3f978) (2021-10-05) nc-update-nc: BTRFS support +[v1.40.4](https://github.com/nextcloud/nextcloudpi/commit/9fa18af) (2021-10-06) Make templating safer and more verbose (#1343) -[v1.40.1](https://github.com/nextcloud/nextcloudpi/commit/7c361c5) (2021-10-05) update: improve check for apt (#1356) +[v1.40.3 ](https://github.com/nextcloud/nextcloudpi/commit/8a6c1c0) (2021-10-06) ncp-check-nc-version: dont notify the same version more than once + +[v1.40.2 ](https://github.com/nextcloud/nextcloudpi/commit/ea1e00c) (2021-10-05) nc-update-nc: BTRFS support + +[v1.40.1 ](https://github.com/nextcloud/nextcloudpi/commit/7c361c5) (2021-10-05) update: improve check for apt (#1356) [v1.40.0 ](https://github.com/nextcloud/nextcloudpi/commit/a0728d7) (2021-10-04) nc-notify-updates: notify of new supported NC versions diff --git a/etc/library.sh b/etc/library.sh index 2e58d477..4cfccbe4 100644 --- a/etc/library.sh +++ b/etc/library.sh @@ -183,6 +183,29 @@ function find_app_param_num() } +install_template() { + local template="${1?}" + local target="${2?}" + local bkp="$(mktemp)" + [[ -f "$target" ]] && cp -a "$target" "$bkp" + { + if [[ "$3" == "--defaults" ]]; then + { bash "/usr/local/etc/ncp-templates/$template" --defaults > "$target"; } 2>&1 + else + { bash "/usr/local/etc/ncp-templates/$template" > "$target"; } 2>&1 || \ + { + [[ "$3" == "--allow-fallback" ]] && \ + { bash "/usr/local/etc/ncp-templates/$template" --defaults > "$target"; } 2>&1 + } + fi + } || { + echo "ERROR: Could not generate $target from template $template. Rolling back..." + mv "$bkp" "$target" + return 1 + } + rm "$bkp" +} + find_app_param() { local script="${1?}" diff --git a/etc/ncp-templates/nextcloud.conf.sh b/etc/ncp-templates/nextcloud.conf.sh index caf987f3..ea49032c 100644 --- a/etc/ncp-templates/nextcloud.conf.sh +++ b/etc/ncp-templates/nextcloud.conf.sh @@ -3,6 +3,9 @@ set -e source /usr/local/etc/library.sh +[[ "$1" != "--defaults" ]] || echo "INFO: Restoring template to default settings" >&2 +[[ ! -f /.docker-image ]] || echo "INFO: Docker installation detected" >&2 + if [[ "$1" != "--defaults" ]]; then LETSENCRYPT_DOMAIN="$( # force defaults during initial build @@ -13,7 +16,10 @@ if [[ "$1" != "--defaults" ]]; then )" fi -if ! [[ -f /.ncp-image ]] && [[ "$1" != "--defaults" ]]; then +[[ -z "$LETSENCRYPT_DOMAIN" ]] || echo "INFO: Letsencrypt domain is ${LETSENCRYPT_DOMAIN}" >&2 + +# skip during build +if ! [[ -f /.ncp-image ]] && [[ "$1" != "--defaults" ]] && [[ -f "${BINDIR}/SYSTEM/metrics.sh" ]]; then METRICS_IS_ENABLED="$( source "${BINDIR}/SYSTEM/metrics.sh" tmpl_metrics_enabled && echo yes || echo no @@ -22,6 +28,8 @@ else METRICS_IS_ENABLED=no fi +echo "INFO: Metrics enabled: ${METRICS_IS_ENABLED}" >&2 + echo "### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVERWRITTEN ###" echo "" |