redis: fixes with ramlogs and modsecurityv0.34.4

author: nachoparker <nacho@ownyourbits.com> 2017-11-09 22:31:52 +0300
committer: nachoparker <nacho@ownyourbits.com> 2017-11-10 20:14:17 +0300
commit: fa5f56e2e767ec4b31333007c808736171517391 (patch)
tree: 87e884ecbbb929a649a49259ec1612e3ba7287d2
parent: 9657f7f25c4427188f59bb60548d741f4f1b503b (diff)
3 files changed, 67 insertions, 5 deletions
diff --git a/etc/nextcloudpi-config.d/modsecurity.sh b/etc/nextcloudpi-config.d/modsecurity.sh
index 6c876621..751a90d9 100644
--- a/etc/nextcloudpi-config.d/modsecurity.sh
+++ b/etc/nextcloudpi-config.d/modsecurity.sh
@@ -40,6 +40,7 @@ EOF
   sed -i "s|SecRuleEngine .*|SecRuleEngine Off|"               /etc/modsecurity/modsecurity.conf
   sed -i 's|SecTmpDir .*|SecTmpDir   /var/cache/modsecurity/|' /etc/modsecurity/modsecurity.conf
   sed -i 's|SecDataDir .*|SecDataDir /var/cache/modsecurity/|' /etc/modsecurity/modsecurity.conf
+  sed -i 's|^SecRequestBodyLimit .*|#SecRequestBodyLimit 13107200|' /etc/modsecurity/modsecurity.conf
 
   cat >> /etc/apache2/apache2.conf <<EOF
 <IfModule mod_security2.c>
diff --git a/etc/nextcloudpi-config.d/nc-ramlogs.sh b/etc/nextcloudpi-config.d/nc-ramlogs.sh
index 56296589..867656ac 100644
--- a/etc/nextcloudpi-config.d/nc-ramlogs.sh
+++ b/etc/nextcloudpi-config.d/nc-ramlogs.sh
@@ -35,10 +35,33 @@ tmpfs /var/log tmpfs defaults,noatime,mode=1777 0 0 # Logs in RAM
 tmpfs /tmp     tmpfs defaults,noatime,mode=1777 0 0 # /tmp in RAM
 EOF
 
-  local HTTPUNIT=/lib/systemd/system/apache2.service
-  grep -q mkdir /etc/init.d/mysql   || sed -i "/\<start)/amkdir -p /var/log/mysql"   /etc/init.d/mysql
-  grep -q mkdir /etc/init.d/apache2 || sed -i "/\<start)/amkdir -p /var/log/apache2" /etc/init.d/apache2
-  grep -q mkdir $HTTPUNIT           || sed -i "/ExecStart/iExecStartPre=/bin/mkdir -p /var/log/apache2" $HTTPUNIT
+  # unit to recreate required logdirs
+  mkdir -p /usr/lib/systemd/system
+  cat > /usr/lib/systemd/system/ramlogs.service <<'EOF'
+[Unit]
+Description=Populate ramlogs dir
+Requires=network.target
+Before=redis-server apache2 mysqld
+
+[Service]
+ExecStart=/bin/bash /usr/local/bin/ramlog-dirs.sh
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+  cat > /usr/local/bin/ramlog-dirs.sh <<'EOF'
+#!/bin/bash
+mkdir -p /var/log/mysql
+chown mysql /var/log/mysql
+
+mkdir -p /var/log/apache2
+chown www-data /var/log/apache2
+
+mkdir -p /var/log/redis
+chown redis /var/log/redis
+EOF
+  systemctl enable ramlogs
 
   grep -q vm.swappiness /etc/sysctl.conf || echo "vm.swappiness = 10" >> /etc/sysctl.conf && sysctl --load
   echo "Logs in RAM. Reboot for changes to take effect"
diff --git a/update.sh b/update.sh
index 50141083..df732576 100755
--- a/update.sh
+++ b/update.sh
@@ -49,6 +49,10 @@ EXCL_DOCKER+="
 nc-update.sh
 nc-autoupdate-ncp.sh
 "
+
+# check running apt
+pgrep apt &>/dev/null && { echo "apt is currently running. Try again later";  exit 1; }
+
 cp etc/library.sh /usr/local/etc/
 
 source /usr/local/etc/library.sh
@@ -230,6 +234,7 @@ EOF
   mkdir -p /usr/local/etc/noip2
 
   # redis
+  REDIS_CONF=/etc/redis/redis.conf
   sysctl vm.overcommit_memory=1
   grep -q APCu /var/www/nextcloud/config/config.php && {
     echo "installing redis..."
@@ -251,7 +256,6 @@ EOF
 );
 EOF
 
-  REDIS_CONF=/etc/redis/redis.conf
   REDIS_MEM=3gb
   sed -i "s|# unixsocket.*|unixsocket /var/run/redis/redis.sock|" $REDIS_CONF
   sed -i "s|# unixsocketperm.*|unixsocketperm 777|"               $REDIS_CONF
@@ -273,6 +277,7 @@ EOF
             systemctl start mysqld
             " &>/dev/null &
   }
+  sed -i 's|^logfile.*|logfile /var/log/redis/redis-server.log|' $REDIS_CONF
 
 # fix unattended
   NUSER=$( grep USER_ /usr/local/etc/nextcloudpi-config.d/nc-notify-updates.sh | head -1 | cut -f2 -d= )
@@ -304,6 +309,39 @@ sudo -u www-data php /var/www/nextcloud/occ notification:generate \
      -l "Packages automatically upgraded \$PKGS"
 EOF
   chmod +x /usr/local/bin/ncp-notify-unattended-upgrade
+
+  # fix modsecurity uploads
+  sed -i 's|^SecRequestBodyLimit ^C|#SecRequestBodyLimit 13107200|' /etc/modsecurity/modsecurity.conf
+
+  # fix ramlogs
+  [[ $( grep "^ACTIVE_" /usr/local/etc/nextcloudpi-config.d/nc-ramlogs.sh | cut -f2 -d'=' ) == "yes" ]] && {
+    mkdir -p /usr/lib/systemd/system
+    cat > /usr/lib/systemd/system/ramlogs.service <<'EOF'
+[Unit]
+Description=Populate ramlogs dir
+Requires=network.target
+Before=redis-server apache2 mysqld
+
+[Service]
+ExecStart=/bin/bash /usr/local/bin/ramlog-dirs.sh
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+    cat > /usr/local/bin/ramlog-dirs.sh <<'EOF'
+#!/bin/bash
+mkdir -p /var/log/myslq
+chown mysql /var/log/mysql
+
+mkdir -p /var/log/apache2
+chown apache2 /var/log/apache2
+
+mkdir -p /var/log/redis
+chown redis /var/log/redis
+EOF
+    systemctl enable ramlogs
+  }
 }
 
 # License
author	nachoparker <nacho@ownyourbits.com>	2017-11-09 22:31:52 +0300
committer	nachoparker <nacho@ownyourbits.com>	2017-11-10 20:14:17 +0300
commit	fa5f56e2e767ec4b31333007c808736171517391 (patch)
tree	87e884ecbbb929a649a49259ec1612e3ba7287d2
parent	9657f7f25c4427188f59bb60548d741f4f1b503b (diff)