diff options
author | nachoparker <nacho@ownyourbits.com> | 2017-10-19 18:59:25 +0300 |
---|---|---|
committer | nachoparker <nacho@ownyourbits.com> | 2017-10-20 11:28:48 +0300 |
commit | 7ffc801673bbbeb8a75a8149dc017c1a3c1bb88f (patch) | |
tree | 12e1f878d8e26de6da0b5b93e6357238a52461cb | |
parent | c4917b4041f61d61cbfb37dca8bd8e86515acbca (diff) |
ncp-web: improve password prompt permissionsv0.31.15
-rw-r--r-- | changelog.md | 6 | ||||
-rw-r--r-- | nextcloudpi.sh | 12 | ||||
-rwxr-xr-x | update.sh | 126 |
3 files changed, 34 insertions, 110 deletions
diff --git a/changelog.md b/changelog.md index 17c6ba6c..f3745583 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,7 @@ -[v0.31.14](https://github.com/nextcloud/nextcloudpi/commit/7e40933) (2017-10-09) ncp-web: integrate ncp-wizard with ncp-web +[v0.31.15](https://github.com/nextcloud/nextcloudpi/commit/ca48e82) (2017-10-19) ncp-web: improve password prompt permissions + +[v0.31.14](https://github.com/nextcloud/nextcloudpi/commit/2217045) (2017-10-09) ncp-web: integrate ncp-wizard with ncp-web [v0.31.13](https://github.com/nextcloud/nextcloudpi/commit/583d1b6) (2017-10-07) letsencrypt: fix workaround for old images @@ -13,6 +15,8 @@ [v0.31.8 ](https://github.com/nextcloud/nextcloudpi/commit/03f39b2) (2017-09-30) ncp-web: small fixes +[v0.31.7, tag: v0.31.17](https://github.com/nextcloud/nextcloudpi/commit/2601df3) (2017-10-03) letsencrypt: dont change config if not successful + [v0.31.6 ](https://github.com/nextcloud/nextcloudpi/commit/7a95cc1) (2017-10-03) letsencrypt: fix external bug (Closes #230) [v0.31.5 ](https://github.com/nextcloud/nextcloudpi/commit/1195316) (2017-09-30) nc-format-USB: fix format disks >2TB and more (Closes #223) diff --git a/nextcloudpi.sh b/nextcloudpi.sh index ace828ae..0824d4a8 100644 --- a/nextcloudpi.sh +++ b/nextcloudpi.sh @@ -54,6 +54,12 @@ Listen 4443 AuthBasicProvider external AuthExternal pwauth + SetEnvIf Request_URI "^" noauth + SetEnvIf Request_URI "^index\.php$" !noauth + SetEnvIf Request_URI "^/$" !noauth + SetEnvIf Request_URI "^/wizard/index.php$" !noauth + SetEnvIf Request_URI "^/wizard/$" !noauth + <RequireAll> <RequireAny> @@ -63,12 +69,14 @@ Listen 4443 Require ip 10 </RequireAny> - Require user pi + <RequireAny> + Require env noauth + Require user pi + </RequireAny> </RequireAll> </Directory> - EOF $APTINSTALL libapache2-mod-authnz-external pwauth a2enmod authnz_external authn_core auth_basic @@ -55,16 +55,6 @@ source /usr/local/etc/library.sh done } -[[ "$DOCKERBUILD" != 1 ]] && { - # fix automount, reinstall if its old version - AMFILE=/usr/local/etc/nextcloudpi-config.d/nc-automount.sh - test -e $AMFILE && { grep -q inotify-tools $AMFILE || rm $AMFILE; } - - # fix modsecurity, reinstall if its old verion - MSFILE=/usr/local/etc/nextcloudpi-config.d/modsecurity.sh - test -e $MSFILE && { grep -q "NextCloudPi:" $MSFILE || rm $MSFILE; } -} - # copy all files in bin and etc for file in bin/* etc/*; do [ -f "$file" ] || continue; @@ -113,100 +103,18 @@ done [[ "$DOCKERBUILD" != 1 ]] && { -# force-fix unattended-upgrades -cd /usr/local/etc/nextcloudpi-config.d/ || exit 1 -activate_script unattended-upgrades.sh - -# for old image users, save default password -test -f /root/.my.cnf || echo -e "[client]\npassword=ownyourbits" > /root/.my.cnf - -# fix updates from NC12 to NC12.0.1 -chown www-data /var/www/nextcloud/.htaccess -rm -rf /var/www/nextcloud/.well-known - -# fix permissions for ncp-web: shutdown button -sed -i 's|www-data.*|www-data ALL = NOPASSWD: /home/www/ncp-launcher.sh , /sbin/halt|' /etc/sudoers - -# fix fail2ban misconfig in stretch -rm -f /etc/fail2ban/jail.d/defaults-debian.conf - -# update ncp-launcher to support realtime updates with SSE - cat > /home/www/ncp-launcher.sh <<'EOF' -#!/bin/bash -DIR=/usr/local/etc/nextcloudpi-config.d -test -f $DIR/$1 || { echo "File not found"; exit 1; } -source /usr/local/etc/library.sh -cd $DIR -touch /run/ncp.log -chmod 640 /run/ncp.log -chown root:www-data /run/ncp.log -launch_script $1 &> /run/ncp.log -EOF - chmod 700 /home/www/ncp-launcher.sh - -# update notify-updates to also notify about unattended upgrades -cat > /etc/systemd/system/nc-notify-updates.service <<EOF -[Unit] -Description=Notify in NC when a NextCloudPi update is available - -[Service] -Type=simple -ExecStart=/usr/local/bin/ncp-notify-update -ExecStartPost=/usr/local/bin/ncp-notify-unattended-upgrade - -[Install] -WantedBy=default.target -EOF - - # adjust max PHP processes so Apps don't overload the board (#146) - sed -i 's|pm.max_children =.*|pm.max_children = 3|' /etc/php/7.0/fpm/pool.d/www.conf - - # automount remove old fstab lines - sed -i '/\/dev\/USBdrive/d' /etc/fstab - rm -f /etc/udev/rules.d/50-automount.rules /usr/local/etc/blknum - udevadm control --reload-rules - - # remove default config file in stretch - rm -f /etc/apt/apt.conf.d/20auto-upgrades - - # disable SMB1 and SMB2 - grep -q SMB3 /etc/samba/smb.conf || sed -i '/\[global\]/aprotocol = SMB3' /etc/samba/smb.conf - - # improvements to automount-links - cat > /usr/local/etc/nc-automount-links-mon <<'EOF' -#!/bin/bash -inotifywait --monitor --event create --event delete --format '%f %e' /media/ | \ - grep --line-buffered ISDIR | while read f; do - echo $f - sleep 0.5 - /usr/local/etc/nc-automount-links -done -EOF - chmod +x /usr/local/etc/nc-automount-links-mon - - # install and configure email if not present - type sendmail &>/dev/null || { - echo "Installing and configuring email" - apt-get update - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends postfix - OCC=/var/www/nextcloud/occ - sudo -u www-data php $OCC config:system:set mail_smtpmode --value="php" - sudo -u www-data php $OCC config:system:set mail_smtpauthtype --value="LOGIN" - sudo -u www-data php $OCC config:system:set mail_from_address --value="admin" - sudo -u www-data php $OCC config:system:set mail_domain --value="ownyourbits.com" -} - -# images are now tagged -test -f /usr/local/etc/ncp-baseimage || echo "untagged" > /usr/local/etc/ncp-baseimage - -# remove artifacts -rm -f /usr/local/etc/nextcloudpi-config.d/config_.txt - # ncp-web password auth - grep -q DefineExternalAuth /etc/apache2/sites-available/ncp.conf || { CERTFILE=$( grep SSLCertificateFile /etc/apache2/sites-available/ncp.conf| awk '{ print $2 }' ) KEYFILE=$( grep SSLCertificateKeyFile /etc/apache2/sites-available/ncp.conf| awk '{ print $2 }' ) - cat > /etc/apache2/sites-available/ncp.conf <<EOF + + grep -q DefineExternalAuth /etc/apache2/sites-available/ncp.conf || { + apt-get update + apt-get install -y --no-install-recommends libapache2-mod-authnz-external pwauth + a2enmod authnz_external authn_core auth_basic + bash -c "sleep 2 && systemctl restart apache2" &>/dev/null & + } + + cat > /etc/apache2/sites-available/ncp.conf <<EOF Listen 4443 <VirtualHost _default_:4443> DocumentRoot /var/www/ncp-web @@ -226,6 +134,12 @@ Listen 4443 AuthBasicProvider external AuthExternal pwauth + SetEnvIf Request_URI "^" noauth + SetEnvIf Request_URI "^index\\.php$" !noauth + SetEnvIf Request_URI "^/$" !noauth + SetEnvIf Request_URI "^/wizard/index.php$" !noauth + SetEnvIf Request_URI "^/wizard/$" !noauth + <RequireAll> <RequireAny> @@ -235,17 +149,15 @@ Listen 4443 Require ip 10 </RequireAny> - Require user pi + <RequireAny> + Require env noauth + Require user pi + </RequireAny> </RequireAll> </Directory> EOF - apt-get update - apt-get install -y --no-install-recommends libapache2-mod-authnz-external pwauth - a2enmod authnz_external authn_core auth_basic - bash -c "sleep 2 && systemctl restart apache2" &>/dev/null & - } # temporary workaround for bug https://github.com/certbot/certbot/issues/5138#issuecomment-333391771 cat > /etc/pip.conf <<EOF |