diff options
author | nachoparker <nacho@ownyourbits.com> | 2018-03-17 15:48:29 +0300 |
---|---|---|
committer | nachoparker <nacho@ownyourbits.com> | 2018-03-18 23:18:43 +0300 |
commit | 85127d756ce95bb9ab53e93424686fa6dedaa064 (patch) | |
tree | 223451aab802776419900192751be6023375dbfd | |
parent | 30f5756d10b7303731018b298ae3b84679bd6b17 (diff) |
letsencrypt: remove .well-known dir after renewalv0.53.2
-rw-r--r-- | changelog.md | 6 | ||||
-rw-r--r-- | etc/nextcloudpi-config.d/letsencrypt.sh | 2 | ||||
-rwxr-xr-x | update.sh | 48 |
3 files changed, 16 insertions, 40 deletions
diff --git a/changelog.md b/changelog.md index b291240a..27b3e808 100644 --- a/changelog.md +++ b/changelog.md @@ -1,7 +1,9 @@ -[v0.53.1](https://github.com/nextcloud/nextcloudpi/commit/b2c50f5) (2018-03-17) fix web update to NC13.0.1 with .well-known existence +[v0.53.2](https://github.com/nextcloud/nextcloudpi/commit/5608921) (2018-03-17) letsencrypt: remove .well-known dir after renewal -[v0.53.0](https://github.com/nextcloud/nextcloudpi/commit/cf6c432) (2018-03-17) update to NC 13.0.1 +[v0.53.1](https://github.com/nextcloud/nextcloudpi/commit/d8ad80c) (2018-03-17) fix web update to NC13.0.1 with .well-known existence + +[v0.53.0 ](https://github.com/nextcloud/nextcloudpi/commit/cf6c432) (2018-03-17) update to NC 13.0.1 [v0.52.2 ](https://github.com/nextcloud/nextcloudpi/commit/f5d0916) (2018-03-17) build: small script adjustments diff --git a/etc/nextcloudpi-config.d/letsencrypt.sh b/etc/nextcloudpi-config.d/letsencrypt.sh index 608896af..a0e34015 100644 --- a/etc/nextcloudpi-config.d/letsencrypt.sh +++ b/etc/nextcloudpi-config.d/letsencrypt.sh @@ -52,6 +52,7 @@ persistent_cfg /etc/letsencrypt cat > /etc/cron.weekly/letsencrypt-ncp <<EOFCRON #!/bin/bash /etc/letsencrypt/certbot-auto renew --quiet +rm -rf $NCDIR/.well-known EOFCRON chmod +x /etc/cron.weekly/letsencrypt-ncp @@ -75,6 +76,7 @@ configure() cat > /etc/cron.weekly/letsencrypt-ncp <<EOF #!/bin/bash /etc/letsencrypt/certbot-auto renew --quiet +rm -rf $NCDIR/.well-known EOF chmod +x /etc/cron.weekly/letsencrypt-ncp @@ -126,44 +126,6 @@ done install_script nc-backup.sh &>/dev/null cd - &>/dev/null - # add ncp-config link - [[ -e /usr/local/bin/ncp-config ]] || ln -s /usr/local/bin/nextcloudpi-config /usr/local/bin/ncp-config - - # turn modsecurity logs off, too spammy - sed -i 's|SecAuditEngine .*|SecAuditEngine Off|' /etc/modsecurity/modsecurity.conf - - # fix unattended upgrades failing on modified files - grep -q Dpkg::Options /etc/apt/apt.conf.d/20nextcloudpi-upgrades || \ - cat >> /etc/apt/apt.conf.d/20nextcloudpi-upgrades <<EOF -Dpkg::Options { - "--force-confdef"; - "--force-confold"; -}; -EOF - - # some added security - sed -i 's|^ServerSignature .*|ServerSignature Off|' /etc/apache2/conf-enabled/security.conf - sed -i 's|^ServerTokens .*|ServerTokens Prod|' /etc/apache2/conf-enabled/security.conf - - # remove redundant configuration from unattended upgrades - [[ "$( ls -l /etc/php/7.0/fpm/conf.d/*-opcache.ini | wc -l )" -gt 1 ]] && rm "$( ls /etc/php/7.0/fpm/conf.d/*-opcache.ini | tail -1 )" - [[ "$( ls -l /etc/php/7.0/cli/conf.d/*-opcache.ini | wc -l )" -gt 1 ]] && rm "$( ls /etc/php/7.0/cli/conf.d/*-opcache.ini | tail -1 )" - - # upgrade launcher after logging improvements - cat > /home/www/ncp-launcher.sh <<'EOF' -#!/bin/bash -DIR=/usr/local/etc/nextcloudpi-config.d -test -f $DIR/$1 || { echo "File not found"; exit 1; } -source /usr/local/etc/library.sh -cd $DIR -launch_script $1 -EOF - chmod 700 /home/www/ncp-launcher.sh - - # update sudoers permissions for the reboot command - grep -q reboot /etc/sudoers || \ - sed -i 's|www-data.*|www-data ALL = NOPASSWD: /home/www/ncp-launcher.sh , /sbin/halt, /sbin/reboot|' /etc/sudoers - # randomize passwords for old images ( older than v0.46.30 ) cat > /usr/lib/systemd/system/nc-provisioning.service <<'EOF' [Unit] @@ -293,6 +255,16 @@ EOF # fix updates from NC12 to NC12.0.1 rm -rf /var/www/nextcloud/.well-known + # remove .well-known after each renewal + test -d /etc/letsencrypt/live && { + cat > /etc/cron.weekly/letsencrypt-ncp <<EOF +#!/bin/bash +/etc/letsencrypt/certbot-auto renew --quiet +rm -rf /var/www/nextcloud/.well-known +EOF + chmod +x /etc/cron.weekly/letsencrypt-ncp + } + } # end - only live updates exit 0 |