diff options
author | nachoparker <nacho@ownyourbits.com> | 2018-03-17 15:48:29 +0300 |
---|---|---|
committer | nachoparker <nacho@ownyourbits.com> | 2018-03-18 23:18:43 +0300 |
commit | 85127d756ce95bb9ab53e93424686fa6dedaa064 (patch) | |
tree | 223451aab802776419900192751be6023375dbfd /update.sh | |
parent | 30f5756d10b7303731018b298ae3b84679bd6b17 (diff) |
letsencrypt: remove .well-known dir after renewalv0.53.2
Diffstat (limited to 'update.sh')
-rwxr-xr-x | update.sh | 48 |
1 files changed, 10 insertions, 38 deletions
@@ -126,44 +126,6 @@ done install_script nc-backup.sh &>/dev/null cd - &>/dev/null - # add ncp-config link - [[ -e /usr/local/bin/ncp-config ]] || ln -s /usr/local/bin/nextcloudpi-config /usr/local/bin/ncp-config - - # turn modsecurity logs off, too spammy - sed -i 's|SecAuditEngine .*|SecAuditEngine Off|' /etc/modsecurity/modsecurity.conf - - # fix unattended upgrades failing on modified files - grep -q Dpkg::Options /etc/apt/apt.conf.d/20nextcloudpi-upgrades || \ - cat >> /etc/apt/apt.conf.d/20nextcloudpi-upgrades <<EOF -Dpkg::Options { - "--force-confdef"; - "--force-confold"; -}; -EOF - - # some added security - sed -i 's|^ServerSignature .*|ServerSignature Off|' /etc/apache2/conf-enabled/security.conf - sed -i 's|^ServerTokens .*|ServerTokens Prod|' /etc/apache2/conf-enabled/security.conf - - # remove redundant configuration from unattended upgrades - [[ "$( ls -l /etc/php/7.0/fpm/conf.d/*-opcache.ini | wc -l )" -gt 1 ]] && rm "$( ls /etc/php/7.0/fpm/conf.d/*-opcache.ini | tail -1 )" - [[ "$( ls -l /etc/php/7.0/cli/conf.d/*-opcache.ini | wc -l )" -gt 1 ]] && rm "$( ls /etc/php/7.0/cli/conf.d/*-opcache.ini | tail -1 )" - - # upgrade launcher after logging improvements - cat > /home/www/ncp-launcher.sh <<'EOF' -#!/bin/bash -DIR=/usr/local/etc/nextcloudpi-config.d -test -f $DIR/$1 || { echo "File not found"; exit 1; } -source /usr/local/etc/library.sh -cd $DIR -launch_script $1 -EOF - chmod 700 /home/www/ncp-launcher.sh - - # update sudoers permissions for the reboot command - grep -q reboot /etc/sudoers || \ - sed -i 's|www-data.*|www-data ALL = NOPASSWD: /home/www/ncp-launcher.sh , /sbin/halt, /sbin/reboot|' /etc/sudoers - # randomize passwords for old images ( older than v0.46.30 ) cat > /usr/lib/systemd/system/nc-provisioning.service <<'EOF' [Unit] @@ -293,6 +255,16 @@ EOF # fix updates from NC12 to NC12.0.1 rm -rf /var/www/nextcloud/.well-known + # remove .well-known after each renewal + test -d /etc/letsencrypt/live && { + cat > /etc/cron.weekly/letsencrypt-ncp <<EOF +#!/bin/bash +/etc/letsencrypt/certbot-auto renew --quiet +rm -rf /var/www/nextcloud/.well-known +EOF + chmod +x /etc/cron.weekly/letsencrypt-ncp + } + } # end - only live updates exit 0 |