diff options
-rw-r--r-- | etc/nextcloudpi-config.d/modsecurity.sh | 1 | ||||
-rw-r--r-- | etc/nextcloudpi-config.d/nc-ramlogs.sh | 31 | ||||
-rwxr-xr-x | update.sh | 40 |
3 files changed, 67 insertions, 5 deletions
diff --git a/etc/nextcloudpi-config.d/modsecurity.sh b/etc/nextcloudpi-config.d/modsecurity.sh index 6c876621..751a90d9 100644 --- a/etc/nextcloudpi-config.d/modsecurity.sh +++ b/etc/nextcloudpi-config.d/modsecurity.sh @@ -40,6 +40,7 @@ EOF sed -i "s|SecRuleEngine .*|SecRuleEngine Off|" /etc/modsecurity/modsecurity.conf sed -i 's|SecTmpDir .*|SecTmpDir /var/cache/modsecurity/|' /etc/modsecurity/modsecurity.conf sed -i 's|SecDataDir .*|SecDataDir /var/cache/modsecurity/|' /etc/modsecurity/modsecurity.conf + sed -i 's|^SecRequestBodyLimit .*|#SecRequestBodyLimit 13107200|' /etc/modsecurity/modsecurity.conf cat >> /etc/apache2/apache2.conf <<EOF <IfModule mod_security2.c> diff --git a/etc/nextcloudpi-config.d/nc-ramlogs.sh b/etc/nextcloudpi-config.d/nc-ramlogs.sh index 56296589..867656ac 100644 --- a/etc/nextcloudpi-config.d/nc-ramlogs.sh +++ b/etc/nextcloudpi-config.d/nc-ramlogs.sh @@ -35,10 +35,33 @@ tmpfs /var/log tmpfs defaults,noatime,mode=1777 0 0 # Logs in RAM tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0 # /tmp in RAM EOF - local HTTPUNIT=/lib/systemd/system/apache2.service - grep -q mkdir /etc/init.d/mysql || sed -i "/\<start)/amkdir -p /var/log/mysql" /etc/init.d/mysql - grep -q mkdir /etc/init.d/apache2 || sed -i "/\<start)/amkdir -p /var/log/apache2" /etc/init.d/apache2 - grep -q mkdir $HTTPUNIT || sed -i "/ExecStart/iExecStartPre=/bin/mkdir -p /var/log/apache2" $HTTPUNIT + # unit to recreate required logdirs + mkdir -p /usr/lib/systemd/system + cat > /usr/lib/systemd/system/ramlogs.service <<'EOF' +[Unit] +Description=Populate ramlogs dir +Requires=network.target +Before=redis-server apache2 mysqld + +[Service] +ExecStart=/bin/bash /usr/local/bin/ramlog-dirs.sh + +[Install] +WantedBy=multi-user.target +EOF + + cat > /usr/local/bin/ramlog-dirs.sh <<'EOF' +#!/bin/bash +mkdir -p /var/log/mysql +chown mysql /var/log/mysql + +mkdir -p /var/log/apache2 +chown www-data /var/log/apache2 + +mkdir -p /var/log/redis +chown redis /var/log/redis +EOF + systemctl enable ramlogs grep -q vm.swappiness /etc/sysctl.conf || echo "vm.swappiness = 10" >> /etc/sysctl.conf && sysctl --load echo "Logs in RAM. Reboot for changes to take effect" @@ -49,6 +49,10 @@ EXCL_DOCKER+=" nc-update.sh nc-autoupdate-ncp.sh " + +# check running apt +pgrep apt &>/dev/null && { echo "apt is currently running. Try again later"; exit 1; } + cp etc/library.sh /usr/local/etc/ source /usr/local/etc/library.sh @@ -230,6 +234,7 @@ EOF mkdir -p /usr/local/etc/noip2 # redis + REDIS_CONF=/etc/redis/redis.conf sysctl vm.overcommit_memory=1 grep -q APCu /var/www/nextcloud/config/config.php && { echo "installing redis..." @@ -251,7 +256,6 @@ EOF ); EOF - REDIS_CONF=/etc/redis/redis.conf REDIS_MEM=3gb sed -i "s|# unixsocket.*|unixsocket /var/run/redis/redis.sock|" $REDIS_CONF sed -i "s|# unixsocketperm.*|unixsocketperm 777|" $REDIS_CONF @@ -273,6 +277,7 @@ EOF systemctl start mysqld " &>/dev/null & } + sed -i 's|^logfile.*|logfile /var/log/redis/redis-server.log|' $REDIS_CONF # fix unattended NUSER=$( grep USER_ /usr/local/etc/nextcloudpi-config.d/nc-notify-updates.sh | head -1 | cut -f2 -d= ) @@ -304,6 +309,39 @@ sudo -u www-data php /var/www/nextcloud/occ notification:generate \ -l "Packages automatically upgraded \$PKGS" EOF chmod +x /usr/local/bin/ncp-notify-unattended-upgrade + + # fix modsecurity uploads + sed -i 's|^SecRequestBodyLimit ^C|#SecRequestBodyLimit 13107200|' /etc/modsecurity/modsecurity.conf + + # fix ramlogs + [[ $( grep "^ACTIVE_" /usr/local/etc/nextcloudpi-config.d/nc-ramlogs.sh | cut -f2 -d'=' ) == "yes" ]] && { + mkdir -p /usr/lib/systemd/system + cat > /usr/lib/systemd/system/ramlogs.service <<'EOF' +[Unit] +Description=Populate ramlogs dir +Requires=network.target +Before=redis-server apache2 mysqld + +[Service] +ExecStart=/bin/bash /usr/local/bin/ramlog-dirs.sh + +[Install] +WantedBy=multi-user.target +EOF + + cat > /usr/local/bin/ramlog-dirs.sh <<'EOF' +#!/bin/bash +mkdir -p /var/log/myslq +chown mysql /var/log/mysql + +mkdir -p /var/log/apache2 +chown apache2 /var/log/apache2 + +mkdir -p /var/log/redis +chown redis /var/log/redis +EOF + systemctl enable ramlogs + } } # License |