diff options
| -rw-r--r-- | README.md | 12 | ||||
| -rwxr-xr-x | batch.sh | 2 | ||||
| -rwxr-xr-x | dnsmasq.sh | 10 | ||||
| -rwxr-xr-x | fail2ban.sh | 4 | ||||
| -rwxr-xr-x | no-ip.sh | 3 |
5 files changed, 15 insertions, 16 deletions
@@ -23,23 +23,17 @@ Use QEMU to automatically generate Raspbian Images with Nextcloud * Fail2Ban protection against brute force attacks. ( NEW 02-24-2017 ) * Dynamic DNS support for no-ip.org ( NEW 03-05-2017 ) * dnsmasq DNS server with DNS cache ( NEW 03-09-2017 ) +* Automatic security updates, activated by default. ( NEW 03-21-2017 ) +* ModSecurity Web Application Firewall ( NEW 03-23-2017 ) ## Usage ``` git clone https://github.com/nachoparker/nextcloud-raspbian-generator.git cd nextcloud-raspbian-generator -./install-nextcloud.sh 192.168.0.145 # change to your QEMU raspbian IP +./batch.sh 192.168.0.145 # change to your QEMU raspbian IP ``` -If we also want extras in our image - -``` -./installer.sh extrascript.sh 192.168.0.145 NextCloudPi_03-13-17.img # change to your QEMU raspbian IP -``` - -Adjust for the image name generated in the first step. - Extras can be activated and configured using ``` @@ -21,7 +21,7 @@ NO_CONFIG=1 NO_CFG_STEP=1 ./installer.sh no-ip.sh $IP $( ls -1t NO_CONFIG=1 NO_CFG_STEP=1 ./installer.sh dnsmasq.sh $IP $( ls -1t *.img | head -1 ) NO_CONFIG=1 NO_CFG_STEP=1 ./installer.sh letsencrypt.sh $IP $( ls -1t *.img | head -1 ) NO_CONFIG=1 ./installer.sh unattended-upgrades.sh $IP $( ls -1t *.img | head -1 ) -NO_CONFIG=1 NO_CFG_STEP=1 ./installer.sh modsecurity.sh $IP $( ls -1t *.img | head -1 ) +NO_CONFIG=1 NO_CFG_STEP=1 ./installer.sh modsecurity.sh $IP $( ls -1t *.img | head -1 ) IMGOUT=$( ls -1t *.img | head -1 ) IMGFULL=$( basename "$IMGFILE" .img )_FULL.img @@ -14,6 +14,7 @@ # More at: https://ownyourbits.com/2017/03/09/dnsmasq-as-dns-cache-server-for-nextcloudpi-and-raspbian/ # +ACTIVE_=yes DOMAIN_=mycloud.ownyourbits.com IP_=127.0.0.1 DNSSERVER_=8.8.8.8 @@ -29,6 +30,8 @@ install() configure() { + [[ $ACTIVE_ == "no" ]] && { service dnsmasq stop; update-rc.d dnsmasq disable; return; } + cat > /etc/dnsmasq.conf <<EOF domain-needed # Never forward plain names (without a dot or domain part) bogus-priv # Never forward addresses in the non-routed address spaces. @@ -39,13 +42,8 @@ server=$DNSSERVER_ address=/$DOMAIN_/$IP_ # This is optional if we add it to /etc/hosts EOF - cat >> /etc/hosts <<EOF -$IP_ $DOMAIN_ # This is optional if we add it to dnsmasq.conf, but doesn't harm -EOF + sed 's|#\?IGNORE_RESOLVCONF=.*|IGNORE_RESOLVCONF=yes|' /etc/default/dnsmasq - cat >> /etc/default/dnsmasq <<EOF -IGNORE_RESOLVCONF=yes -EOF update-rc.d dnsmasq defaults service dnsmasq restart cd /var/www/nextcloud diff --git a/fail2ban.sh b/fail2ban.sh index 47eec547..b5ff030e 100755 --- a/fail2ban.sh +++ b/fail2ban.sh @@ -14,6 +14,8 @@ # More at: https://ownyourbits.com/2017/02/24/nextcloudpi-fail2ban-installer/ # +ACTIVE_=yes + # location of Nextcloud logs NCLOG_=/var/www/nextcloud/data/nextcloud.log @@ -37,6 +39,8 @@ install() configure() { + [[ $ACTIVE_ == "no" ]] && { service fail2ban stop; update-rc.d fail2ban disable; return; } + touch /var/www/nextcloud/data/nextcloud.log chown -R www-data /var/www/nextcloud/data @@ -15,6 +15,7 @@ # More at https://ownyourbits.com/2017/03/05/dynamic-dns-for-raspbian-with-no-ip-org-installer/ # +ACTIVE_=yes USER_=my-noip-user@email.com PASS_=noip-pass TIME_=30 @@ -52,6 +53,8 @@ EOF configure() { + [[ $ACTIVE_ == "no" ]] && { service noip2 stop; update-rc.d noip2 disable; return; } + /usr/local/bin/noip2 -C -c /usr/local/etc/no-ip2.conf -U $TIME_ -u $USER_ -p $PASS_ update-rc.d noip2 defaults service noip2 restart |