diff --git a/README.md b/README.md index 9cbda92..8898ec8 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # install-nextcloud Install, optimize and harden your self hosted Nextcloud (based on Ubuntu 16.04.x LTS 64Bit) using two shell scripts only. -The initial script called "install-nextcloud.sh" will install your self hosted Nextcloud within few minutes fully automated. Your server will be built of: +The initial script (install-nextcloud.sh) will install your self hosted Nextcloud within few minutes fully automated. Your server will be built of: MariaDB Nextcloud 13.0.1 @@ -12,8 +12,8 @@ The initial script called "install-nextcloud.sh" will install your self hosted N The only precondition for this script is to use Ubuntu 16.04.4 LTS 64Bit as your server OS. -If you have configured your Nextcloud in your preferred browser issue the second script called "optimizations.sh" to optimize your Nextcloud instance (cache, previews, cron etc.) and install & configure fail2ban with ufw to harden your Nextcloud instance. +Configure your Nextcloud in your preferred browser and participate of the opportunity to issue the second script called "optimizations.sh", which will optimize your Nextcloud (cache, previews, cron etc.) and install + configure fail2ban and ufw to harden your Nextcloud server. At least you may request a ssl certificate from letsencrypt by issuing the third script called "ssl-certificat.sh". -Cheers, Carsten Rieger IT-Services +Ready to go? Let's start: Find out more information: Build your Nextcloud Server using shell scripts only diff --git a/install-nextcloud.sh b/install-nextcloud.sh index dfefc89..60cd277 100644 --- a/install-nextcloud.sh +++ b/install-nextcloud.sh @@ -1,8 +1,11 @@ +####################################################### # Carsten Rieger IT-Services # INSTALL-NEXTCLOUD.SH # Version 1.1 -# added funtions to make code cleaner, thx @techandme.se # April 19th, 2018 +# version 1.1: added functions +# Version 1.0: initial script +####################################################### #!/bin/bash function update_and_clean() { apt update @@ -382,4 +385,4 @@ echo " https://$(hostname)" echo "" echo " and confirm the upcoming ssl warning caused by the self-signed certificates. " echo "###############################################################################" -exit 0 \ No newline at end of file +exit 0 diff --git a/optimizations.sh b/optimizations.sh index 5d1f073..f4c6f08 100644 --- a/optimizations.sh +++ b/optimizations.sh @@ -1,8 +1,11 @@ +####################################################### # Carsten Rieger IT-Services # OPTIMIZATIONS.SH # Version 1.1 -# added funtions to make code cleaner, thx @techandme.se # April 19th, 2018 +# version 1.1: added functions +# Version 1.0: initial script +####################################################### #!/bin/bash function update_and_clean() { apt update @@ -115,4 +118,4 @@ quit EOF restart_all_services nextcloud_scan_data -exit 0 \ No newline at end of file +exit 0 diff --git a/ssl-certificate.sh b/ssl-certificate.sh index 253c797..8adb446 100644 --- a/ssl-certificate.sh +++ b/ssl-certificate.sh @@ -1,24 +1,32 @@ +####################################################### # Carsten Rieger IT-Services # SSL-CERTIFICATE.SH # Version 1.0 # April 20th, 2018 +# Version 1.0: initial script +####################################################### +#!/bin/bash +###global function to update and cleanup the environment function update_and_clean() { apt update apt upgrade -y apt autoclean -y apt autoremove -y } +###global function to restart all cloud services function restart_all_services() { /usr/sbin/service nginx restart /usr/sbin/service mysql restart /usr/sbin/service redis-server restart /usr/sbin/service php7.2-fpm restart } +###global function to create backups of the effected files function copy4SSL() { cp /etc/nginx/conf.d/nextcloud.conf /etc/nginx/conf.d/nextcloud.conf.orig cp /etc/nginx/ssl.conf /etc/nginx/ssl.conf.orig cp /var/www/nextcloud/config/config.php /var/www/nextcloud/config/config.php.orig } +###global function to show an error message if the certificate request would fail function errorSSL() { clear echo "*** ERROR while requeting your certificate(s) ***" @@ -27,24 +35,39 @@ echo "Verify that both ports (80 + 443) are forwarded to this server!" echo "And verify, your dyndns points to your IP either!" echo "Then retry..." } +#add the letsencrypt repository to the server add-apt-repository ppa:certbot/certbot -y update_and_clean +#install letsencrypt apt install letsencrypt -y +#ensure lower cases declare -l DYNDNSNAME declare -l YOURSERVERNAME +#read the current hostname YOURSERVERNAME=$(hostname) +#ask the user what would be the domain name to request the certificate for read -p "Your domain: " DYNDNSNAME +#request the certificate for the entered domain name letsencrypt certonly -a webroot --webroot-path=/var/www/letsencrypt --rsa-key-size 4096 -d $DYNDNSNAME +#in case of any errors if [ ! -d "/etc/letsencrypt/live" ]; then errorSSL +#if no error appeared else copy4SSL +#remove the entry for the self signed certificates sed -i '/ssl-cert-snakeoil/d' /etc/nginx/ssl.conf +#apply the new server/domain name to the NGINX vhost for Nextcloud sed -i "s/server_name.*;/server_name $DYNDNSNAME;/" /etc/nginx/conf.d/nextcloud.conf +#change the placeholder values to the exact letsencrypt ones sed -in 's/YOUR.DEDYN.IO/'$DYNDNSNAME'/' /etc/nginx/ssl.conf +# remove the '#' to enable these certificates/keys sed -i s/\#\ssl/\ssl/g /etc/nginx/ssl.conf +#ensure that dhparam is commented as long it was not generated sed -i s/ssl_dhparam/\#ssl_dhparam/g /etc/nginx/ssl.conf +#adjust Nextclous config.php to the new domain name sudo -u www-data sed -in 's/'$YOURSERVERNAME'/'$DYNDNSNAME'/' /var/www/nextcloud/config/config.php +#restart the cloud environment restart_all_services clear echo "++++++++++++++++++++++++++++++++++++++++++++++++++++" @@ -53,4 +76,4 @@ echo " Call: https://$DYNDNSNAME and enjoy your Nextcloud" echo "" echo "++++++++++++++++++++++++++++++++++++++++++++++++++++" fi -exit 0 \ No newline at end of file +exit 0