Delete install.sh
This commit is contained in:
RomanNum3ral
parent
c11000eff1
commit
1ccd014f4f
185
install.sh
185
install.sh
|
|
@ -1,185 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
# Nextcloud + Apache + PHP 8.3-FPM on Ubuntu 24.04
|
||||
# - Applies requested php.ini edits
|
||||
# - Apache with proxy_fcgi (no mod_php)
|
||||
# - Downloads Nextcloud to /var/www/nextcloud
|
||||
# - MariaDB DB + user
|
||||
# - Redis for file locking (optional but recommended)
|
||||
|
||||
set -euo pipefail
|
||||
IFS=$'\n\t'
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# ====== EDIT ME ======
|
||||
DOMAIN="cloud.example.com"
|
||||
NC_DIR="/var/www/nextcloud"
|
||||
NC_DATA_DIR="/var/ncdata"
|
||||
|
||||
DB_NAME="nextcloud"
|
||||
DB_USER="nextclouduser"
|
||||
DB_PASS="ChangeMe_DB_Secret!"
|
||||
|
||||
ADMIN_USER="ncadmin"
|
||||
ADMIN_PASS="ChangeMe_Admin_Secret!"
|
||||
|
||||
PHP_VER="8.3"
|
||||
PHP_FPM_SOCK="/run/php/php${PHP_VER}-fpm.sock"
|
||||
|
||||
# ====== Base packages ======
|
||||
apt-get update
|
||||
apt-get -y upgrade
|
||||
apt-get install -y software-properties-common apt-transport-https ca-certificates \
|
||||
lsb-release unzip wget curl gnupg2 tar sudo
|
||||
|
||||
# ====== MariaDB ======
|
||||
apt-get install -y mariadb-server mariadb-client
|
||||
systemctl enable --now mariadb
|
||||
|
||||
# Headless mysql_secure_installation equivalent
|
||||
mysql --protocol=socket <<'SQL'
|
||||
DELETE FROM mysql.user WHERE User='';
|
||||
DROP DATABASE IF EXISTS test;
|
||||
DELETE FROM mysql.db WHERE Db='test' OR Db LIKE 'test\_%';
|
||||
FLUSH PRIVILEGES;
|
||||
SQL
|
||||
|
||||
mysql --protocol=socket <<SQL
|
||||
CREATE DATABASE IF NOT EXISTS \`${DB_NAME}\`
|
||||
CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
|
||||
CREATE USER IF NOT EXISTS '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASS}';
|
||||
GRANT ALL PRIVILEGES ON \`${DB_NAME}\`.* TO '${DB_USER}'@'localhost';
|
||||
FLUSH PRIVILEGES;
|
||||
SQL
|
||||
|
||||
# ====== PHP 8.3 + FPM + Redis/APCu/Imagick ======
|
||||
apt-get install -y php${PHP_VER} php${PHP_VER}-fpm php${PHP_VER}-cli php${PHP_VER}-common \
|
||||
php${PHP_VER}-mysql php${PHP_VER}-xml php${PHP_VER}-mbstring php${PHP_VER}-curl \
|
||||
php${PHP_VER}-gd php${PHP_VER}-zip php${PHP_VER}-intl php${PHP_VER}-bcmath \
|
||||
php${PHP_VER}-gmp php-redis php-apcu php-imagick
|
||||
|
||||
systemctl enable --now php${PHP_VER}-fpm
|
||||
|
||||
# ====== Apply YOUR requested php.ini edits ======
|
||||
PHP_INI="/etc/php/${PHP_VER}/fpm/php.ini"
|
||||
sed -ri 's/^;?\s*memory_limit\s*=.*/memory_limit = 512M/' "$PHP_INI"
|
||||
sed -ri 's/^;?\s*upload_max_filesize\s*=.*/upload_max_filesize = 1024M/' "$PHP_INI"
|
||||
sed -ri 's/^;?\s*post_max_size\s*=.*/post_max_size = 1024M/' "$PHP_INI"
|
||||
sed -ri 's/^;?\s*max_execution_time\s*=.*/max_execution_time = 360/' "$PHP_INI"
|
||||
|
||||
# Recommended opcache (kept minimal here)
|
||||
sed -ri 's/^;?\s*opcache.enable\s*=.*/opcache.enable=1/' "$PHP_INI"
|
||||
sed -ri 's/^;?\s*opcache.enable_cli\s*=.*/opcache.enable_cli=0/' "$PHP_INI"
|
||||
|
||||
systemctl restart php${PHP_VER}-fpm
|
||||
|
||||
# ====== Redis (for transactional file locking & memcache) ======
|
||||
apt-get install -y redis-server
|
||||
sed -ri 's|^#?\s*unixsocket\s+.*|unixsocket /var/run/redis/redis-server.sock|' /etc/redis/redis.conf
|
||||
sed -ri 's|^#?\s*unixsocketperm\s+.*|unixsocketperm 770|' /etc/redis/redis.conf
|
||||
install -d -m 0755 /var/run/redis
|
||||
systemctl enable --now redis-server
|
||||
usermod -aG redis www-data || true
|
||||
systemctl restart redis-server
|
||||
|
||||
# ====== Apache (NO mod_php; we use php-fpm via proxy_fcgi) ======
|
||||
apt-get install -y apache2
|
||||
a2enmod rewrite headers env dir mime ssl proxy_fcgi setenvif
|
||||
a2enconf php${PHP_VER}-fpm # provides the SetHandler for .php to PHP-FPM
|
||||
# Make sure event MPM is on (good for FPM); disable prefork if present
|
||||
a2dismod mpm_prefork >/dev/null 2>&1 || true
|
||||
a2enmod mpm_event >/dev/null 2>&1 || true
|
||||
|
||||
# Nextcloud vhost
|
||||
cat >/etc/apache2/sites-available/nextcloud.conf <<EOF
|
||||
<VirtualHost *:80>
|
||||
ServerName ${DOMAIN}
|
||||
DocumentRoot ${NC_DIR}
|
||||
|
||||
<Directory ${NC_DIR}>
|
||||
Require all granted
|
||||
AllowOverride All
|
||||
Options FollowSymLinks MultiViews
|
||||
<IfModule mod_dav.c>
|
||||
Dav off
|
||||
</IfModule>
|
||||
</Directory>
|
||||
|
||||
# Large uploads
|
||||
LimitRequestBody 0
|
||||
SetEnv HOME ${NC_DIR}
|
||||
SetEnv HTTP_HOME ${NC_DIR}
|
||||
|
||||
# Security headers (tune later, add HSTS after TLS)
|
||||
Header always set Referrer-Policy "no-referrer"
|
||||
Header always set X-Content-Type-Options "nosniff"
|
||||
Header always set X-Frame-Options "SAMEORIGIN"
|
||||
Header always set X-XSS-Protection "1; mode=block"
|
||||
|
||||
# PHP-FPM socket
|
||||
<FilesMatch "\.php$">
|
||||
SetHandler "proxy:unix:${PHP_FPM_SOCK}|fcgi://localhost/"
|
||||
</FilesMatch>
|
||||
|
||||
ErrorLog \${APACHE_LOG_DIR}/nextcloud_error.log
|
||||
CustomLog \${APACHE_LOG_DIR}/nextcloud_access.log combined
|
||||
</VirtualHost>
|
||||
EOF
|
||||
|
||||
a2ensite nextcloud.conf
|
||||
a2dissite 000-default.conf >/dev/null 2>&1 || true
|
||||
systemctl enable --now apache2
|
||||
apache2ctl configtest
|
||||
systemctl reload apache2
|
||||
|
||||
# ====== Download Nextcloud (latest) ======
|
||||
mkdir -p /tmp/nc
|
||||
cd /tmp/nc
|
||||
wget -q https://download.nextcloud.com/server/releases/latest.zip
|
||||
unzip -q -o latest.zip
|
||||
|
||||
# Deploy to /var/www/nextcloud
|
||||
rm -rf "${NC_DIR}"
|
||||
mv nextcloud "${NC_DIR}"
|
||||
|
||||
# Ownership & permissions
|
||||
install -d -m 0750 "${NC_DATA_DIR}"
|
||||
chown -R www-data:www-data "${NC_DIR}" "${NC_DATA_DIR}"
|
||||
chmod -R 750 "${NC_DIR}"
|
||||
|
||||
# ====== Bootstrap Nextcloud (non-interactive) ======
|
||||
sudo -u www-data php "${NC_DIR}/occ" maintenance:install \
|
||||
--database "mysql" \
|
||||
--database-name "${DB_NAME}" \
|
||||
--database-user "${DB_USER}" \
|
||||
--database-pass "${DB_PASS}" \
|
||||
--admin-user "${ADMIN_USER}" \
|
||||
--admin-pass "${ADMIN_PASS}" \
|
||||
--data-dir "${NC_DATA_DIR}"
|
||||
|
||||
# Trusted domain + base URL (HTTP for now—add TLS later)
|
||||
sudo -u www-data php "${NC_DIR}/occ" config:system:set trusted_domains 1 --value="${DOMAIN}"
|
||||
sudo -u www-data php "${NC_DIR}/occ" config:system:set overwrite.cli.url --value="http://${DOMAIN}"
|
||||
|
||||
# Caching: APCu local + Redis locking (unix socket)
|
||||
sudo -u www-data php "${NC_DIR}/occ" config:system:set memcache.local --value='\OC\Memcache\APCu'
|
||||
sudo -u www-data php "${NC_DIR}/occ" config:system:set memcache.locking --value='\OC\Memcache\Redis'
|
||||
sudo -u www-data php "${NC_DIR}/occ" config:system:set redis --type=json --value='{"host":"\/var\/run\/redis\/redis-server.sock","port":0,"timeout":1.5}'
|
||||
|
||||
# ====== Cron every 5 minutes ======
|
||||
cat >/etc/cron.d/nextcloud <<EOF
|
||||
*/5 * * * * www-data php -f ${NC_DIR}/cron.php
|
||||
EOF
|
||||
chmod 0644 /etc/cron.d/nextcloud
|
||||
systemctl restart cron
|
||||
|
||||
echo "================================================================="
|
||||
echo " Nextcloud ready at: http://${DOMAIN}"
|
||||
echo " Admin: ${ADMIN_USER} / ${ADMIN_PASS}"
|
||||
echo " Data dir: ${NC_DATA_DIR}"
|
||||
echo "-----------------------------------------------------------------"
|
||||
echo " Next steps:"
|
||||
echo " 1) Issue TLS: apt-get install -y certbot python3-certbot-apache"
|
||||
echo " certbot --apache -d ${DOMAIN}"
|
||||
echo " 2) In Nextcloud admin > Overview, run security & setup warnings."
|
||||
echo " 3) Consider MariaDB tuning (innodb_buffer_pool_size etc.)"
|
||||
echo "================================================================="
|
||||
Loading…
Reference in New Issue