Update install.sh

2025-10-03 20:32:04 +00:00 · 2025-10-03 20:32:04 +00:00 · 8d5e2d50b3
parent a4309ab80e
commit 8d5e2d50b3
1 changed files with 183 additions and 25 deletions
--- a/install.sh
+++ b/install.sh
@ -1,27 +1,185 @@
-#! /bin/bash
+#!/usr/bin/env bash
+# Nextcloud + Apache + PHP 8.3-FPM on Ubuntu 24.04
+# - Applies requested php.ini edits
+# - Apache with proxy_fcgi (no mod_php)
+# - Downloads Nextcloud to /var/www/nextcloud
+# - MariaDB DB + user
+# - Redis for file locking (optional but recommended)

-# Install Docker
-sudo apt-get update
-sudo apt-get install ca-certificates curl -y
-sudo install -m 0755 -d /etc/apt/keyrings
-sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
-sudo chmod a+r /etc/apt/keyrings/docker.asc
-echo \
-  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
-  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
-  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-sudo apt-get update
-sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
+set -euo pipefail
+IFS=$'\n\t'
+export DEBIAN_FRONTEND=noninteractive

-# Install NextCloud
-sudo docker run \
--init \
--sig-proxy=false \
--name nextcloud-aio-mastercontainer \
--restart always \
--publish 80:80 \
--publish 8080:8080 \
--publish 8443:8443 \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
-d nextcloud/all-in-one:latest
+# ====== EDIT ME ======
+DOMAIN="cloud.example.com"
+NC_DIR="/var/www/nextcloud"
+NC_DATA_DIR="/var/ncdata"
+
+DB_NAME="nextcloud"
+DB_USER="nextclouduser"
+DB_PASS="ChangeMe_DB_Secret!"
+
+ADMIN_USER="ncadmin"
+ADMIN_PASS="ChangeMe_Admin_Secret!"
+
+PHP_VER="8.3"
+PHP_FPM_SOCK="/run/php/php${PHP_VER}-fpm.sock"
+
+# ====== Base packages ======
+apt-get update
+apt-get -y upgrade
+apt-get install -y software-properties-common apt-transport-https ca-certificates \
+  lsb-release unzip wget curl gnupg2 tar sudo
+
+# ====== MariaDB ======
+apt-get install -y mariadb-server mariadb-client
+systemctl enable --now mariadb
+
+# Headless mysql_secure_installation equivalent
+mysql --protocol=socket <<'SQL'
+DELETE FROM mysql.user WHERE User='';
+DROP DATABASE IF EXISTS test;
+DELETE FROM mysql.db WHERE Db='test' OR Db LIKE 'test\_%';
+FLUSH PRIVILEGES;
+SQL
+
+mysql --protocol=socket <<SQL
+CREATE DATABASE IF NOT EXISTS \`${DB_NAME}\`
+  CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
+CREATE USER IF NOT EXISTS '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASS}';
+GRANT ALL PRIVILEGES ON \`${DB_NAME}\`.* TO '${DB_USER}'@'localhost';
+FLUSH PRIVILEGES;
+SQL
+
+# ====== PHP 8.3 + FPM + Redis/APCu/Imagick ======
+apt-get install -y php${PHP_VER} php${PHP_VER}-fpm php${PHP_VER}-cli php${PHP_VER}-common \
+  php${PHP_VER}-mysql php${PHP_VER}-xml php${PHP_VER}-mbstring php${PHP_VER}-curl \
+  php${PHP_VER}-gd php${PHP_VER}-zip php${PHP_VER}-intl php${PHP_VER}-bcmath \
+  php${PHP_VER}-gmp php-redis php-apcu php-imagick
+
+systemctl enable --now php${PHP_VER}-fpm
+
+# ====== Apply YOUR requested php.ini edits ======
+PHP_INI="/etc/php/${PHP_VER}/fpm/php.ini"
+sed -ri 's/^;?\s*memory_limit\s*=.*/memory_limit = 512M/' "$PHP_INI"
+sed -ri 's/^;?\s*upload_max_filesize\s*=.*/upload_max_filesize = 1024M/' "$PHP_INI"
+sed -ri 's/^;?\s*post_max_size\s*=.*/post_max_size = 1024M/' "$PHP_INI"
+sed -ri 's/^;?\s*max_execution_time\s*=.*/max_execution_time = 360/' "$PHP_INI"
+
+# Recommended opcache (kept minimal here)
+sed -ri 's/^;?\s*opcache.enable\s*=.*/opcache.enable=1/' "$PHP_INI"
+sed -ri 's/^;?\s*opcache.enable_cli\s*=.*/opcache.enable_cli=0/' "$PHP_INI"
+
+systemctl restart php${PHP_VER}-fpm
+
+# ====== Redis (for transactional file locking & memcache) ======
+apt-get install -y redis-server
+sed -ri 's|^#?\s*unixsocket\s+.*|unixsocket /var/run/redis/redis-server.sock|' /etc/redis/redis.conf
+sed -ri 's|^#?\s*unixsocketperm\s+.*|unixsocketperm 770|' /etc/redis/redis.conf
+install -d -m 0755 /var/run/redis
+systemctl enable --now redis-server
+usermod -aG redis www-data || true
+systemctl restart redis-server
+
+# ====== Apache (NO mod_php; we use php-fpm via proxy_fcgi) ======
+apt-get install -y apache2
+a2enmod rewrite headers env dir mime ssl proxy_fcgi setenvif
+a2enconf php${PHP_VER}-fpm   # provides the SetHandler for .php to PHP-FPM
+# Make sure event MPM is on (good for FPM); disable prefork if present
+a2dismod mpm_prefork >/dev/null 2>&1 || true
+a2enmod mpm_event >/dev/null 2>&1 || true
+
+# Nextcloud vhost
+cat >/etc/apache2/sites-available/nextcloud.conf <<EOF
+<VirtualHost *:80>
+    ServerName ${DOMAIN}
+    DocumentRoot ${NC_DIR}
+
+    <Directory ${NC_DIR}>
+        Require all granted
+        AllowOverride All
+        Options FollowSymLinks MultiViews
+        <IfModule mod_dav.c>
+            Dav off
+        </IfModule>
+    </Directory>
+
+    # Large uploads
+    LimitRequestBody 0
+    SetEnv HOME ${NC_DIR}
+    SetEnv HTTP_HOME ${NC_DIR}
+
+    # Security headers (tune later, add HSTS after TLS)
+    Header always set Referrer-Policy "no-referrer"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Frame-Options "SAMEORIGIN"
+    Header always set X-XSS-Protection "1; mode=block"
+
+    # PHP-FPM socket
+    <FilesMatch "\.php$">
+        SetHandler "proxy:unix:${PHP_FPM_SOCK}|fcgi://localhost/"
+    </FilesMatch>
+
+    ErrorLog \${APACHE_LOG_DIR}/nextcloud_error.log
+    CustomLog \${APACHE_LOG_DIR}/nextcloud_access.log combined
+</VirtualHost>
+EOF
+
+a2ensite nextcloud.conf
+a2dissite 000-default.conf >/dev/null 2>&1 || true
+systemctl enable --now apache2
+apache2ctl configtest
+systemctl reload apache2
+
+# ====== Download Nextcloud (latest) ======
+mkdir -p /tmp/nc
+cd /tmp/nc
+wget -q https://download.nextcloud.com/server/releases/latest.zip
+unzip -q -o latest.zip
+
+# Deploy to /var/www/nextcloud
+rm -rf "${NC_DIR}"
+mv nextcloud "${NC_DIR}"
+
+# Ownership & permissions
+install -d -m 0750 "${NC_DATA_DIR}"
+chown -R www-data:www-data "${NC_DIR}" "${NC_DATA_DIR}"
+chmod -R 750 "${NC_DIR}"
+
+# ====== Bootstrap Nextcloud (non-interactive) ======
+sudo -u www-data php "${NC_DIR}/occ" maintenance:install \
+  --database "mysql" \
+  --database-name "${DB_NAME}" \
+  --database-user "${DB_USER}" \
+  --database-pass "${DB_PASS}" \
+  --admin-user "${ADMIN_USER}" \
+  --admin-pass "${ADMIN_PASS}" \
+  --data-dir "${NC_DATA_DIR}"
+
+# Trusted domain + base URL (HTTP for now—add TLS later)
+sudo -u www-data php "${NC_DIR}/occ" config:system:set trusted_domains 1 --value="${DOMAIN}"
+sudo -u www-data php "${NC_DIR}/occ" config:system:set overwrite.cli.url --value="http://${DOMAIN}"
+
+# Caching: APCu local + Redis locking (unix socket)
+sudo -u www-data php "${NC_DIR}/occ" config:system:set memcache.local --value='\OC\Memcache\APCu'
+sudo -u www-data php "${NC_DIR}/occ" config:system:set memcache.locking --value='\OC\Memcache\Redis'
+sudo -u www-data php "${NC_DIR}/occ" config:system:set redis --type=json --value='{"host":"\/var\/run\/redis\/redis-server.sock","port":0,"timeout":1.5}'
+
+# ====== Cron every 5 minutes ======
+cat >/etc/cron.d/nextcloud <<EOF
+*/5 * * * * www-data php -f ${NC_DIR}/cron.php
+EOF
+chmod 0644 /etc/cron.d/nextcloud
+systemctl restart cron
+
+echo "================================================================="
+echo " Nextcloud ready at:  http://${DOMAIN}"
+echo " Admin: ${ADMIN_USER}  /  ${ADMIN_PASS}"
+echo " Data dir: ${NC_DATA_DIR}"
+echo "-----------------------------------------------------------------"
+echo " Next steps:"
+echo "  1) Issue TLS: apt-get install -y certbot python3-certbot-apache"
+echo "     certbot --apache -d ${DOMAIN}"
+echo "  2) In Nextcloud admin > Overview, run security & setup warnings."
+echo "  3) Consider MariaDB tuning (innodb_buffer_pool_size etc.)"
+echo "================================================================="