@@ -55,16 +55,6 @@ source /usr/local/etc/library.sh
5555done
5656}
5757
58- [[ " $DOCKERBUILD " != 1 ]] && {
59- # fix automount, reinstall if its old version
60- AMFILE=/usr/local/etc/nextcloudpi-config.d/nc-automount.sh
61- test -e $AMFILE && { grep -q inotify-tools $AMFILE || rm $AMFILE ; }
62-
63- # fix modsecurity, reinstall if its old verion
64- MSFILE=/usr/local/etc/nextcloudpi-config.d/modsecurity.sh
65- test -e $MSFILE && { grep -q " NextCloudPi:" $MSFILE || rm $MSFILE ; }
66- }
67-
6858# copy all files in bin and etc
6959for file in bin/* etc/* ; do
7060 [ -f " $file " || continue ;
@@ -113,100 +103,18 @@ done
113103
114104[[ " $DOCKERBUILD " != 1 ]] && {
115105
116- # force-fix unattended-upgrades
117- cd /usr/local/etc/nextcloudpi-config.d/ || exit 1
118- activate_script unattended-upgrades.sh
119-
120- # for old image users, save default password
121- test -f /root/.my.cnf || echo -e " [client]\npassword=ownyourbits" > /root/.my.cnf
122-
123- # fix updates from NC12 to NC12.0.1
124- chown www-data /var/www/nextcloud/.htaccess
125- rm -rf /var/www/nextcloud/.well-known
126-
127- # fix permissions for ncp-web: shutdown button
128- sed -i ' s|www-data.*|www-data ALL = NOPASSWD: /home/www/ncp-launcher.sh , /sbin/halt|'
129-
130- # fix fail2ban misconfig in stretch
131- rm -f /etc/fail2ban/jail.d/defaults-debian.conf
132-
133- # update ncp-launcher to support realtime updates with SSE
134- cat > /home/www/ncp-launcher.sh << 'EOF '
135- #!/bin/bash
136- DIR=/usr/local/etc/nextcloudpi-config.d
137- test -f $DIR/$1 || { echo "File not found"; exit 1; }
138- source /usr/local/etc/library.sh
139- cd $DIR
140- touch /run/ncp.log
141- chmod 640 /run/ncp.log
142- chown root:www-data /run/ncp.log
143- launch_script $1 &> /run/ncp.log
144- EOF
145- chmod 700 /home/www/ncp-launcher.sh
146-
147- # update notify-updates to also notify about unattended upgrades
148- cat > /etc/systemd/system/nc-notify-updates.service << EOF
149- [Unit]
150- Description=Notify in NC when a NextCloudPi update is available
151-
152- [Service]
153- Type=simple
154- ExecStart=/usr/local/bin/ncp-notify-update
155- ExecStartPost=/usr/local/bin/ncp-notify-unattended-upgrade
156-
157- [Install]
158- WantedBy=default.target
159- EOF
160-
161- # adjust max PHP processes so Apps don't overload the board (#146)
162- sed -i ' s|pm.max_children =.*|pm.max_children = 3|'
163-
164- # automount remove old fstab lines
165- sed -i ' /\/dev\/USBdrive/d'
166- rm -f /etc/udev/rules.d/50-automount.rules /usr/local/etc/blknum
167- udevadm control --reload-rules
168-
169- # remove default config file in stretch
170- rm -f /etc/apt/apt.conf.d/20auto-upgrades
171-
172- # disable SMB1 and SMB2
173- grep -q SMB3 /etc/samba/smb.conf || sed -i ' /\[global\]/aprotocol = SMB3'
174-
175- # improvements to automount-links
176- cat > /usr/local/etc/nc-automount-links-mon << 'EOF '
177- #!/bin/bash
178- inotifywait --monitor --event create --event delete --format '%f %e' /media/ | \
179- grep --line-buffered ISDIR | while read f; do
180- echo $f
181- sleep 0.5
182- /usr/local/etc/nc-automount-links
183- done
184- EOF
185- chmod +x /usr/local/etc/nc-automount-links-mon
186-
187- # install and configure email if not present
188- type sendmail & > /dev/null || {
189- echo " Installing and configuring email"
190- apt-get update
191- DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends postfix
192- OCC=/var/www/nextcloud/occ
193- sudo -u www-data php $OCC config:system:set mail_smtpmode --value=" php"
194- sudo -u www-data php $OCC config:system:set mail_smtpauthtype --value=" LOGIN"
195- sudo -u www-data php $OCC config:system:set mail_from_address --value=" admin"
196- sudo -u www-data php $OCC config:system:set mail_domain --value=" ownyourbits.com"
197- }
198-
199- # images are now tagged
200- test -f /usr/local/etc/ncp-baseimage || echo " untagged" > /usr/local/etc/ncp-baseimage
201-
202- # remove artifacts
203- rm -f /usr/local/etc/nextcloudpi-config.d/config_.txt
204-
205106# ncp-web password auth
206- grep -q DefineExternalAuth /etc/apache2/sites-available/ncp.conf || {
207107 CERTFILE=$( grep SSLCertificateFile /etc/apache2/sites-available/ncp.conf| awk ' { print $2 }' )
208108 KEYFILE=$( grep SSLCertificateKeyFile /etc/apache2/sites-available/ncp.conf| awk ' { print $2 }' )
209- cat > /etc/apache2/sites-available/ncp.conf << EOF
109+
110+ grep -q DefineExternalAuth /etc/apache2/sites-available/ncp.conf || {
111+ apt-get update
112+ apt-get install -y --no-install-recommends libapache2-mod-authnz-external pwauth
113+ a2enmod authnz_external authn_core auth_basic
114+ bash -c " sleep 2 && systemctl restart apache2" & > /dev/null &
115+ }
116+
117+ cat > /etc/apache2/sites-available/ncp.conf << EOF
210118Listen 4443
211119<VirtualHost _default_:4443>
212120 DocumentRoot /var/www/ncp-web
@@ -226,6 +134,12 @@ Listen 4443
226134 AuthBasicProvider external
227135 AuthExternal pwauth
228136
137+ SetEnvIf Request_URI "^" noauth
138+ SetEnvIf Request_URI "^index\\ .php$" !noauth
139+ SetEnvIf Request_URI "^/$" !noauth
140+ SetEnvIf Request_URI "^/wizard/index.php$" !noauth
141+ SetEnvIf Request_URI "^/wizard/$" !noauth
142+
229143 <RequireAll>
230144
231145 <RequireAny>
@@ -235,17 +149,15 @@ Listen 4443
235149 Require ip 10
236150 </RequireAny>
237151
238- Require user pi
152+ <RequireAny>
153+ Require env noauth
154+ Require user pi
155+ </RequireAny>
239156
240157 </RequireAll>
241158
242159</Directory>
243160EOF
244- apt-get update
245- apt-get install -y --no-install-recommends libapache2-mod-authnz-external pwauth
246- a2enmod authnz_external authn_core auth_basic
247- bash -c " sleep 2 && systemctl restart apache2" & > /dev/null &
248- }
249161
250162 # temporary workaround for bug https://github.com/certbot/certbot/issues/5138#issuecomment-333391771
251163 cat > /etc/pip.conf << EOF
0 commit comments