From bb641cdfba9ab7452599807bba979fd2b798fb0b Mon Sep 17 00:00:00 2001 From: Jan Schulz-Hofen Date: Sat, 25 Mar 2017 19:20:21 +0700 Subject: [PATCH 1/2] Move from ownCloud to Nextcloud --- conf/fail2ban/jails.conf | 2 +- setup/owncloud.sh | 49 +++++++++++++++++++++++++++++++--------- 2 files changed, 39 insertions(+), 12 deletions(-) diff --git a/conf/fail2ban/jails.conf b/conf/fail2ban/jails.conf index 290a75bb..6c6fee32 100644 --- a/conf/fail2ban/jails.conf +++ b/conf/fail2ban/jails.conf @@ -34,7 +34,7 @@ findtime = 30 enabled = true port = http,https filter = miab-owncloud -logpath = STORAGE_ROOT/owncloud/owncloud.log +logpath = STORAGE_ROOT/owncloud/nextcloud.log maxretry = 20 findtime = 120 diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 5cf3714d..0eca5340 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -7,7 +7,7 @@ source /etc/mailinabox.conf # load global vars # ### Installing ownCloud -echo "Installing ownCloud (contacts/calendar)..." +echo "Installing Nextcloud (contacts/calendar)..." apt_install \ dbconfig-common \ @@ -32,29 +32,48 @@ InstallOwncloud() { version=$1 hash=$2 + flavor=$3 echo - echo "Upgrading to ownCloud version $version" + echo "Upgrading to $flavor version $version" echo # Remove the current owncloud rm -rf /usr/local/lib/owncloud # Download and verify - wget_verify https://download.owncloud.org/community/owncloud-$version.zip $hash /tmp/owncloud.zip + if [ "$flavor" = "Nextcloud" ]; then + wget_verify https://download.nextcloud.com/server/releases/nextcloud-$version.zip $hash /tmp/owncloud.zip + else + wget_verify https://download.owncloud.org/community/owncloud-$version.zip $hash /tmp/owncloud.zip + fi # Extract ownCloud unzip -q /tmp/owncloud.zip -d /usr/local/lib + if [ "$flavor" = "Nextcloud" ]; then + mv /usr/local/lib/nextcloud /usr/local/lib/owncloud + fi rm -f /tmp/owncloud.zip # The two apps we actually want are not in ownCloud core. Download the releases from # their github repositories. mkdir -p /usr/local/lib/owncloud/apps - wget_verify https://github.com/owncloud/contacts/releases/download/v1.4.0.0/contacts.tar.gz c1c22d29699456a45db447281682e8bc3f10e3e7 /tmp/contacts.tgz + + if [ "$flavor" = "Nextcloud" ]; then + wget_verify https://github.com/nextcloud/contacts/releases/download/v1.5.3/contacts.tar.gz 78c4d49e73f335084feecd4853bd8234cf32615e /tmp/contacts.tgz + else + wget_verify https://github.com/owncloud/contacts/releases/download/v1.4.0.0/contacts.tar.gz c1c22d29699456a45db447281682e8bc3f10e3e7 /tmp/contacts.tgz + fi + tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/ rm /tmp/contacts.tgz - wget_verify https://github.com/nextcloud/calendar/releases/download/v1.4.0/calendar.tar.gz c84f3170efca2a99ea6254de34b0af3cb0b3a821 /tmp/calendar.tgz + if [ "$flavor" = "Nextcloud" ]; then + wget_verify https://github.com/nextcloud/calendar/releases/download/v1.5.2/calendar.tar.gz 7b8a94e01fe740c5c23017ed5bc211983c780fce /tmp/calendar.tgz + else + wget_verify https://github.com/nextcloud/calendar/releases/download/v1.4.0/calendar.tar.gz c84f3170efca2a99ea6254de34b0af3cb0b3a821 /tmp/calendar.tgz + fi + tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/ rm /tmp/calendar.tgz @@ -86,8 +105,9 @@ InstallOwncloud() { fi } -owncloud_ver=9.1.4 -owncloud_hash=e637cab7b2ca3346164f3506b1a0eb812b4e841a +owncloud_ver=10.0.4 +owncloud_hash=346590278a5cc7b0a3c8d1a68eafec68ac59c475 +owncloud_flavor=Nextcloud # Check if ownCloud dir exist, and check if version matches owncloud_ver (if either doesn't - install/upgrade) if [ ! -d /usr/local/lib/owncloud/ ] \ @@ -101,7 +121,7 @@ if [ ! -d /usr/local/lib/owncloud/ ] \ BACKUP_DIRECTORY=$STORAGE_ROOT/owncloud-backup/`date +"%Y-%m-%d-%T"` mkdir -p "$BACKUP_DIRECTORY" if [ -d /usr/local/lib/owncloud/ ]; then - echo "upgrading ownCloud to $owncloud_ver (backing up existing ownCloud installation, configuration and database to directory to $BACKUP_DIRECTORY..." + echo "upgrading ownCloud/Nextcloud to $owncloud_flavor $owncloud_ver (backing up existing installation, configuration and database to directory to $BACKUP_DIRECTORY..." cp -r /usr/local/lib/owncloud "$BACKUP_DIRECTORY/owncloud-install" fi if [ -e /home/user-data/owncloud/owncloud.db ]; then @@ -115,7 +135,7 @@ if [ ! -d /usr/local/lib/owncloud/ ] \ if [ -e /usr/local/lib/owncloud/version.php ]; then if grep -q "8\.1\.[0-9]" /usr/local/lib/owncloud/version.php; then echo "We are running 8.1.x, upgrading to 8.2.3 first" - InstallOwncloud 8.2.3 bfdf6166fbf6fc5438dc358600e7239d1c970613 + InstallOwncloud 8.2.3 bfdf6166fbf6fc5438dc358600e7239d1c970613 ownCloud fi # If we are upgrading from 8.2.x we should go to 9.0 first. Owncloud doesn't support skipping minor versions @@ -139,7 +159,7 @@ EOF chown www-data.www-data $STORAGE_ROOT/owncloud/config.php # We can now install owncloud 9.0.2 - InstallOwncloud 9.0.2 72a3d15d09f58c06fa8bee48b9e60c9cd356f9c5 + InstallOwncloud 9.0.2 72a3d15d09f58c06fa8bee48b9e60c9cd356f9c5 ownCloud # The owncloud 9 migration doesn't migrate calendars and contacts # The option to migrate these are removed in 9.1 @@ -152,9 +172,16 @@ EOF done sudo -u www-data php /usr/local/lib/owncloud/occ dav:sync-birthday-calendar fi + + # If we are upgrading from 9.0.x we should go to 9.1 first. + if grep -q "9\.0\.[0-9]" /usr/local/lib/owncloud/version.php; then + echo "We are running ownCloud 9.0.x, upgrading to ownCloud 9.1.4 first" + InstallOwncloud 9.1.4 e637cab7b2ca3346164f3506b1a0eb812b4e841a ownCloud + fi + fi - InstallOwncloud $owncloud_ver $owncloud_hash + InstallOwncloud $owncloud_ver $owncloud_hash Nextcloud fi # ### Configuring ownCloud From 48e0f39179c274d7603178e8b2a1436a03fe0460 Mon Sep 17 00:00:00 2001 From: Jan Schulz-Hofen Date: Sun, 2 Apr 2017 11:19:21 +0200 Subject: [PATCH 2/2] Rename ownCloud to Nextcloud in safe places e.g. code comments and user-facing prompts/outputs which can be safely changed without risking to break anything --- README.md | 2 +- conf/nginx-alldomains.conf | 2 +- conf/nginx-primaryonly.conf | 4 ++-- conf/zpush/backend_carddav.php | 2 +- security.md | 2 +- setup/owncloud.sh | 36 +++++++++++++++++----------------- tools/owncloud-restore.sh | 4 ++-- tools/owncloud-unlockadmin.sh | 6 +++--- 8 files changed, 29 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 81d8952d..57ec528b 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ It is a one-click email appliance. There are no user-configurable setup options. The components installed are: -* SMTP ([postfix](http://www.postfix.org/)), IMAP ([dovecot](http://dovecot.org/)), CardDAV/CalDAV ([ownCloud](https://owncloud.org/)), Exchange ActiveSync ([z-push](https://github.com/fmbiete/Z-Push-contrib)) +* SMTP ([postfix](http://www.postfix.org/)), IMAP ([dovecot](http://dovecot.org/)), CardDAV/CalDAV ([Nextcloud](https://nextcloud.com/)), Exchange ActiveSync ([z-push](https://github.com/fmbiete/Z-Push-contrib)) * Webmail ([Roundcube](http://roundcube.net/)), static website hosting ([nginx](http://nginx.org/)) * Spam filtering ([spamassassin](https://spamassassin.apache.org/)), greylisting ([postgrey](http://postgrey.schweikert.ch/)) * DNS ([nsd4](https://www.nlnetlabs.nl/projects/nsd/)) with [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework), DKIM ([OpenDKIM](http://www.opendkim.org/)), [DMARC](https://en.wikipedia.org/wiki/DMARC), [DNSSEC](https://en.wikipedia.org/wiki/DNSSEC), [DANE TLSA](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities), and [SSHFP](https://tools.ietf.org/html/rfc4255) records automatically set diff --git a/conf/nginx-alldomains.conf b/conf/nginx-alldomains.conf index 995745e4..1db7606c 100644 --- a/conf/nginx-alldomains.conf +++ b/conf/nginx-alldomains.conf @@ -70,7 +70,7 @@ # takes precedence over all non-regex matches and only regex matches that # come after it (i.e. none of those, since this is the last one.) That means # we're blocking dotfiles in the static hosted sites but not the FastCGI- - # handled locations for ownCloud (which serves user-uploaded files that might + # handled locations for Nextcloud (which serves user-uploaded files that might # have this pattern, see #414) or some of the other services. location ~ /\.(ht|svn|git|hg|bzr) { log_not_found off; diff --git a/conf/nginx-primaryonly.conf b/conf/nginx-primaryonly.conf index eb446251..ef1c990d 100644 --- a/conf/nginx-primaryonly.conf +++ b/conf/nginx-primaryonly.conf @@ -12,7 +12,7 @@ add_header Strict-Transport-Security max-age=31536000; } - # ownCloud configuration. + # Nextcloud configuration. rewrite ^/cloud$ /cloud/ redirect; rewrite ^/cloud/$ /cloud/index.php; rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect; @@ -47,7 +47,7 @@ fastcgi_buffers 64 4K; } location ^~ /owncloud-xaccel/ { - # This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. ownCloud sends the full file + # This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. Nextcloud sends the full file # path on disk as a subdirectory under this virtual path. # We must only allow 'internal' redirects within nginx so that the filesystem # is not exposed to the world. diff --git a/conf/zpush/backend_carddav.php b/conf/zpush/backend_carddav.php index 4b166ad5..3b0710c6 100644 --- a/conf/zpush/backend_carddav.php +++ b/conf/zpush/backend_carddav.php @@ -17,7 +17,7 @@ define('CARDDAV_CONTACTS_FOLDER_NAME', '%u Addressbook'); define('CARDDAV_SUPPORTS_SYNC', false); // If the CardDAV server supports the FN attribute for searches -// DAViCal supports it, but SabreDav, Owncloud and SOGo don't +// DAViCal supports it, but SabreDav, Nextcloud and SOGo don't // Setting this to true will search by FN. If false will search by sn, givenName and email // It's safe to leave it as false define('CARDDAV_SUPPORTS_FN_SEARCH', false); diff --git a/security.md b/security.md index e89eeeb9..ed7ce468 100644 --- a/security.md +++ b/security.md @@ -73,7 +73,7 @@ If DNSSEC is enabled at the box's domain name's registrar, the SSHFP record that `fail2ban` provides some protection from brute-force login attacks (repeated logins that guess account passwords) by blocking offending IP addresses at the network level. -The following services are protected: SSH, IMAP (dovecot), SMTP submission (postfix), webmail (roundcube), ownCloud/CalDAV/CardDAV (over HTTP), and the Mail-in-a-Box control panel & munin (over HTTP). +The following services are protected: SSH, IMAP (dovecot), SMTP submission (postfix), webmail (roundcube), Nextcloud/CalDAV/CardDAV (over HTTP), and the Mail-in-a-Box control panel & munin (over HTTP). Some other services running on the box may be missing fail2ban filters. diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 0eca5340..aeed6c17 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -1,11 +1,11 @@ #!/bin/bash -# Owncloud +# Nextcloud ########################## source setup/functions.sh # load our functions source /etc/mailinabox.conf # load global vars -# ### Installing ownCloud +# ### Installing Nextcloud echo "Installing Nextcloud (contacts/calendar)..." @@ -38,7 +38,7 @@ InstallOwncloud() { echo "Upgrading to $flavor version $version" echo - # Remove the current owncloud + # Remove the current owncloud/Nextcloud rm -rf /usr/local/lib/owncloud # Download and verify @@ -48,14 +48,14 @@ InstallOwncloud() { wget_verify https://download.owncloud.org/community/owncloud-$version.zip $hash /tmp/owncloud.zip fi - # Extract ownCloud + # Extract ownCloud/Nextcloud unzip -q /tmp/owncloud.zip -d /usr/local/lib if [ "$flavor" = "Nextcloud" ]; then mv /usr/local/lib/nextcloud /usr/local/lib/owncloud fi rm -f /tmp/owncloud.zip - # The two apps we actually want are not in ownCloud core. Download the releases from + # The two apps we actually want are not in Nextcloud core. Download the releases from # their github repositories. mkdir -p /usr/local/lib/owncloud/apps @@ -109,14 +109,14 @@ owncloud_ver=10.0.4 owncloud_hash=346590278a5cc7b0a3c8d1a68eafec68ac59c475 owncloud_flavor=Nextcloud -# Check if ownCloud dir exist, and check if version matches owncloud_ver (if either doesn't - install/upgrade) +# Check if Nextcloud dir exist, and check if version matches owncloud_ver (if either doesn't - install/upgrade) if [ ! -d /usr/local/lib/owncloud/ ] \ || ! grep -q $owncloud_ver /usr/local/lib/owncloud/version.php; then # Stop php-fpm hide_output service php5-fpm stop - # Backup the existing ownCloud. + # Backup the existing ownCloud/Nextcloud. # Create a backup directory to store the current installation and database to BACKUP_DIRECTORY=$STORAGE_ROOT/owncloud-backup/`date +"%Y-%m-%d-%T"` mkdir -p "$BACKUP_DIRECTORY" @@ -131,7 +131,7 @@ if [ ! -d /usr/local/lib/owncloud/ ] \ cp /home/user-data/owncloud/config.php $BACKUP_DIRECTORY fi - # We only need to check if we do upgrades when owncloud was previously installed + # We only need to check if we do upgrades when owncloud/Nextcloud was previously installed if [ -e /usr/local/lib/owncloud/version.php ]; then if grep -q "8\.1\.[0-9]" /usr/local/lib/owncloud/version.php; then echo "We are running 8.1.x, upgrading to 8.2.3 first" @@ -184,9 +184,9 @@ EOF InstallOwncloud $owncloud_ver $owncloud_hash Nextcloud fi -# ### Configuring ownCloud +# ### Configuring Nextcloud -# Setup ownCloud if the ownCloud database does not yet exist. Running setup when +# Setup Nextcloud if the Nextcloud database does not yet exist. Running setup when # the database does exist wipes the database and user data. if [ ! -f $STORAGE_ROOT/owncloud/owncloud.db ]; then # Create user data directory @@ -201,7 +201,7 @@ if [ ! -f $STORAGE_ROOT/owncloud/owncloud.db ]; then 'instanceid' => '$instanceid', - 'forcessl' => true, # if unset/false, ownCloud sends a HSTS=0 header, which conflicts with nginx config + 'forcessl' => true, # if unset/false, Nextcloud sends a HSTS=0 header, which conflicts with nginx config 'overwritewebroot' => '/cloud', 'overwrite.cli.url' => '/cloud', @@ -238,7 +238,7 @@ EOF 'dbtype' => 'sqlite3', # create an administrator account with a random password so that - # the user does not have to enter anything on first load of ownCloud + # the user does not have to enter anything on first load of Nextcloud 'adminlogin' => 'root', 'adminpass' => '$adminpassword', ); @@ -248,7 +248,7 @@ EOF # Set permissions chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud - # Execute ownCloud's setup step, which creates the ownCloud sqlite database. + # Execute Nextcloud's setup step, which creates the Nextcloud sqlite database. # It also wipes it if it exists. And it updates config.php with database # settings and deletes the autoconfig.php file. (cd /usr/local/lib/owncloud; sudo -u www-data php /usr/local/lib/owncloud/index.php;) @@ -285,9 +285,9 @@ echo ";"; EOF chown www-data.www-data $STORAGE_ROOT/owncloud/config.php -# Enable/disable apps. Note that this must be done after the ownCloud setup. +# Enable/disable apps. Note that this must be done after the Nextcloud setup. # The firstrunwizard gave Josh all sorts of problems, so disabling that. -# user_external is what allows ownCloud to use IMAP for login. The contacts +# user_external is what allows Nextcloud to use IMAP for login. The contacts # and calendar apps are the extensions we really care about here. hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable firstrunwizard hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable user_external @@ -316,7 +316,7 @@ if grep -q apc.enabled=0 /etc/php5/mods-available/apcu.ini; then apc.enabled=1 fi -# Set up a cron job for owncloud. +# Set up a cron job for Nextcloud. cat > /etc/cron.hourly/mailinabox-owncloud << EOF; #!/bin/bash # Mail-in-a-Box @@ -324,8 +324,8 @@ sudo -u www-data php -f /usr/local/lib/owncloud/cron.php EOF chmod +x /etc/cron.hourly/mailinabox-owncloud -# There's nothing much of interest that a user could do as an admin for ownCloud, -# and there's a lot they could mess up, so we don't make any users admins of ownCloud. +# There's nothing much of interest that a user could do as an admin for Nextcloud, +# and there's a lot they could mess up, so we don't make any users admins of Nextcloud. # But if we wanted to, we would do this: # ``` # for user in $(tools/mail.py user admins); do diff --git a/tools/owncloud-restore.sh b/tools/owncloud-restore.sh index 0e6a0756..4d647b10 100755 --- a/tools/owncloud-restore.sh +++ b/tools/owncloud-restore.sh @@ -28,9 +28,9 @@ fi echo "Restoring backup from $1" service php5-fpm stop -# remove the current owncloud installation +# remove the current ownCloud/Nextcloud installation rm -rf /usr/local/lib/owncloud/ -# restore the current owncloud application +# restore the current ownCloud/Nextcloud application cp -r "$1/owncloud-install" /usr/local/lib/owncloud # restore access rights diff --git a/tools/owncloud-unlockadmin.sh b/tools/owncloud-unlockadmin.sh index f003f5d6..6a74d19f 100755 --- a/tools/owncloud-unlockadmin.sh +++ b/tools/owncloud-unlockadmin.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# This script will give you administrative access to the ownCloud +# This script will give you administrative access to the Nextcloud # instance running here. # # Run this at your own risk. This is for testing & experimentation @@ -13,8 +13,8 @@ test -z "$1" || ADMIN=$1 echo I am going to unlock admin features for $ADMIN. echo You can provide another user to unlock as the first argument of this script. -echo -echo WARNING: you could break mail-in-a-box when fiddling around with owncloud\'s admin interface +echo +echo WARNING: you could break mail-in-a-box when fiddling around with Nextcloud\'s admin interface echo If in doubt, press CTRL-C to cancel. echo echo Press enter to continue.