From c74069923fc156fad82aef3026959988302de823 Mon Sep 17 00:00:00 2001 From: KiekerJan Date: Thu, 8 Sep 2022 20:35:39 +0200 Subject: [PATCH 1/6] update nextcloud to 24.0.5 --- setup/nextcloud.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh index d27e8349..fbc98935 100755 --- a/setup/nextcloud.sh +++ b/setup/nextcloud.sh @@ -21,8 +21,8 @@ echo "Installing Nextcloud (contacts/calendar)..." # we automatically install intermediate versions as needed. # * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and # copying it from the error message when it doesn't match what is below. -nextcloud_ver=24.0.0 -nextcloud_hash=f072f5863a15cefe577b47f72bb3e41d2a339335 +nextcloud_ver=24.0.5 +nextcloud_hash=a1ecc0db61584ed5fb6f7cf80a492b2fae17ba26 # Nextcloud apps # -------------- @@ -33,10 +33,10 @@ nextcloud_hash=f072f5863a15cefe577b47f72bb3e41d2a339335 # https://github.com/nextcloud/user_external/blob/master/appinfo/info.xml # * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and # copying it from the error message when it doesn't match what is below. -contacts_ver=4.1.1 -contacts_hash=c2dab4572494eb15de8f1ae565f707d0fcc6ae9b -calendar_ver=3.3.1 -calendar_hash=8ca2ebe1d57501949df2a0229501a99736ba8779 +contacts_ver=4.2.0 +contacts_hash=79b506574834db5e1b6ab47aadd4041e12ad9a9c +calendar_ver=3.5.0 +calendar_hash=941381536287a015081669513f8f79f6f262508a user_external_ver=3.0.0 user_external_hash=9e7aaf7288032bd463c480bc368ff91869122950 @@ -324,7 +324,7 @@ php < $CONFIG_TEMP && mv $CONFIG_TEMP $STORAGE_ROOT/owncloud/config.php; Date: Thu, 8 Sep 2022 22:23:07 +0200 Subject: [PATCH 2/6] move nextcloud logging to syslog --- conf/logrotate/mailinabox | 1 + conf/rsyslog/20-nextcloud.conf | 4 ++++ setup/additionals.sh | 3 +++ setup/nextcloud.sh | 2 ++ 4 files changed, 10 insertions(+) create mode 100644 conf/rsyslog/20-nextcloud.conf diff --git a/conf/logrotate/mailinabox b/conf/logrotate/mailinabox index 6b629de1..ed5fd34a 100644 --- a/conf/logrotate/mailinabox +++ b/conf/logrotate/mailinabox @@ -1,5 +1,6 @@ /var/log/roundcubemail/errors.log /var/log/roundcubemail/sendmail.log +/var/log/nextcloud.log { rotate 4 weekly diff --git a/conf/rsyslog/20-nextcloud.conf b/conf/rsyslog/20-nextcloud.conf new file mode 100644 index 00000000..7a39ff7c --- /dev/null +++ b/conf/rsyslog/20-nextcloud.conf @@ -0,0 +1,4 @@ +:syslogtag, startswith, "Nextcloud" -/var/log/nextcloud.log + +# Stop logging +& stop \ No newline at end of file diff --git a/setup/additionals.sh b/setup/additionals.sh index f1b87e4e..1c4d07e9 100644 --- a/setup/additionals.sh +++ b/setup/additionals.sh @@ -13,6 +13,9 @@ sed -i "s/\*\.\*;auth,authpriv.none.*\-\/var\/log\/syslog/\*\.\*;mail,auth,authp # Reduce logs by only logging ufw in ufw.log sed -i "s/#\& stop/\& stop/g" /etc/rsyslog.d/20-ufw.conf +# Add nextcloud logging +hide_output install -m 644 conf/rsyslog/20-nextcloud.conf /etc/rsyslog.d/ + restart_service rsyslog # Create forward for root emails diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh index fbc98935..d1f5eefe 100755 --- a/setup/nextcloud.sh +++ b/setup/nextcloud.sh @@ -334,6 +334,8 @@ include("$STORAGE_ROOT/owncloud/config.php"); \$CONFIG['logtimezone'] = '$TIMEZONE'; \$CONFIG['logdateformat'] = 'Y-m-d H:i:s'; +\$CONFIG['log_type'] = 'syslog', +\$CONFIG['syslog_tag'] = 'Nextcloud', \$CONFIG['mail_domain'] = '$PRIMARY_HOSTNAME'; From 0f510d97c92dea68763bea63e05fc2f1272871ad Mon Sep 17 00:00:00 2001 From: KiekerJan Date: Thu, 8 Sep 2022 22:32:52 +0200 Subject: [PATCH 3/6] correct config file handling --- setup/nextcloud.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh index d1f5eefe..2b274d05 100755 --- a/setup/nextcloud.sh +++ b/setup/nextcloud.sh @@ -334,8 +334,8 @@ include("$STORAGE_ROOT/owncloud/config.php"); \$CONFIG['logtimezone'] = '$TIMEZONE'; \$CONFIG['logdateformat'] = 'Y-m-d H:i:s'; -\$CONFIG['log_type'] = 'syslog', -\$CONFIG['syslog_tag'] = 'Nextcloud', +\$CONFIG['log_type'] = 'syslog'; +\$CONFIG['syslog_tag'] = 'Nextcloud'; \$CONFIG['mail_domain'] = '$PRIMARY_HOSTNAME'; From 191fd62835a9262ddf3a515053f7263cdc68c814 Mon Sep 17 00:00:00 2001 From: KiekerJan Date: Wed, 14 Sep 2022 14:44:09 +0200 Subject: [PATCH 4/6] make sure nextclouds config.php is only readable by user www-data --- setup/nextcloud.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh index 2b274d05..481b2d2a 100755 --- a/setup/nextcloud.sh +++ b/setup/nextcloud.sh @@ -347,6 +347,7 @@ echo ";"; ?> EOF chown www-data.www-data $STORAGE_ROOT/owncloud/config.php +chmod 640 $STORAGE_ROOT/owncloud/config.php # Enable/disable apps. Note that this must be done after the Nextcloud setup. # The firstrunwizard gave Josh all sorts of problems, so disabling that. From a0937290b72b0588033d396de219348a72f33394 Mon Sep 17 00:00:00 2001 From: KiekerJan Date: Fri, 16 Sep 2022 23:29:30 +0200 Subject: [PATCH 5/6] correct reference in fail2ban jail to nextcloud log --- conf/fail2ban/jails.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/fail2ban/jails.conf b/conf/fail2ban/jails.conf index b0faa6f1..80b79f57 100644 --- a/conf/fail2ban/jails.conf +++ b/conf/fail2ban/jails.conf @@ -37,7 +37,7 @@ findtime = 15m enabled = true port = http,https filter = miab-owncloud -logpath = STORAGE_ROOT/owncloud/nextcloud.log +logpath = /var/log/nextcloud.log maxretry = 20 findtime = 15m From e2da1d5f3740c4d733029bfd67840f4db923e061 Mon Sep 17 00:00:00 2001 From: KiekerJan Date: Sat, 17 Sep 2022 16:39:42 +0200 Subject: [PATCH 6/6] merge upgrade path for nextcloud --- setup/nextcloud.sh | 93 ++++++++++++++++++++++++++++------------------ 1 file changed, 56 insertions(+), 37 deletions(-) diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh index 481b2d2a..ca6aa261 100755 --- a/setup/nextcloud.sh +++ b/setup/nextcloud.sh @@ -182,45 +182,33 @@ if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextc elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[012] ]]; then echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 10, 11 or 12) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup will continue, but skip the Nextcloud migration." return 0 - elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^13 ]]; then - # If we are running Nextcloud 13, upgrade to Nextcloud 14 - InstallNextcloud 14.0.6 4e43a57340f04c2da306c8eea98e30040399ae5a 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 - CURRENT_NEXTCLOUD_VER="14.0.6" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^14 ]]; then - # During the upgrade from Nextcloud 14 to 15, user_external may cause the upgrade to fail. - # We will disable it here before the upgrade and install it again after the upgrade. - hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable user_external - InstallNextcloud 15.0.8 4129d8d4021c435f2e86876225fb7f15adf764a3 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 a1f3835c752929e3598eb94f22300516867ac6ab 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437 - CURRENT_NEXTCLOUD_VER="15.0.8" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^15 ]]; then - InstallNextcloud 16.0.6 0bb3098455ec89f5af77a652aad553ad40a88819 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437 - CURRENT_NEXTCLOUD_VER="16.0.6" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^16 ]]; then - InstallNextcloud 17.0.6 50b98d2c2f18510b9530e558ced9ab51eb4f11b0 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437 - CURRENT_NEXTCLOUD_VER="17.0.6" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^17 ]]; then - # Don't exit the install if this column already exists (see #2076) - (echo "ALTER TABLE oc_flow_operations ADD COLUMN entity VARCHAR;" | sqlite3 $STORAGE_ROOT/owncloud/owncloud.db 2>/dev/null) || true - InstallNextcloud 18.0.10 39c0021a8b8477c3f1733fddefacfa5ebf921c68 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a - CURRENT_NEXTCLOUD_VER="18.0.10" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^18 ]]; then - InstallNextcloud 19.0.4 01e98791ba12f4860d3d4047b9803f97a1b55c60 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a - CURRENT_NEXTCLOUD_VER="19.0.4" - fi - if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^19 ]]; then - InstallNextcloud 20.0.14 92cac708915f51ee2afc1787fd845476fd090c81 4.0.0 f893ca57a543b260c9feeecbb5958c00b6998e18 2.2.2 923846d48afb5004a456b9079cf4b46d23b3ef3a 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a - CURRENT_NEXTCLOUD_VER="20.0.14" - - # Nextcloud 20 needs to have some optional columns added - sudo -u www-data php /usr/local/lib/owncloud/occ db:add-missing-columns + elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[3456789] ]]; then + echo "Upgrades from Mail-in-a-Box prior to v60 with Nextcloud 19 or earlier are not supported. Upgrade to the latest Mail-in-a-Box version supported on your machine first. Setup will continue, but skip the Nextcloud migration." + return 0 fi if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^20 ]]; then - InstallNextcloud 21.0.7 f5c7079c5b56ce1e301c6a27c0d975d608bb01c9 4.0.0 f893ca57a543b260c9feeecbb5958c00b6998e18 2.2.2 923846d48afb5004a456b9079cf4b46d23b3ef3a 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a + # Version 20 is the latest version from the 18.04 version of miab. To upgrade to version 21, install php8.0. This is + # not supported by version 20, but that does not matter, as the InstallNextcloud function only runs the version 21 code. + + # Install the ppa + add-apt-repository --yes ppa:ondrej/php + + # Prevent installation of old packages + apt-mark hold php7.0-apcu php7.1-apcu php7.2-apcu php7.3-apcu php7.4-apcu + + # Install older php version + apt_install php8.0 php8.0-fpm php8.0-apcu php8.0-cli php8.0-sqlite3 php8.0-gd php8.0-imap \ + php8.0-curl php8.0-dev php8.0-xml php8.0-mbstring php8.0-zip + + # set older php version as default + update-alternatives --set php /usr/bin/php8.0 + + tools/editconf.py /etc/php/$(php_version)/mods-available/apcu.ini -c ';' \ + apc.enabled=1 \ + apc.enable_cli=1 + + # Install nextcloud, this also updates user_external to 2.1.0 + InstallNextcloud 21.0.7 f5c7079c5b56ce1e301c6a27c0d975d608bb01c9 4.0.7 45e7cf4bfe99cd8d03625cf9e5a1bb2e90549136 3.0.4 d0284b68135777ec9ca713c307216165b294d0fe 2.1.0 41d4c57371bd085d68421b52ab232092d7dfc882 CURRENT_NEXTCLOUD_VER="21.0.7" fi if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^21 ]]; then @@ -230,9 +218,40 @@ if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextc if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^22 ]]; then InstallNextcloud 23.0.2 645cba42cab57029ebe29fb93906f58f7abea5f8 4.0.8 9f368bb2be98c5555b7118648f4cc9fa51e8cb30 3.0.6 ca49bb1ce23f20e10911e39055fd59d7f7a84c30 3.0.0 9e7aaf7288032bd463c480bc368ff91869122950 CURRENT_NEXTCLOUD_VER="23.0.2" + + # Remove older php version + update-alternatives --auto php + + apt-get purge -qq -y php8.0 php8.0-fpm php8.0-apcu php8.0-cli php8.0-sqlite3 php8.0-gd \ + php8.0-imap php8.0-curl php8.0-dev php8.0-xml php8.0-mbstring php8.0-zip \ + php8.0-common php8.0-opcache php8.0-readline + + # Remove the ppa + add-apt-repository --yes --remove ppa:ondrej/php fi fi +# nextcloud version - supported php versions +# 20 - 7.2, 7.3, 7.4 +# 21 - 7.3, 7.4, 8.0 +# 22 - 7.3, 7.4, 8.0 +# 23 - 7.3, 7.4, 8.0 +# 24 - 7.4, 8.0, 8.1 +# +# ubuntu 18.04 has php 7.2 +# ubuntu 22.04 has php 8.1 +# +# user_external 2.1.0 supports version 21-22 +# user_external 2.1.0 supports version 22-24 +# +# upgrade path +# - install ppa: sudo add-apt-repository ppa:ondrej/php +# - upgrade php to version 8.0 (nextcloud will no longer function) +# - upgrade nextcloud to 21 and user_external to 2.1.0 +# - upgrade nextcloud to 22 +# - upgrade nextcloud to 23 and user_external to 3.0.0 +# - upgrade nextcloud to 24 + InstallNextcloud $nextcloud_ver $nextcloud_hash $contacts_ver $contacts_hash $calendar_ver $calendar_hash $user_external_ver $user_external_hash fi