From 7167d95564d7432a5eb2ed4a2852ea8037c243d4 Mon Sep 17 00:00:00 2001 From: kaibae19 <99116238+kaibae19@users.noreply.github.com> Date: Sun, 3 Apr 2022 09:33:36 -0700 Subject: [PATCH] Initial Commit Initial Commit --- conf/nginx-nextcloud.conf | 49 ++++++++++++++++++++++++++++++++++++ conf/nginx-primaryonly.conf | 50 +------------------------------------ management/web_update.py | 7 +++++- setup/questions.sh | 9 +++++++ setup/start.sh | 6 ++++- setup/zpush.sh | 6 +++++ 6 files changed, 76 insertions(+), 51 deletions(-) create mode 100644 conf/nginx-nextcloud.conf diff --git a/conf/nginx-nextcloud.conf b/conf/nginx-nextcloud.conf new file mode 100644 index 00000000..08104476 --- /dev/null +++ b/conf/nginx-nextcloud.conf @@ -0,0 +1,49 @@ + # Nextcloud configuration. + rewrite ^/cloud$ /cloud/ redirect; + rewrite ^/cloud/$ /cloud/index.php; + rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect; + rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html; + rewrite ^(/cloud/oc[sm]-provider)/$ $1/index.php redirect; + location /cloud/ { + alias /usr/local/lib/owncloud/; + location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ { + deny all; + } + location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + # Enable paths for service and cloud federation discovery + # Resolves warning in Nextcloud Settings panel + location ~ ^/cloud/(oc[sm]-provider)?/([^/]+\.php)$ { + index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$1/$2; + fastcgi_pass php-fpm; + } + } + location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ { + # note: ~ has precendence over a regular location block + # Accept URLs like: + # /cloud/index.php/apps/files/ + # /cloud/index.php/apps/files/ajax/scan.php (it's really index.php; see 6fdef379adfdeac86cc2220209bdf4eb9562268d) + # /cloud/ocs/v1.php/apps/files_sharing/api/v1 (see #240) + # /cloud/remote.php/webdav/yourfilehere... + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2; + fastcgi_param SCRIPT_NAME $1$2; + fastcgi_param PATH_INFO $3; + fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; + fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel; + fastcgi_read_timeout 630; + fastcgi_pass php-fpm; + client_max_body_size 1G; + fastcgi_buffers 64 4K; + } + location ^~ /owncloud-xaccel/ { + # This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. Nextcloud sends the full file + # path on disk as a subdirectory under this virtual path. + # We must only allow 'internal' redirects within nginx so that the filesystem + # is not exposed to the world. + internal; + alias /; + } diff --git a/conf/nginx-primaryonly.conf b/conf/nginx-primaryonly.conf index 31bf0095..93de0572 100644 --- a/conf/nginx-primaryonly.conf +++ b/conf/nginx-primaryonly.conf @@ -14,55 +14,7 @@ add_header Content-Security-Policy "frame-ancestors 'none';"; } - # Nextcloud configuration. - rewrite ^/cloud$ /cloud/ redirect; - rewrite ^/cloud/$ /cloud/index.php; - rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect; - rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html; - rewrite ^(/cloud/oc[sm]-provider)/$ $1/index.php redirect; - location /cloud/ { - alias /usr/local/lib/owncloud/; - location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ { - deny all; - } - location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - # Enable paths for service and cloud federation discovery - # Resolves warning in Nextcloud Settings panel - location ~ ^/cloud/(oc[sm]-provider)?/([^/]+\.php)$ { - index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$1/$2; - fastcgi_pass php-fpm; - } - } - location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ { - # note: ~ has precendence over a regular location block - # Accept URLs like: - # /cloud/index.php/apps/files/ - # /cloud/index.php/apps/files/ajax/scan.php (it's really index.php; see 6fdef379adfdeac86cc2220209bdf4eb9562268d) - # /cloud/ocs/v1.php/apps/files_sharing/api/v1 (see #240) - # /cloud/remote.php/webdav/yourfilehere... - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2; - fastcgi_param SCRIPT_NAME $1$2; - fastcgi_param PATH_INFO $3; - fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; - fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel; - fastcgi_read_timeout 630; - fastcgi_pass php-fpm; - client_max_body_size 1G; - fastcgi_buffers 64 4K; - } - location ^~ /owncloud-xaccel/ { - # This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. Nextcloud sends the full file - # path on disk as a subdirectory under this virtual path. - # We must only allow 'internal' redirects within nginx so that the filesystem - # is not exposed to the world. - internal; - alias /; - } + location ~ ^/((caldav|carddav|webdav).*)$ { # Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either. # Properly proxying like this seems to work fine. diff --git a/management/web_update.py b/management/web_update.py index 7230182b..406e52ac 100644 --- a/management/web_update.py +++ b/management/web_update.py @@ -83,9 +83,14 @@ def do_web_update(env): template1 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-alldomains.conf")).read() template2 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-primaryonly.conf")).read() template3 = "\trewrite ^(.*) https://$REDIRECT_DOMAIN$1 permanent;\n" + template4 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-nextcloud.conf")).read() # Add the PRIMARY_HOST configuration first so it becomes nginx's default server. - nginx_conf += make_domain_config(env['PRIMARY_HOSTNAME'], [template0, template1, template2], ssl_certificates, env) + # If DAV_HOSTNAME and PRIMARY_HOSTNAME differ, exclude the Nextcloud configuration from the nginx configuration + if env['PRIMARY_HOSTNAME' == env'DAV_HOSTNAME']: + nginx_conf += make_domain_config(env['PRIMARY_HOSTNAME'], [template0, template1, template2, template4], ssl_certificates, env) + else + nginx_conf += make_domain_config(env['PRIMARY_HOSTNAME'], [template0, template1, template2], ssl_certificates, env) # Add configuration all other web domains. has_root_proxy_or_redirect = get_web_domains_with_root_overrides(env) diff --git a/setup/questions.sh b/setup/questions.sh index bf382f49..8efe6939 100644 --- a/setup/questions.sh +++ b/setup/questions.sh @@ -83,6 +83,15 @@ address, so we're suggesting $DEFAULT_PRIMARY_HOSTNAME. fi fi + +# Are we running an external CalDAV and CardDAV server? This will default the variable NC_HOSTNAME to +# PRIMARY_HOSTNAME unless it is changed. If change, Nextcloud installation is omitted from this setup script + input_box "External Cal/CardDAV server" \ +"Are you using an external server for CalDAV and CardDAV (Nextcloud), if so, enter the FQDN of the server. \ +IMPORTANT: Changing this from the default will omit the installation of Nextcloud on this system." + $PRIMARY_HOSTNAME \ + DAV_HOSTNAME + # If the machine is behind a NAT, inside a VM, etc., it may not know # its IP address on the public network / the Internet. Ask the Internet # and possibly confirm with user. diff --git a/setup/start.sh b/setup/start.sh index bd743ac5..63af81db 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -90,6 +90,7 @@ cat > /etc/mailinabox.conf << EOF; STORAGE_USER=$STORAGE_USER STORAGE_ROOT=$STORAGE_ROOT PRIMARY_HOSTNAME=$PRIMARY_HOSTNAME +DAV_HOSTNAME=$DAV_HOSTNAME PUBLIC_IP=$PUBLIC_IP PUBLIC_IPV6=$PUBLIC_IPV6 PRIVATE_IP=$PRIVATE_IP @@ -108,7 +109,10 @@ source setup/dkim.sh source setup/spamassassin.sh source setup/web.sh source setup/webmail.sh -source setup/nextcloud.sh +# If DAV server hostname is differs from this machine, omit Nextcloud installation +if [ $DAV_HOSTNAME == $PRIMARY_HOSTNAME]; then + source setup/nextcloud.sh +fi source setup/zpush.sh source setup/management.sh source setup/munin.sh diff --git a/setup/zpush.sh b/setup/zpush.sh index c1c00f2a..bcbc7444 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -72,6 +72,12 @@ cp conf/zpush/backend_carddav.php /usr/local/lib/z-push/backend/carddav/config.p rm -f /usr/local/lib/z-push/backend/caldav/config.php cp conf/zpush/backend_caldav.php /usr/local/lib/z-push/backend/caldav/config.php +# If user entered an external DAV server, update the Z-Push DAV service configurations with the server name +if [ $DAV_HOSTNAME != $PRIMARY_HOSTNAME ]; then + sed -i "s/127.0.0.1/$DAV_HOSTNAME/" /usr/local/lib/z-push/backend/carddav/config.php + sed -i "s/127.0.0.1/$DAV_HOSTNAME/" /usr/local/lib/z-push/backend/caldav/config.php +fi + # Configure Autodiscover rm -f /usr/local/lib/z-push/autodiscover/config.php cp conf/zpush/autodiscover_config.php /usr/local/lib/z-push/autodiscover/config.php