From d2ccf56adb746e75541844424a403472f4988de9 Mon Sep 17 00:00:00 2001 From: yodax Date: Tue, 4 Apr 2017 08:25:05 +0200 Subject: [PATCH 01/12] Update to NextCloud11 using PHP7 --- conf/nginx-primaryonly.conf | 2 +- setup/owncloud.sh | 147 +++++++++++++++++++++++++----------- tools/owncloud-restore.sh | 2 + 3 files changed, 105 insertions(+), 46 deletions(-) diff --git a/conf/nginx-primaryonly.conf b/conf/nginx-primaryonly.conf index ef1c990d..1f44742d 100644 --- a/conf/nginx-primaryonly.conf +++ b/conf/nginx-primaryonly.conf @@ -40,7 +40,7 @@ fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel; fastcgi_read_timeout 630; - fastcgi_pass php-fpm; + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; error_page 403 /cloud/core/templates/403.php; error_page 404 /cloud/core/templates/404.php; client_max_body_size 1G; diff --git a/setup/owncloud.sh b/setup/owncloud.sh index aeed6c17..f67bf88b 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -16,6 +16,13 @@ apt_install \ apt-get purge -qq -y owncloud* +# Install php-7 from the ppa of the ubuntu php maintainer Ondřej Surý located here https://launchpad.net/%7Eondrej/+archive/ubuntu/php +hide_output add-apt-repository -y ppa:ondrej/php +hide_output apt-get update +apt_install php7.0 php7.0-fpm \ + php7.0-cli php7.0-sqlite php7.0-gd php7.0-imap php7.0-curl php-pear php-apc curl \ + php7.0-dev php7.0-gd memcached php7.0-memcached php7.0-xml php7.0-mbstring php7.0-zip php7.0-apcu + # Migrate <= v0.10 setups that stored the ownCloud config.php in /usr/local rather than # in STORAGE_ROOT. Move the file to STORAGE_ROOT. if [ ! -f $STORAGE_ROOT/owncloud/config.php ] \ @@ -28,52 +35,96 @@ if [ ! -f $STORAGE_ROOT/owncloud/config.php ] \ ln -sf $STORAGE_ROOT/owncloud/config.php /usr/local/lib/owncloud/config/config.php fi -InstallOwncloud() { +InstallNextCloud() { version=$1 hash=$2 - flavor=$3 echo - echo "Upgrading to $flavor version $version" + echo "Upgrading to NextCloud version $version" echo # Remove the current owncloud/Nextcloud rm -rf /usr/local/lib/owncloud # Download and verify - if [ "$flavor" = "Nextcloud" ]; then - wget_verify https://download.nextcloud.com/server/releases/nextcloud-$version.zip $hash /tmp/owncloud.zip - else - wget_verify https://download.owncloud.org/community/owncloud-$version.zip $hash /tmp/owncloud.zip - fi + wget_verify https://download.nextcloud.com/server/releases/nextcloud-$version.zip $hash /tmp/nextcloud.zip # Extract ownCloud/Nextcloud - unzip -q /tmp/owncloud.zip -d /usr/local/lib - if [ "$flavor" = "Nextcloud" ]; then - mv /usr/local/lib/nextcloud /usr/local/lib/owncloud + unzip -q /tmp/nextcloud.zip -d /usr/local/lib + mv /usr/local/lib/nextcloud /usr/local/lib/owncloud + rm -f /tmp/nextcloud.zip + + # The two apps we actually want are not in Nextcloud core. Download the releases from + # their github repositories. + mkdir -p /usr/local/lib/owncloud/apps + + wget_verify https://github.com/nextcloud/contacts/releases/download/v1.5.3/contacts.tar.gz 78c4d49e73f335084feecd4853bd8234cf32615e /tmp/contacts.tgz + tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/ + rm /tmp/contacts.tgz + + wget_verify https://github.com/nextcloud/calendar/releases/download/v1.5.2/calendar.tar.gz 7b8a94e01fe740c5c23017ed5bc211983c780fce /tmp/calendar.tgz + tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/ + rm /tmp/calendar.tgz + + # Fix weird permissions. + chmod 750 /usr/local/lib/owncloud/{apps,config} + + # Create a symlink to the config.php in STORAGE_ROOT (for upgrades we're restoring the symlink we previously + # put in, and in new installs we're creating a symlink and will create the actual config later). + ln -sf $STORAGE_ROOT/owncloud/config.php /usr/local/lib/owncloud/config/config.php + + # Make sure permissions are correct or the upgrade step won't run. + # $STORAGE_ROOT/owncloud may not yet exist, so use -f to suppress + # that error. + chown -f -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud + + # If this isn't a new installation, immediately run the upgrade script. + # Then check for success (0=ok and 3=no upgrade needed, both are success). + if [ -e $STORAGE_ROOT/owncloud/owncloud.db ]; then + # ownCloud 8.1.1 broke upgrades. It may fail on the first attempt, but + # that can be OK. + sudo -u www-data php7.0 /usr/local/lib/owncloud/occ upgrade + if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then + echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..." + sudo -u www-data php7.0 /usr/local/lib/owncloud/occ upgrade + if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi + sudo -u www-data php7.0 /usr/local/lib/owncloud/occ maintenance:mode --off + echo "...which seemed to work." + fi fi +} + +# We only install ownCloud intermediate versions to be able to seemlesly upgrade to NextCloud +InstallOwncloud() { + + version=$1 + hash=$2 + + echo + echo "Upgrading to OwnCloud version $version" + echo + + # Remove the current owncloud/Nextcloud + rm -rf /usr/local/lib/owncloud + + # Download and verify + wget_verify https://download.owncloud.org/community/owncloud-$version.zip $hash /tmp/owncloud.zip + + + # Extract ownCloud + unzip -q /tmp/owncloud.zip -d /usr/local/lib rm -f /tmp/owncloud.zip # The two apps we actually want are not in Nextcloud core. Download the releases from # their github repositories. mkdir -p /usr/local/lib/owncloud/apps - if [ "$flavor" = "Nextcloud" ]; then - wget_verify https://github.com/nextcloud/contacts/releases/download/v1.5.3/contacts.tar.gz 78c4d49e73f335084feecd4853bd8234cf32615e /tmp/contacts.tgz - else - wget_verify https://github.com/owncloud/contacts/releases/download/v1.4.0.0/contacts.tar.gz c1c22d29699456a45db447281682e8bc3f10e3e7 /tmp/contacts.tgz - fi - + wget_verify https://github.com/owncloud/contacts/releases/download/v1.4.0.0/contacts.tar.gz c1c22d29699456a45db447281682e8bc3f10e3e7 /tmp/contacts.tgz tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/ rm /tmp/contacts.tgz - if [ "$flavor" = "Nextcloud" ]; then - wget_verify https://github.com/nextcloud/calendar/releases/download/v1.5.2/calendar.tar.gz 7b8a94e01fe740c5c23017ed5bc211983c780fce /tmp/calendar.tgz - else - wget_verify https://github.com/nextcloud/calendar/releases/download/v1.4.0/calendar.tar.gz c84f3170efca2a99ea6254de34b0af3cb0b3a821 /tmp/calendar.tgz - fi - + wget_verify https://github.com/nextcloud/calendar/releases/download/v1.4.0/calendar.tar.gz c84f3170efca2a99ea6254de34b0af3cb0b3a821 /tmp/calendar.tgz tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/ rm /tmp/calendar.tgz @@ -105,15 +156,15 @@ InstallOwncloud() { fi } -owncloud_ver=10.0.4 -owncloud_hash=346590278a5cc7b0a3c8d1a68eafec68ac59c475 -owncloud_flavor=Nextcloud +owncloud_ver=11.0.2 +owncloud_hash=a95ad7aefaaba3f95d2e0e77374f56e92c27d2ff # Check if Nextcloud dir exist, and check if version matches owncloud_ver (if either doesn't - install/upgrade) if [ ! -d /usr/local/lib/owncloud/ ] \ || ! grep -q $owncloud_ver /usr/local/lib/owncloud/version.php; then # Stop php-fpm + hide_output service php7.0-fpm stop hide_output service php5-fpm stop # Backup the existing ownCloud/Nextcloud. @@ -135,7 +186,7 @@ if [ ! -d /usr/local/lib/owncloud/ ] \ if [ -e /usr/local/lib/owncloud/version.php ]; then if grep -q "8\.1\.[0-9]" /usr/local/lib/owncloud/version.php; then echo "We are running 8.1.x, upgrading to 8.2.3 first" - InstallOwncloud 8.2.3 bfdf6166fbf6fc5438dc358600e7239d1c970613 ownCloud + InstallOwncloud 8.2.3 bfdf6166fbf6fc5438dc358600e7239d1c970613 fi # If we are upgrading from 8.2.x we should go to 9.0 first. Owncloud doesn't support skipping minor versions @@ -149,7 +200,7 @@ if [ ! -d /usr/local/lib/owncloud/ ] \ array('{127.0.0.1:993/imap/ssl/novalidate-cert}') ) ), - 'memcache.local' => '\OC\Memcache\APC', + 'memcache.local' => '\OC\Memcache\APCu', 'mail_smtpmode' => 'sendmail', 'mail_smtpsecure' => '', 'mail_smtpauthtype' => 'LOGIN', @@ -251,7 +308,7 @@ EOF # Execute Nextcloud's setup step, which creates the Nextcloud sqlite database. # It also wipes it if it exists. And it updates config.php with database # settings and deletes the autoconfig.php file. - (cd /usr/local/lib/owncloud; sudo -u www-data php /usr/local/lib/owncloud/index.php;) + (cd /usr/local/lib/owncloud; sudo -u www-data php7.0 /usr/local/lib/owncloud/index.php;) fi # Update config.php. @@ -271,7 +328,7 @@ include("$STORAGE_ROOT/owncloud/config.php"); \$CONFIG['trusted_domains'] = array('$PRIMARY_HOSTNAME'); -\$CONFIG['memcache.local'] = '\OC\Memcache\APC'; +\$CONFIG['memcache.local'] = '\OC\Memcache\APCu'; \$CONFIG['overwrite.cli.url'] = '/cloud'; \$CONFIG['mail_from_address'] = 'administrator'; # just the local part, matches our master administrator address @@ -289,20 +346,20 @@ chown www-data.www-data $STORAGE_ROOT/owncloud/config.php # The firstrunwizard gave Josh all sorts of problems, so disabling that. # user_external is what allows Nextcloud to use IMAP for login. The contacts # and calendar apps are the extensions we really care about here. -hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable firstrunwizard -hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable user_external -hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable contacts -hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable calendar +hide_output sudo -u www-data php7.0 /usr/local/lib/owncloud/console.php app:disable firstrunwizard +hide_output sudo -u www-data php7.0 /usr/local/lib/owncloud/console.php app:enable user_external +hide_output sudo -u www-data php7.0 /usr/local/lib/owncloud/console.php app:enable contacts +hide_output sudo -u www-data php7.0 /usr/local/lib/owncloud/console.php app:enable calendar # When upgrading, run the upgrade script again now that apps are enabled. It seems like # the first upgrade at the top won't work because apps may be disabled during upgrade? # Check for success (0=ok, 3=no upgrade needed). -sudo -u www-data php /usr/local/lib/owncloud/occ upgrade +sudo -u www-data php7.0 /usr/local/lib/owncloud/occ upgrade if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi # Set PHP FPM values to support large file uploads # (semicolon is the comment character in this file, hashes produce deprecation warnings) -tools/editconf.py /etc/php5/fpm/php.ini -c ';' \ +tools/editconf.py /etc/php/7.0/fpm/php.ini -c ';' \ upload_max_filesize=16G \ post_max_size=16G \ output_buffering=16384 \ @@ -311,8 +368,8 @@ tools/editconf.py /etc/php5/fpm/php.ini -c ';' \ short_open_tag=On # If apc is explicitly disabled we need to enable it -if grep -q apc.enabled=0 /etc/php5/mods-available/apcu.ini; then - tools/editconf.py /etc/php5/mods-available/apcu.ini -c ';' \ +if grep -q apc.enabled=0 /etc/php/7.0/mods-available/apcu.ini; then + tools/editconf.py /etc/php/7.0/mods-available/apcu.ini -c ';' \ apc.enabled=1 fi @@ -320,7 +377,7 @@ fi cat > /etc/cron.hourly/mailinabox-owncloud << EOF; #!/bin/bash # Mail-in-a-Box -sudo -u www-data php -f /usr/local/lib/owncloud/cron.php +sudo -u www-data php7.0 -f /usr/local/lib/owncloud/cron.php EOF chmod +x /etc/cron.hourly/mailinabox-owncloud @@ -334,5 +391,5 @@ chmod +x /etc/cron.hourly/mailinabox-owncloud # ``` # Enable PHP modules and restart PHP. -php5enmod imap -restart_service php5-fpm +#php5enmod imap +restart_service php7.0-fpm diff --git a/tools/owncloud-restore.sh b/tools/owncloud-restore.sh index 4d647b10..1b006ca1 100755 --- a/tools/owncloud-restore.sh +++ b/tools/owncloud-restore.sh @@ -27,6 +27,7 @@ fi echo "Restoring backup from $1" service php5-fpm stop +service php7.0-fpm stop # remove the current ownCloud/Nextcloud installation rm -rf /usr/local/lib/owncloud/ @@ -46,4 +47,5 @@ chown www-data.www-data $STORAGE_ROOT/owncloud/config.php sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off service php5-fpm start +service php7.0-fpm start echo "Done" From ac3733a2758ea3a2d82a29050640179d3d7f007a Mon Sep 17 00:00:00 2001 From: yodax Date: Tue, 4 Apr 2017 15:34:32 +0200 Subject: [PATCH 02/12] Also restart php5-fpm for zpush and remove commented out code --- setup/owncloud.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index f67bf88b..75523441 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -391,5 +391,5 @@ chmod +x /etc/cron.hourly/mailinabox-owncloud # ``` # Enable PHP modules and restart PHP. -#php5enmod imap +restart_service php5-fpm restart_service php7.0-fpm From 8186a62166e8a40fe91d7bacae0ea6583adae793 Mon Sep 17 00:00:00 2001 From: yodax Date: Wed, 3 May 2017 11:21:09 +0200 Subject: [PATCH 03/12] Add unattended upgrades for php7 --- setup/functions.sh | 9 +++++++++ setup/owncloud.sh | 1 + 2 files changed, 10 insertions(+) diff --git a/setup/functions.sh b/setup/functions.sh index 947aa5ab..00cc4d90 100644 --- a/setup/functions.sh +++ b/setup/functions.sh @@ -48,6 +48,15 @@ function apt_install { apt_get_quiet install $PACKAGES } +function apt_add_repository_to_unattended_upgrades { + if [ -f /etc/apt/apt.conf.d/50unattended-upgrades ]; then + if ! grep -q "$1" /etc/apt/apt.conf.d/50unattended-upgrades; then + sed -i "/Allowed-Origins/a \ + \"$1\";" /etc/apt/apt.conf.d/50unattended-upgrades + fi + fi +} + function get_default_hostname { # Guess the machine's hostname. It should be a fully qualified # domain name suitable for DNS. None of these calls may provide diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 75523441..7fa92418 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -18,6 +18,7 @@ apt-get purge -qq -y owncloud* # Install php-7 from the ppa of the ubuntu php maintainer Ondřej Surý located here https://launchpad.net/%7Eondrej/+archive/ubuntu/php hide_output add-apt-repository -y ppa:ondrej/php +apt_add_repository_to_unattended_upgrades LP-PPA-ondrej-php:trusty hide_output apt-get update apt_install php7.0 php7.0-fpm \ php7.0-cli php7.0-sqlite php7.0-gd php7.0-imap php7.0-curl php-pear php-apc curl \ From 45b9e00997986966d9976a41059f93cef3183df2 Mon Sep 17 00:00:00 2001 From: yodax Date: Wed, 3 May 2017 14:43:21 +0200 Subject: [PATCH 04/12] Update nextcloud to 11.0.3 --- setup/owncloud.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 7fa92418..cbd66b23 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -157,8 +157,8 @@ InstallOwncloud() { fi } -owncloud_ver=11.0.2 -owncloud_hash=a95ad7aefaaba3f95d2e0e77374f56e92c27d2ff +owncloud_ver=11.0.3 +owncloud_hash=a396aaa1c9f920099a90a86b4a9cd0ec13083c99 # Check if Nextcloud dir exist, and check if version matches owncloud_ver (if either doesn't - install/upgrade) if [ ! -d /usr/local/lib/owncloud/ ] \ From 857a98092efa8e66a4825e1e05af82fe756a5859 Mon Sep 17 00:00:00 2001 From: yodax Date: Tue, 9 May 2017 12:49:19 +0200 Subject: [PATCH 05/12] Set the path in the environment to make NextCloud checks happy --- setup/owncloud.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index d5fdee78..45cd6ac3 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -371,6 +371,10 @@ tools/editconf.py /etc/php/7.0/fpm/php.ini -c ';' \ max_execution_time=600 \ short_open_tag=On +# Configure the path environment for php-fpm +tools/editconf.py /etc/php/7.0/fpm/pool.d/www.conf -c ';' \ + env[PATH]=/usr/local/bin:/usr/bin:/bin + # If apc is explicitly disabled we need to enable it if grep -q apc.enabled=0 /etc/php/7.0/mods-available/apcu.ini; then tools/editconf.py /etc/php/7.0/mods-available/apcu.ini -c ';' \ From f9918508d0a5a720abc4b411251583c9c5efd407 Mon Sep 17 00:00:00 2001 From: yodax Date: Wed, 24 May 2017 10:52:32 +0200 Subject: [PATCH 06/12] Upgrade to Nextcloud 12 --- setup/owncloud.sh | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 45cd6ac3..bfaf2552 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -64,7 +64,7 @@ InstallNextCloud() { tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/ rm /tmp/contacts.tgz - wget_verify https://github.com/nextcloud/calendar/releases/download/v1.5.2/calendar.tar.gz 7b8a94e01fe740c5c23017ed5bc211983c780fce /tmp/calendar.tgz + wget_verify https://github.com/nextcloud/calendar/releases/download/v1.5.3/calendar.tar.gz b370352d1f280805cc7128f78af4615f623827f8 /tmp/calendar.tgz tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/ rm /tmp/calendar.tgz @@ -157,8 +157,8 @@ InstallOwncloud() { fi } -owncloud_ver=11.0.3 -owncloud_hash=a396aaa1c9f920099a90a86b4a9cd0ec13083c99 +owncloud_ver=12.0.0 +owncloud_hash=5d64307d9ce513a8905514b2fbe212f563fe76df # Check if Nextcloud dir exist, and check if version matches owncloud_ver (if either doesn't - install/upgrade) if [ ! -d /usr/local/lib/owncloud/ ] \ @@ -233,10 +233,15 @@ EOF # If we are upgrading from 9.1.x we should go to NextCloud 10.0 first. if grep -q "9\.1\.[0-9]" /usr/local/lib/owncloud/version.php; then - echo "We are running ownCloud 9.0.x, upgrading to NextCloud 10.0.4 first" - InstallNextCloud 10.0.4 346590278a5cc7b0a3c8d1a68eafec68ac59c475 + echo "We are running ownCloud 9.0.x, upgrading to NextCloud 10.0.5 first" + InstallNextCloud 10.0.5 686f6a8e9d7867c32e3bf3ca63b3cc2020564bf6 fi + # If we are upgrading from 10.0.x we should go to NextCloud 11.0 first. + if grep -q "10\.0\.[0-9]" /usr/local/lib/owncloud/version.php; then + echo "We are running ownCloud 10.0.x, upgrading to NextCloud 11.0.3 first" + InstallNextCloud 11.0.3 a396aaa1c9f920099a90a86b4a9cd0ec13083c99 + fi fi InstallNextCloud $owncloud_ver $owncloud_hash From 286e8ff4d87066e72aa5bdf10f28b51759df7e31 Mon Sep 17 00:00:00 2001 From: yodax Date: Wed, 24 May 2017 19:28:20 +0200 Subject: [PATCH 07/12] Small typo, upgrade is from Nextcloud 10 to 11. Not ownCloud --- setup/owncloud.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index bfaf2552..ddfcb0b4 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -42,7 +42,7 @@ InstallNextCloud() { hash=$2 echo - echo "Upgrading to NextCloud version $version" + echo "Upgrading to Nextcloud version $version" echo # Remove the current owncloud/Nextcloud @@ -233,13 +233,13 @@ EOF # If we are upgrading from 9.1.x we should go to NextCloud 10.0 first. if grep -q "9\.1\.[0-9]" /usr/local/lib/owncloud/version.php; then - echo "We are running ownCloud 9.0.x, upgrading to NextCloud 10.0.5 first" + echo "We are running ownCloud 9.0.x, upgrading to Nextcloud 10.0.5 first" InstallNextCloud 10.0.5 686f6a8e9d7867c32e3bf3ca63b3cc2020564bf6 fi # If we are upgrading from 10.0.x we should go to NextCloud 11.0 first. if grep -q "10\.0\.[0-9]" /usr/local/lib/owncloud/version.php; then - echo "We are running ownCloud 10.0.x, upgrading to NextCloud 11.0.3 first" + echo "We are running Nextcloud 10.0.x, upgrading to Nextcloud 11.0.3 first" InstallNextCloud 11.0.3 a396aaa1c9f920099a90a86b4a9cd0ec13083c99 fi fi From 4a97fc753691b0f6fb04001da4423ef6474ff78f Mon Sep 17 00:00:00 2001 From: yodax Date: Wed, 24 May 2017 19:38:20 +0200 Subject: [PATCH 08/12] Set Nextcloud recommended opcache settings --- setup/owncloud.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index ddfcb0b4..c4cf8985 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -376,6 +376,16 @@ tools/editconf.py /etc/php/7.0/fpm/php.ini -c ';' \ max_execution_time=600 \ short_open_tag=On +# Set Nextcloud recommended opcache settings +tools/editconf.py /etc/php/7.0/cli/conf.d/10-opcache.ini -c ';' \ + opcache.enable=1 \ + opcache.enable_cli=1 \ + opcache.interned_strings_buffer=8 \ + opcache.max_accelerated_files=10000 \ + opcache.memory_consumption=128 \ + opcache.save_comments=1 \ + opcache.revalidate_freq=1 + # Configure the path environment for php-fpm tools/editconf.py /etc/php/7.0/fpm/pool.d/www.conf -c ';' \ env[PATH]=/usr/local/bin:/usr/bin:/bin From 90fced1ee257a085920e6b10c57ae932fd2f50b1 Mon Sep 17 00:00:00 2001 From: yodax Date: Sun, 9 Jul 2017 21:35:11 +0200 Subject: [PATCH 09/12] Make PHP7 the default for Roundcube, Z-Push and Nextcloud. Update Roundcube to 1.3. Update Z-Push to 2.3.7. Make Roundcube connect to the primary hostname to pass certificate validation. Move the PPA setup next to the MIAB PPA --- conf/nginx-primaryonly.conf | 2 +- conf/nginx-top.conf | 2 +- setup/owncloud.sh | 38 +++++++++++++++++-------------------- setup/system.sh | 10 ++++++++++ setup/web.sh | 14 +++++++++----- setup/webmail.sh | 20 ++++++++++--------- setup/zpush.sh | 10 +++++----- 7 files changed, 54 insertions(+), 42 deletions(-) diff --git a/conf/nginx-primaryonly.conf b/conf/nginx-primaryonly.conf index 9ba27000..6a7f7d88 100644 --- a/conf/nginx-primaryonly.conf +++ b/conf/nginx-primaryonly.conf @@ -43,7 +43,7 @@ fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel; fastcgi_read_timeout 630; - fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_pass php-fpm; client_max_body_size 1G; fastcgi_buffers 64 4K; } diff --git a/conf/nginx-top.conf b/conf/nginx-top.conf index 6be9b414..a5822a82 100644 --- a/conf/nginx-top.conf +++ b/conf/nginx-top.conf @@ -7,6 +7,6 @@ ## your own --- please do not ask for help from us. upstream php-fpm { - server unix:/var/run/php5-fpm.sock; + server unix:/var/run/php/php7.0-fpm.sock; } diff --git a/setup/owncloud.sh b/setup/owncloud.sh index c4cf8985..df095df8 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -9,6 +9,7 @@ source /etc/mailinabox.conf # load global vars echo "Installing Nextcloud (contacts/calendar)..." +# Keep the php5 dependancies for the owncloud upgrades apt_install \ dbconfig-common \ php5-cli php5-sqlite php5-gd php5-imap php5-curl php-pear php-apc curl libapr1 libtool libcurl4-openssl-dev php-xml-parser \ @@ -16,10 +17,6 @@ apt_install \ apt-get purge -qq -y owncloud* -# Install php-7 from the ppa of the ubuntu php maintainer Ondřej Surý located here https://launchpad.net/%7Eondrej/+archive/ubuntu/php -hide_output add-apt-repository -y ppa:ondrej/php -apt_add_repository_to_unattended_upgrades LP-PPA-ondrej-php:trusty -hide_output apt-get update apt_install php7.0 php7.0-fpm \ php7.0-cli php7.0-sqlite php7.0-gd php7.0-imap php7.0-curl php-pear php-apc curl \ php7.0-dev php7.0-gd memcached php7.0-memcached php7.0-xml php7.0-mbstring php7.0-zip php7.0-apcu @@ -85,12 +82,12 @@ InstallNextCloud() { if [ -e $STORAGE_ROOT/owncloud/owncloud.db ]; then # ownCloud 8.1.1 broke upgrades. It may fail on the first attempt, but # that can be OK. - sudo -u www-data php7.0 /usr/local/lib/owncloud/occ upgrade + sudo -u www-data php /usr/local/lib/owncloud/occ upgrade if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..." - sudo -u www-data php7.0 /usr/local/lib/owncloud/occ upgrade + sudo -u www-data php /usr/local/lib/owncloud/occ upgrade if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi - sudo -u www-data php7.0 /usr/local/lib/owncloud/occ maintenance:mode --off + sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off echo "...which seemed to work." fi fi @@ -146,12 +143,12 @@ InstallOwncloud() { if [ -e $STORAGE_ROOT/owncloud/owncloud.db ]; then # ownCloud 8.1.1 broke upgrades. It may fail on the first attempt, but # that can be OK. - sudo -u www-data php /usr/local/lib/owncloud/occ upgrade + sudo -u www-data php5 /usr/local/lib/owncloud/occ upgrade if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..." - sudo -u www-data php /usr/local/lib/owncloud/occ upgrade + sudo -u www-data php5 /usr/local/lib/owncloud/occ upgrade if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi - sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off + sudo -u www-data php5 /usr/local/lib/owncloud/occ maintenance:mode --off echo "...which seemed to work." fi fi @@ -216,13 +213,13 @@ EOF # The owncloud 9 migration doesn't migrate calendars and contacts # The option to migrate these are removed in 9.1 # So the migrations should be done when we have 9.0 installed - sudo -u www-data php /usr/local/lib/owncloud/occ dav:migrate-addressbooks + sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:migrate-addressbooks # The following migration has to be done for each owncloud user for directory in $STORAGE_ROOT/owncloud/*@*/ ; do username=$(basename "${directory}") - sudo -u www-data php /usr/local/lib/owncloud/occ dav:migrate-calendar $username + sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:migrate-calendar $username done - sudo -u www-data php /usr/local/lib/owncloud/occ dav:sync-birthday-calendar + sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:sync-birthday-calendar fi # If we are upgrading from 9.0.x we should go to 9.1 first. @@ -313,7 +310,7 @@ EOF # Execute Nextcloud's setup step, which creates the Nextcloud sqlite database. # It also wipes it if it exists. And it updates config.php with database # settings and deletes the autoconfig.php file. - (cd /usr/local/lib/owncloud; sudo -u www-data php7.0 /usr/local/lib/owncloud/index.php;) + (cd /usr/local/lib/owncloud; sudo -u www-data php /usr/local/lib/owncloud/index.php;) fi # Update config.php. @@ -355,15 +352,15 @@ chown www-data.www-data $STORAGE_ROOT/owncloud/config.php # The firstrunwizard gave Josh all sorts of problems, so disabling that. # user_external is what allows Nextcloud to use IMAP for login. The contacts # and calendar apps are the extensions we really care about here. -hide_output sudo -u www-data php7.0 /usr/local/lib/owncloud/console.php app:disable firstrunwizard -hide_output sudo -u www-data php7.0 /usr/local/lib/owncloud/console.php app:enable user_external -hide_output sudo -u www-data php7.0 /usr/local/lib/owncloud/console.php app:enable contacts -hide_output sudo -u www-data php7.0 /usr/local/lib/owncloud/console.php app:enable calendar +hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable firstrunwizard +hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable user_external +hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable contacts +hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:enable calendar # When upgrading, run the upgrade script again now that apps are enabled. It seems like # the first upgrade at the top won't work because apps may be disabled during upgrade? # Check for success (0=ok, 3=no upgrade needed). -sudo -u www-data php7.0 /usr/local/lib/owncloud/occ upgrade +sudo -u www-data php /usr/local/lib/owncloud/occ upgrade if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi # Set PHP FPM values to support large file uploads @@ -400,7 +397,7 @@ fi cat > /etc/cron.hourly/mailinabox-owncloud << EOF; #!/bin/bash # Mail-in-a-Box -sudo -u www-data php7.0 -f /usr/local/lib/owncloud/cron.php +sudo -u www-data php -f /usr/local/lib/owncloud/cron.php EOF chmod +x /etc/cron.hourly/mailinabox-owncloud @@ -414,5 +411,4 @@ chmod +x /etc/cron.hourly/mailinabox-owncloud # ``` # Enable PHP modules and restart PHP. -restart_service php5-fpm restart_service php7.0-fpm diff --git a/setup/system.sh b/setup/system.sh index c0af3215..0b51ae26 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -88,6 +88,16 @@ fi hide_output add-apt-repository -y ppa:mail-in-a-box/ppa +# ### Add PHP7 PPA + +# Nextcloud requires PHP7, we will install the ppa from ubuntu php maintainer Ondřej Surý +# The PPA is located here https://launchpad.net/%7Eondrej/+archive/ubuntu/php +# Unattended upgrades are activated for the repository + +hide_output add-apt-repository -y ppa:ondrej/php +apt_add_repository_to_unattended_upgrades LP-PPA-ondrej-php:trusty +hide_output apt-get update + # ### Update Packages # Update system packages to make sure we have the latest upstream versions of things from Ubuntu. diff --git a/setup/web.sh b/setup/web.sh index 6a412b98..0d94fcfd 100755 --- a/setup/web.sh +++ b/setup/web.sh @@ -18,7 +18,11 @@ fi # Turn off nginx's default website. echo "Installing Nginx (web server)..." -apt_install nginx php5-fpm + +apt_install nginx php7.0-cli php7.0-fpm + +# Set PHP7 as the default +update-alternatives --set php /usr/bin/php7.0 rm -f /etc/nginx/sites-enabled/default @@ -40,15 +44,15 @@ tools/editconf.py /etc/nginx/nginx.conf -s \ server_names_hash_bucket_size="128;" # Tell PHP not to expose its version number in the X-Powered-By header. -tools/editconf.py /etc/php5/fpm/php.ini -c ';' \ +tools/editconf.py /etc/php/7.0/fpm/php.ini -c ';' \ expose_php=Off # Set PHPs default charset to UTF-8, since we use it. See #367. -tools/editconf.py /etc/php5/fpm/php.ini -c ';' \ +tools/editconf.py /etc/php/7.0/fpm/php.ini -c ';' \ default_charset="UTF-8" # Bump up PHP's max_children to support more concurrent connections -tools/editconf.py /etc/php5/fpm/pool.d/www.conf -c ';' \ +tools/editconf.py /etc/php/7.0/fpm/pool.d/www.conf -c ';' \ pm.max_children=8 # Other nginx settings will be configured by the management service @@ -103,7 +107,7 @@ done #NODOC # Start services. restart_service nginx -restart_service php5-fpm +restart_service php7.0-fpm # Open ports. ufw_allow http diff --git a/setup/webmail.sh b/setup/webmail.sh index 34eba5f1..ed4cd80d 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -22,8 +22,10 @@ source /etc/mailinabox.conf # load global vars echo "Installing Roundcube (webmail)..." apt_install \ dbconfig-common \ - php5 php5-sqlite php5-mcrypt php5-intl php5-json php5-common php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg php5-gd php5-pspell \ - tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 + php7.0-cli php7.0-sqlite php7.0-mcrypt php7.0-intl php7.0-json php7.0-common \ + php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg \ + php7.0-gd php7.0-pspell tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 + apt_get_quiet remove php-mail-mimedecode # no longer needed since Roundcube 1.1.3 # We used to install Roundcube from Ubuntu, without triggering the dependencies #NODOC @@ -34,8 +36,8 @@ apt-get purge -qq -y roundcube* #NODOC # Install Roundcube from source if it is not already present or if it is out of date. # Combine the Roundcube version number with the commit hash of vacation_sieve to track # whether we have the latest version. -VERSION=1.2.4 -HASH=e2091ea775b80eda43ab225130d5a2e888c3789a +VERSION=1.3.0 +HASH=634c89b9c51c44fb757bb19c77ad5083cf7aa030 VACATION_SIEVE_VERSION=91ea6f52216390073d1f5b70b5f6bea0bfaee7e5 PERSISTENT_LOGIN_VERSION=c4516c4be37d12ef653de86497304e073a863c2a HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5 @@ -60,7 +62,7 @@ fi if [ $needs_update == 1 ]; then # install roundcube wget_verify \ - https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION.tar.gz \ + https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz \ $HASH \ /tmp/roundcube.tgz tar -C /usr/local/lib --no-same-owner -zxf /tmp/roundcube.tgz @@ -110,10 +112,10 @@ cat > $RCM_CONFIG < Date: Mon, 10 Jul 2017 22:05:33 +0200 Subject: [PATCH 10/12] Add php7 PPA and set unattended upgrades after unattended-upgrades package is installed --- setup/system.sh | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/setup/system.sh b/setup/system.sh index 0b51ae26..791f2776 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -88,16 +88,6 @@ fi hide_output add-apt-repository -y ppa:mail-in-a-box/ppa -# ### Add PHP7 PPA - -# Nextcloud requires PHP7, we will install the ppa from ubuntu php maintainer Ondřej Surý -# The PPA is located here https://launchpad.net/%7Eondrej/+archive/ubuntu/php -# Unattended upgrades are activated for the repository - -hide_output add-apt-repository -y ppa:ondrej/php -apt_add_repository_to_unattended_upgrades LP-PPA-ondrej-php:trusty -hide_output apt-get update - # ### Update Packages # Update system packages to make sure we have the latest upstream versions of things from Ubuntu. @@ -129,6 +119,17 @@ apt_install python3 python3-dev python3-pip \ haveged pollinate unzip \ unattended-upgrades cron ntp fail2ban +# ### Add PHP7 PPA + +# Nextcloud requires PHP7, we will install the ppa from ubuntu php maintainer Ondřej Surý +# The PPA is located here https://launchpad.net/%7Eondrej/+archive/ubuntu/php +# Unattended upgrades are activated for the repository + +hide_output add-apt-repository -y ppa:ondrej/php +apt_add_repository_to_unattended_upgrades LP-PPA-ondrej-php:trusty +hide_output apt-get update + + # ### Suppress Upgrade Prompts # Since Mail-in-a-Box might jump straight to 18.04 LTS, there's no need # to be reminded about 16.04 on every login. From 5e3fbfb1c7d69b8dd32dbb28c99f0ca5b9cdd568 Mon Sep 17 00:00:00 2001 From: yodax Date: Mon, 10 Jul 2017 22:34:00 +0200 Subject: [PATCH 11/12] Update the mail_host for all RoundCube users to the PRIMARY_HOSTNAME --- setup/webmail.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/setup/webmail.sh b/setup/webmail.sh index ed4cd80d..cdfc9a73 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -211,6 +211,9 @@ ${RCM_DIR}/bin/updatedb.sh --dir ${RCM_DIR}/SQL --package roundcube chown www-data:www-data $STORAGE_ROOT/mail/roundcube/roundcube.sqlite chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite +# Make sure all the users are configured to use the correct hostname +sqlite3 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite "update users set mail_host = '$PRIMARY_HOSTNAME'" + # Enable PHP modules. phpenmod -v php7.0 mcrypt imap restart_service php7.0-fpm From 429a3c2cefc512414fbc8deec18e7978544ff1ea Mon Sep 17 00:00:00 2001 From: yodax Date: Mon, 10 Jul 2017 22:56:59 +0200 Subject: [PATCH 12/12] Revert updating mail_host with PRIMARY_HOSTNAME instead don't verify the peer_name when connecting from roundcube --- setup/webmail.sh | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/setup/webmail.sh b/setup/webmail.sh index cdfc9a73..c1eea929 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -112,13 +112,25 @@ cat > $RCM_CONFIG < array( + 'verify_peer' => false, + 'verify_peer_name' => false, + ), + ); \$config['imap_timeout'] = 15; -\$config['smtp_server'] = 'tls://${PRIMARY_HOSTNAME}'; +\$config['smtp_server'] = 'tls://127.0.0.1'; \$config['smtp_port'] = 587; \$config['smtp_user'] = '%u'; \$config['smtp_pass'] = '%p'; +\$config['smtp_conn_options'] = array( + 'ssl' => array( + 'verify_peer' => false, + 'verify_peer_name' => false, + ), + ); \$config['support_url'] = 'https://mailinabox.email/'; \$config['product_name'] = '$PRIMARY_HOSTNAME Webmail'; \$config['des_key'] = '$SECRET_KEY'; @@ -211,9 +223,6 @@ ${RCM_DIR}/bin/updatedb.sh --dir ${RCM_DIR}/SQL --package roundcube chown www-data:www-data $STORAGE_ROOT/mail/roundcube/roundcube.sqlite chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite -# Make sure all the users are configured to use the correct hostname -sqlite3 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite "update users set mail_host = '$PRIMARY_HOSTNAME'" - # Enable PHP modules. phpenmod -v php7.0 mcrypt imap restart_service php7.0-fpm