From d9629caab7964ea2e3dd6b47b0ce2aff49b0fa61 Mon Sep 17 00:00:00 2001 From: Jan van de Wijdeven Date: Sun, 11 Apr 2021 23:09:41 +0200 Subject: [PATCH] Fixes for 20.04 version --- setup/geoiptoolssetup.sh | 30 ++++++++++++++++++++++++------ setup/nextcloud.sh | 2 +- setup/start.sh | 2 +- setup/system.sh | 14 +++++++++----- setup/web.sh | 2 +- 5 files changed, 36 insertions(+), 14 deletions(-) diff --git a/setup/geoiptoolssetup.sh b/setup/geoiptoolssetup.sh index 6e01a880..5bc6514a 100644 --- a/setup/geoiptoolssetup.sh +++ b/setup/geoiptoolssetup.sh @@ -2,9 +2,6 @@ source setup/functions.sh echo Installing geoip packages... -# Install some packages -apt_install geoip-database-extra libgeoip1 libnginx-mod-http-geoip - # geo ip filtering of ssh entries, based on https://www.axllent.org/docs/ssh-geoip/#disqus_thread # Install geo ip lookup tool @@ -21,6 +18,7 @@ fi # Install geo ip filter script cp -f setup/geoipfilter.sh /usr/local/bin/ +chmod +x /usr/local/bin/geoipfilter.sh # Install only if not yet exists, to keep user config if [ ! -f /etc/geoiplookup.conf ]; then @@ -60,7 +58,7 @@ hide_output wget -P /usr/share/GeoIP/ https://dl.miyuru.lk/geoip/maxmind/country if [ -f "/usr/share/GeoIP/maxmind.dat.gz" ]; then gunzip -c /usr/share/GeoIP/maxmind.dat.gz > /usr/share/GeoIP/GeoIP.dat else - echo Did not correctly download maxmind geoip database + echo Did not correctly download maxmind geoip country database fi # If new file is not created, move the old file back @@ -72,5 +70,25 @@ if [ ! -f "/usr/share/GeoIP/GeoIP.dat" ]; then fi fi -# Restart nginx -restart_service nginx +# Move old file away if it exists +if [ -f "/usr/share/GeoIP/GeoIPCity.dat" ]; then + mv -f /usr/share/GeoIP/GeoIPCity.dat /usr/share/GeoIP/GeoIPCity.dat.bak +fi + +hide_output wget -P /usr/share/GeoIP/ https://dl.miyuru.lk/geoip/maxmind/city/maxmind.dat.gz + +if [ -f "/usr/share/GeoIP/maxmind.dat.gz" ]; then + gunzip -c /usr/share/GeoIP/maxmind.dat.gz > /usr/share/GeoIP/GeoIPCity.dat +else + echo Did not correctly download maxmind geoip city database +fi + +# If new file is not created, move the old file back +if [ ! -f "/usr/share/GeoIP/GeoIPCity.dat" ]; then + echo GeoIPCity.dat was not created + + if [ -f "/usr/share/GeoIP/GeoIPCity.dat.bak" ]; then + mv /usr/share/GeoIP/GeoIPCity.dat.bak /usr/share/GeoIP/GeoIPCity.dat + fi +fi + diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh index 1617d33c..103cf7df 100755 --- a/setup/nextcloud.sh +++ b/setup/nextcloud.sh @@ -43,7 +43,7 @@ InstallNextcloud() { rm -f /tmp/nextcloud.zip # Empty the skeleton dir to save some space for each new user - rm -f /usr/local/lib/owncloud/core/skeleton/* + rm -rf /usr/local/lib/owncloud/core/skeleton/* # The two apps we actually want are not in Nextcloud core. Download the releases from # their github repositories. diff --git a/setup/start.sh b/setup/start.sh index 6f6cf309..a45be156 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -105,6 +105,7 @@ EOF # Start service configuration. source setup/system.sh +source setup/geoiptoolssetup.sh source setup/ssl.sh source setup/dns.sh source setup/mail-postfix.sh @@ -118,7 +119,6 @@ source setup/nextcloud.sh #source setup/zpush.sh source setup/management.sh source setup/munin.sh -source setup/geoiptoolssetup.sh source setup/additionals.sh # Wait for the management daemon to start... diff --git a/setup/system.sh b/setup/system.sh index 137919e4..80b954b5 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -244,14 +244,13 @@ if [ -z "${DISABLE_FIREWALL:-}" ]; then # too. #NODOC SSH_PORT=$(sshd -T 2>/dev/null | grep "^port " | sed "s/port //") #NODOC if [ ! -z "$SSH_PORT" ]; then - if [ "$SSH_PORT" != "22" ]; then - - echo Opening alternate SSH port $SSH_PORT. #NODOC - ufw_limit $SSH_PORT #NODOC + if [ "$SSH_PORT" != "22" ]; then + echo Opening alternate SSH port $SSH_PORT. #NODOC + ufw_limit $SSH_PORT #NODOC else # Allow incoming connections to SSH. ufw_limit ssh; - fi + fi else # Allow incoming connections to SSH. ufw_limit ssh; @@ -314,6 +313,11 @@ if ! grep -q "listen-on " /etc/bind/named.conf.options; then # Add a listen-on directive if it doesn't exist inside the options block. sed -i "s/^}/\n\tlisten-on { 127.0.0.1; };\n}/" /etc/bind/named.conf.options fi +if ! grep -q "listen-on-v6 " /etc/bind/named.conf.options; then + # Add a listen-on-v6 directive if it doesn't exist inside the options block. + sed -i "s/^}/\n\tlisten-on-v6 { ::1; };\n}/" /etc/bind/named.conf.options +fi + if ! grep -q "max-recursion-queries " /etc/bind/named.conf.options; then # Add a max-recursion-queries directive if it doesn't exist inside the options block. sed -i "s/^}/\n\tmax-recursion-queries 100;\n}/" /etc/bind/named.conf.options diff --git a/setup/web.sh b/setup/web.sh index d3bda6f7..87958c26 100755 --- a/setup/web.sh +++ b/setup/web.sh @@ -19,7 +19,7 @@ fi echo "Installing Nginx (web server)..." -apt_install nginx php-cli php-fpm idn2 +apt_install nginx php-cli php-fpm idn2 libnginx-mod-http-geoip rm -f /etc/nginx/sites-enabled/default