open3a: migration to debian bullseye

src/open3a/constants-service.conf

@@ -8,7 +8,7 @@
 # This file contains the project constants on service level
 
 # Debian Version, which will be installed
-LXC_TEMPLATE_VERSION="debian-10-standard"
+LXC_TEMPLATE_VERSION="debian-11-standard"
 
 # Create sharefs mountpoint
 LXC_MP="0"

src/open3a/features.json

@@ -0,0 +1,9 @@
+{
+    "unprivileged": 1,
+    "features": {},
+    "sharefs": {},
+    "mem": 1024,
+    "swap": 1024,
+    "hostname": "open3a",
+    "domain": "zmb.rocks"
+}

src/open3a/info

@@ -0,0 +1 @@
+Open3A Server

src/open3a/install-service.sh

@@ -8,28 +8,45 @@
 source /root/zamba.conf
 source /root/constants-service.conf
 
+webroot=/var/www/html
+
 MYSQL_PASSWORD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)"
 
 apt update
 
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq unzip sudo nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring php-gd
 
+mkdir /etc/nginx/ssl
+openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/open3a.key -out /etc/nginx/ssl/open3a.crt -subj "/CN=$LXC_HOSTNAME.$LXC_DOMAIN" -addext "subjectAltName=DNS:$LXC_HOSTNAME.$LXC_DOMAIN"
+
 cat << EOF > /etc/nginx/sites-available/default
 server {
-        listen 80 default_server;
+    listen 80;
-        listen [::]:80 default_server;
+    listen [::]:80;
+    server_name _;
 
-        root /var/www/html;
+    return 301 https://$LXC_HOSTNAME.$LXC_DOMAIN;
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name $LXC_HOSTNAME.$LXC_DOMAIN;
+
+    root $webroot;
 
     index index.php;
 
-        server_name _;
+    ssl on;
+    ssl_certificate /etc/nginx/ssl/open3a.crt;
+    ssl_certificate_key /etc/nginx/ssl/open3a.key;
 
     location ~ .php$ {
         include snippets/fastcgi-php.conf;
-                fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
     }
 }
+
 EOF
 
 mysql -uroot -e "CREATE USER 'open3a'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD';
@@ -37,19 +54,19 @@ GRANT USAGE ON * . * TO 'open3a'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD' WIT
 CREATE DATABASE IF NOT EXISTS open3a;
 GRANT ALL PRIVILEGES ON open3a . * TO 'open3a'@'localhost';"
 
-cd /var/www/html/
+cd $webroot
-wget https://www.open3a.de/download/open3A%203.4.zip -O open3a.zip
+wget https://www.open3a.de/download/open3A%203.5.zip -O $webroot/open3a.zip
 unzip open3a.zip
 rm open3a.zip
 chmod 666 system/DBData/Installation.pfdb.php
 chmod -R 777 specifics/
-chmod -R 777 system/Backups
+chmod -R 777 system/Backup
-chown -R www-data:www-data /var/www/html
+chown -R www-data:www-data $webroot
 
-echo "sudo -u www-data /usr/bin/php /var/www/html/plugins/Installation/backup.php; for backup in $(ls -r1 /var/www/html/system/Backup/*.gz | /bin/grep -v $(date +%Y%m%d)); do /bin/rm $backup;done" > /etc/cron.daily/open3a-backup
+echo "sudo -u www-data /usr/bin/php $webroot/plugins/Installation/backup.php; for backup in \$(ls -r1 $webroot/system/Backup/*.gz | /bin/grep -v \$(date +%Y%m%d)); do /bin/rm \$backup;done" > /etc/cron.daily/open3a-backup
 chmod +x /etc/cron.daily/open3a-backup
 
-systemctl enable --now php7.3-fpm
+systemctl enable --now php7.4-fpm
-systemctl restart nginx
+systemctl restart php7.4-fpm nginx
 
 echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$LXC_IP\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a"