mirror of
https://github.com/bashclub/zamba-lxc-toolbox.git
synced 2025-11-04 16:12:27 +01:00
Add bookstack conteiner
This commit is contained in:
20
src/bookstack/constants-service.conf
Normal file
20
src/bookstack/constants-service.conf
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Authors:
|
||||||
|
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
||||||
|
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
||||||
|
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
||||||
|
|
||||||
|
# This file contains the project constants on service level
|
||||||
|
|
||||||
|
# Debian Version, which will be installed
|
||||||
|
LXC_TEMPLATE_VERSION="debian-11-standard"
|
||||||
|
|
||||||
|
# Create sharefs mountpoint
|
||||||
|
LXC_MP="0"
|
||||||
|
|
||||||
|
# Create unprivileged container
|
||||||
|
LXC_UNPRIVILEGED="1"
|
||||||
|
|
||||||
|
# enable nesting feature
|
||||||
|
LXC_NESTING="1"
|
||||||
147
src/bookstack/install-service.sh
Normal file
147
src/bookstack/install-service.sh
Normal file
@@ -0,0 +1,147 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
# Authors:
|
||||||
|
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
||||||
|
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
||||||
|
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
||||||
|
|
||||||
|
source /root/functions.sh
|
||||||
|
source /root/zamba.conf
|
||||||
|
source /root/constants-service.conf
|
||||||
|
|
||||||
|
BOOKSTACK_DB_PWD=$(random_password)
|
||||||
|
webroot=/var/www/bookstack/public
|
||||||
|
|
||||||
|
apt update
|
||||||
|
|
||||||
|
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq zip unzip sudo nginx-full mariadb-server mariadb-client php php-cli php-fpm php-mysql php-xml php-mbstring php-gd php-tokenizer php-xml php-dompdf php-curl php-ldap php-tidy php-zip
|
||||||
|
|
||||||
|
mkdir /etc/nginx/ssl
|
||||||
|
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/open3a.key -out /etc/nginx/ssl/open3a.crt -subj "/CN=$LXC_HOSTNAME.$LXC_DOMAIN" -addext "subjectAltName=DNS:$LXC_HOSTNAME.$LXC_DOMAIN"
|
||||||
|
|
||||||
|
PHP_VERSION=$(php -v | head -1 | cut -d ' ' -f2)
|
||||||
|
|
||||||
|
cat << EOF > /etc/nginx/sites-available/default
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
return 301 https://$LXC_HOSTNAME.$LXC_DOMAIN;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
|
||||||
|
client_max_body_size 100M;
|
||||||
|
fastcgi_buffers 64 4K;
|
||||||
|
|
||||||
|
listen 443 http2 ssl default_server;
|
||||||
|
listen [::]:443 http2 ssl default_server;
|
||||||
|
server_name $LXC_HOSTNAME.$LXC_DOMAIN;
|
||||||
|
|
||||||
|
root $webroot;
|
||||||
|
|
||||||
|
index index.php;
|
||||||
|
|
||||||
|
ssl_certificate /etc/nginx/ssl/open3a.crt;
|
||||||
|
ssl_certificate_key /etc/nginx/ssl/open3a.key;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/bookstack.access.log;
|
||||||
|
error_log /var/log/nginx/bookstack.error.log;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files \$uri \$uri/ /index.php?\$query_string;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_pass unix:/run/php/php${PHP_VERSION:0:3}-fpm.sock;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
|
||||||
|
fastcgi_intercept_errors off;
|
||||||
|
fastcgi_buffer_size 16k;
|
||||||
|
fastcgi_buffers 4 16k;
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /favicon.ico { access_log off; log_not_found off; }
|
||||||
|
location = /robots.txt { access_log off; log_not_found off; }
|
||||||
|
|
||||||
|
location ~ /\.ht {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
fastcgi_hide_header X-Powered-By;
|
||||||
|
fastcgi_read_timeout 3600;
|
||||||
|
fastcgi_send_timeout 3600;
|
||||||
|
fastcgi_connect_timeout 3600;
|
||||||
|
|
||||||
|
add_header Permissions-Policy "interest-cohort=()";
|
||||||
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
|
add_header X-Download-Options "noopen" always;
|
||||||
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||||
|
add_header X-Robots-Tag "none" always;
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_comp_level 4;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||||
|
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
mysql -uroot -e "CREATE USER 'bookstack'@'localhost' IDENTIFIED BY '$BOOKSTACK_DB_PWD';
|
||||||
|
CREATE DATABASE IF NOT EXISTS bookstack;
|
||||||
|
GRANT ALL PRIVILEGES ON bookstack.* TO 'bookstack'@'localhost' IDENTIFIED BY '$BOOKSTACK_DB_PWD';
|
||||||
|
FLUSH PRIVILEGES;"
|
||||||
|
|
||||||
|
EXPECTED_CHECKSUM="$(php -r 'copy("https://composer.github.io/installer.sig", "php://stdout");')"
|
||||||
|
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
|
||||||
|
ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
|
||||||
|
if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ]
|
||||||
|
then
|
||||||
|
>&2 echo 'ERROR: Invalid composer installer checksum'
|
||||||
|
rm composer-setup.php
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
php composer-setup.php --quiet
|
||||||
|
rm composer-setup.php
|
||||||
|
# Move composer to global installation
|
||||||
|
mv composer.phar /usr/local/bin/composer
|
||||||
|
|
||||||
|
cd /var/www
|
||||||
|
git clone https://github.com/BookStackApp/BookStack.git --branch release --single-branch bookstack
|
||||||
|
cd bookstack
|
||||||
|
|
||||||
|
# Install BookStack composer dependencies
|
||||||
|
export COMPOSER_ALLOW_SUPERUSER=1
|
||||||
|
php /usr/local/bin/composer install --no-dev --no-plugins
|
||||||
|
|
||||||
|
|
||||||
|
# Copy and update BookStack environment variables
|
||||||
|
cp .env.example .env
|
||||||
|
sed -i.bak "s@APP_URL=.*\$@APP_URL=https://${LXC_HOSTNAME}.${LXC_DOMAIN}@" .env
|
||||||
|
sed -i.bak 's/DB_DATABASE=.*$/DB_DATABASE=bookstack/' .env
|
||||||
|
sed -i.bak 's/DB_USERNAME=.*$/DB_USERNAME=bookstack/' .env
|
||||||
|
sed -i.bak "s/DB_PASSWORD=.*\$/DB_PASSWORD=$BOOKSTACK_DB_PWD/" .env
|
||||||
|
|
||||||
|
|
||||||
|
# Generate the application key
|
||||||
|
php artisan key:generate --no-interaction --force
|
||||||
|
# Migrate the databases
|
||||||
|
php artisan migrate --no-interaction --force
|
||||||
|
|
||||||
|
chown www-data:www-data -R bootstrap/cache public/uploads storage && chmod -R 755 bootstrap/cache public/uploads storage
|
||||||
|
|
||||||
|
systemctl enable --now php7.4-fpm
|
||||||
|
systemctl restart php7.4-fpm nginx
|
||||||
|
|
||||||
|
echo -e "Your bookstack installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$(echo $LXC_IP | cut -d'/' -f1)\nLogin:\t\tadmin@admin.com\nPassword:\tpassword\n\n"
|
||||||
Reference in New Issue
Block a user