Update install-service.sh

nearly completely new installation is now generated in functions, witch are added at the end of the script.
2025-04-21 20:59:47 +02:00 · 2025-01-29 18:02:48 +01:00 · 2025-01-29 18:02:48 +01:00 · 6876e6f459
commit 6876e6f459
parent a10e16633a
1 changed files with 464 additions and 347 deletions
--- a/src/nextcloud/install-service.sh
+++ b/src/nextcloud/install-service.sh
@ -5,130 +5,67 @@
 # (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
 # (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
 set -euo pipefail
 source /root/functions.sh
 NEXTCLOUD_ADMIN_PWD=$(random_password)
 source /root/zamba.conf
 source /root/constants-service.conf
 NEXTCLOUD_ADMIN_PWD=$(random_password)
 NEXTCLOUD_REDIS_PWD=$(random_password)
 HOSTNAME=$(hostname -f)
-wget -q -O - https://packages.sury.org/php/apt.gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/sury-php.gpg >/dev/null
+#### Modify Nginx for Nextcloud ####
-echo "deb https://packages.sury.org/php/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/php.list
+mod_nginx() {
 wget -q -O - https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/nginx.gpg >/dev/null
 echo "deb http://nginx.org/packages/debian $(lsb_release -cs) nginx" | tee /etc/apt/sources.list.d/nginx.list
 wget -q -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/postgresql.gpg >/dev/null
 echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends tree locate screen zip ffmpeg ghostscript libfile-fcntllock-perl libfuse2 socat fail2ban ldap-utils cifs-utils redis-server imagemagick libmagickcore-6.q16-6-extra \
 postgresql-15 nginx php$NEXTCLOUD_PHP_VERSION-{fpm,gd,mysql,pgsql,curl,xml,zip,intl,mbstring,bz2,ldap,apcu,bcmath,gmp,imagick,igbinary,redis,dev,smbclient,cli,common,opcache,readline}
 timedatectl set-timezone $LXC_TIMEZONE
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www
 chown -R www-data:www-data /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www
 #### Create database for nextcloud ####
 su - postgres <<EOF
 psql -c "CREATE USER $NEXTCLOUD_DB_USR WITH PASSWORD '$NEXTCLOUD_DB_PWD';"
 psql -c "CREATE DATABASE $NEXTCLOUD_DB_NAME ENCODING UTF8 TEMPLATE template0 OWNER $NEXTCLOUD_DB_USR;"
 echo "Postgres User $NEXTCLOUD_DB_USR and database $NEXTCLOUD_DB_NAME created."
 EOF
 #### Adjust php settings ####
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf.bak
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini.bak
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini.bak
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php-fpm.conf /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php-fpm.conf.bak
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini.bak
 cp /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xml.bak
 sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/pm.max_children =.*/pm.max_children = 120/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/pm.start_servers =.*/pm.start_servers = 12/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/pm.min_spare_servers =.*/pm.min_spare_servers = 6/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/pm.max_spare_servers =.*/pm.max_spare_servers = 18/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;pm.max_requests =.*/pm.max_requests = 1000/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/allow_url_fopen =.*/allow_url_fopen = 1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/max_execution_time =.*/max_execution_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s|;date.timezone.*|date.timezone = $LXC_TIMEZONE|" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/memory_limit = 128M/memory_limit = 1024M/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/max_execution_time =.*/max_execution_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s|;date.timezone.*|date.timezone = $LXC_TIMEZONE|" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=16/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 echo -e '\napc.enable_cli=1' >> /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini
 sed -i "s/rights=\"none\" pattern=\"PS\"/rights=\"read|write\" pattern=\"PS\"/" /etc/ImageMagick-6/policy.xml
 sed -i "s/rights=\"none\" pattern=\"EPS\"/rights=\"read|write\" pattern=\"EPS\"/" /etc/ImageMagick-6/policy.xml
 sed -i "s/rights=\"none\" pattern=\"PDF\"/rights=\"read|write\" pattern=\"PDF\"/" /etc/ImageMagick-6/policy.xml
 sed -i "s/rights=\"none\" pattern=\"XPS\"/rights=\"read|write\" pattern=\"XPS\"/" /etc/ImageMagick-6/policy.xml
 #### Adjust nginx settings ####
 mkdir -p /etc/nginx/ssl
 openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/nextcloud.key -out /etc/ssl/certs/nextcloud.crt -subj "/CN=$NEXTCLOUD_FQDN" -addext "subjectAltName=DNS:$NEXTCLOUD_FQDN"
 generate_dhparam
 mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
 cat > /etc/nginx/nginx.conf <<EOF
 user www-data;
 worker_processes auto;
 pid /var/run/nginx.pid;
 events {
-worker_connections 1024;
+  worker_connections 2048;
-multi_accept on; use epoll;
+  multi_accept on;
  use epoll;
 }
 http {
-server_names_hash_bucket_size 64;
+  log_format criegerde escape=json
-access_log /var/log/nginx/access.log;
+  '{'
-error_log /var/log/nginx/error.log warn;
+    '"time_local":"\$time_local",'
-set_real_ip_from 127.0.0.1;
+    '"remote_addr":"\$remote_addr",'
-#optional, Sie können das eigene Subnetz ergänzen, bspw.:
+    '"remote_user":"\$remote_user",'
-# set_real_ip_from $LXC_IP;
+    '"request":"\$request",'
-real_ip_header X-Forwarded-For;
+    '"status": "\$status",'
-real_ip_recursive on;
+    '"body_bytes_sent":"\$body_bytes_sent",'
-include /etc/nginx/mime.types;
+    '"request_time":"\$request_time",'
-types {
+    '"http_referrer":"\$http_referer",'
-        text/javascript mjs;
+    '"http_user_agent":"\$http_user_agent"'
-    }
+  '}';
-default_type application/octet-stream;
+  server_names_hash_bucket_size 64;
-sendfile on;
+  access_log /var/log/nginx/access.log;
-send_timeout 3600;
+  error_log /var/log/nginx/error.log warn;
-tcp_nopush on;
+  set_real_ip_from 127.0.0.1;
-tcp_nodelay on;
+  # optional, set reverse proxy ip, if used:
-open_file_cache max=500 inactive=10m;
+  # set_real_ip_from $NEXTCLOUD_REVPROX;
-open_file_cache_errors on;
+  real_ip_header X-Forwarded-For;
-keepalive_timeout 65;
+  real_ip_recursive on;
-reset_timedout_connection on;
+  include /etc/nginx/mime.types;
-server_tokens off;
+  default_type application/octet-stream;
-resolver 127.0.0.53 valid=30s;
+  sendfile on;
-resolver_timeout 5s;
+  send_timeout 3600;
-include /etc/nginx/conf.d/*.conf;
+  tcp_nopush on;
  tcp_nodelay on;
  open_file_cache max=500 inactive=10m;
  open_file_cache_errors on;
  keepalive_timeout 65;
  reset_timedout_connection on;
  server_tokens off;
  resolver $NEXTCLOUD_REVPROX valid=30s;
  resolver_timeout 5s;
  include /etc/nginx/conf.d/*.conf;
 }
 EOF
@ -137,170 +74,310 @@ touch /etc/nginx/conf.d/default.conf
 cat > /etc/nginx/conf.d/http.conf << EOF
 upstream php-handler {
-server unix:/run/php/php$NEXTCLOUD_PHP_VERSION-fpm.sock;
+  server unix:/run/php/php$NEXTCLOUD_PHP_VERSION-fpm.sock;
 }
 map \$arg_v \$asset_immutable {
  "" "";
  default "immutable";
 }
 server {
-listen 80 default_server;
+  listen 80 default_server;
-listen [::]:80 default_server;
+  listen [::]:80 default_server;
-server_name $NEXTCLOUD_FQDN;
+  server_name $NEXTCLOUD_FQDN;
-root /var/www;
+  root /var/www;
-location / {
+  location ^~ /.well-known/acme-challenge {
-return 301 https://\$host\$request_uri;
+    default_type text/plain;
-}
+    root /var/www/letsencrypt;
  }
  location / {
    return 301 https://\$host\$request_uri;
  }  
 }
 EOF
 cat > /etc/nginx/conf.d/nextcloud.conf << EOF
 limit_req_zone \$binary_remote_addr zone=NextcloudRateLimit:10m rate=2r/s;
 server {
-listen 443      ssl http2;
+  listen 443 ssl default_server;
-listen [::]:443 ssl http2;
+  listen [::]:443 ssl default_server;
-server_name $NEXTCLOUD_FQDN;
+  http2 on;
-ssl_certificate /etc/ssl/certs/nextcloud.crt;
+  #listen 443 quic reuseport;
-ssl_certificate_key /etc/ssl/private/nextcloud.key;
+  #listen [::]:443 quic reuseport;
-ssl_trusted_certificate /etc/ssl/certs/nextcloud.crt;
+  #http3 on;
-#ssl_certificate /etc/letsencrypt/rsa-certs/fullchain.pem;
+  #http3_hq on;
-#ssl_certificate_key /etc/letsencrypt/rsa-certs/privkey.pem;
+  #quic_retry on;
-#ssl_certificate /etc/letsencrypt/ecc-certs/fullchain.pem;
+  server_name $NEXTCLOUD_FQDN;
-#ssl_certificate_key /etc/letsencrypt/ecc-certs/privkey.pem;
+  ssl_certificate /etc/ssl/certs/nextcloud.crt;
-#ssl_trusted_certificate /etc/letsencrypt/ecc-certs/chain.pem;
+  ssl_certificate_key /etc/ssl/private/nextcloud.key;
-ssl_dhparam /etc/nginx/dhparam.pem;
+  ssl_trusted_certificate /etc/ssl/certs/nextcloud.crt;
-ssl_session_timeout 1d;
+  #ssl_certificate /etc/letsencrypt/rsa-certs/fullchain.pem;
-ssl_session_cache shared:SSL:50m;
+  #ssl_certificate_key /etc/letsencrypt/rsa-certs/privkey.pem;
-ssl_session_tickets off;
+  #ssl_certificate /etc/letsencrypt/ecc-certs/fullchain.pem;
-ssl_protocols TLSv1.3 TLSv1.2;
+  #ssl_certificate_key /etc/letsencrypt/ecc-certs/privkey.pem;
-ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384';
+  #ssl_trusted_certificate /etc/letsencrypt/ecc-certs/chain.pem;
-ssl_ecdh_curve X448:secp521r1:secp384r1;
+  ssl_dhparam /etc/nginx/dhparam.pem;
-ssl_prefer_server_ciphers on;
+  ssl_session_timeout 1d;
-ssl_stapling on;
+  ssl_session_cache shared:SSL:50m;
-ssl_stapling_verify on;
+  ssl_session_tickets off;
-client_max_body_size 5120M;
+  ssl_protocols TLSv1.3 TLSv1.2;
-client_body_timeout 300s;
+  ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384';
-client_body_buffer_size 512k;
+  ssl_prefer_server_ciphers on;
-fastcgi_buffers 64 4K;
+  ssl_stapling on;
-gzip on;
+  ssl_stapling_verify on;
-gzip_vary on;
+  client_max_body_size 10G;
-gzip_comp_level 4;
+  client_body_timeout 3600s;
-gzip_min_length 256;
+  client_body_buffer_size 512k;
-gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+  fastcgi_buffers 64 4K;
-gzip_types application/atom+xml text/javascript application/wasm application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+  gzip on;
-add_header Strict-Transport-Security            "max-age=15768000; includeSubDomains; preload;" always;
+  gzip_vary on;
-add_header Permissions-Policy                   "interest-cohort=()";
+  gzip_comp_level 4;
-add_header Referrer-Policy                      "no-referrer"   always;
+  gzip_min_length 256;
-add_header X-Content-Type-Options               "nosniff"       always;
+  gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-add_header X-Download-Options                   "noopen"        always;
+  gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-add_header X-Frame-Options                      "SAMEORIGIN"    always;
+  add_header Strict-Transport-Security            "max-age=15768000; includeSubDomains; preload;" always;
-add_header X-Permitted-Cross-Domain-Policies    "none"          always;
+  add_header Permissions-Policy                   "interest-cohort=()";
-add_header X-Robots-Tag                         "noindex, nofollow"          always;
+  add_header Referrer-Policy                      "no-referrer"   always;
-add_header X-XSS-Protection                     "1; mode=block" always;
+  add_header X-Content-Type-Options               "nosniff"       always;
-fastcgi_hide_header X-Powered-By;
+  add_header X-Download-Options                   "noopen"        always;
-fastcgi_read_timeout 3600;
+  add_header X-Frame-Options                      "SAMEORIGIN"    always;
-fastcgi_send_timeout 3600;
+  add_header X-Permitted-Cross-Domain-Policies    "none"          always;
-fastcgi_connect_timeout 3600;
+  add_header X-Robots-Tag                         "noindex, nofollow" always;
-root /var/www/nextcloud;
+  add_header X-XSS-Protection                     "1; mode=block" always;
-index index.php index.html /index.php\$request_uri;
+  add_header Alt-Svc                              'h3=":\$server_port"; ma=86400';
-expires 1m;
+  add_header x-quic                               'h3';
-location = / {
+  add_header Alt-Svc                              'h3-29=":\$server_port"';
-if ( \$http_user_agent ~ ^DavClnt ) {
+  fastcgi_hide_header X-Powered-By;
-return 302 /remote.php/webdav/\$is_args\$args;
+  include mime.types;
-}
+  types {
-}
+    text/javascript mjs;
-location = /robots.txt {
+  }
-allow all;
+  root /var/www/nextcloud;
-log_not_found off;
+  index index.php index.html /index.php\$request_uri;
-access_log off;
+  location = / {
-}
+    if ( \$http_user_agent ~ ^DavClnt ) {
-location ^~ /apps/rainloop/app/data {
+      return 302 /remote.php/webdav/\$is_args\$args;
-deny all;
+    }
-}
+  }
-location ^~ /.well-known {
+  location = /robots.txt {
-location = /.well-known/carddav     { return 301 /remote.php/dav/; }
+    allow all;
-location = /.well-known/caldav      { return 301 /remote.php/dav/; }
+    log_not_found off;
-location ^~ /.well-known            { return 301 /index.php/\$uri; }
+    access_log off;
-try_files \$uri \$uri/ =404;
+  }
-}
+  location ^~ /.well-known {
-location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:\$|/)  { return 404; }
+    location = /.well-known/carddav { return 301 /remote.php/dav/; }
-location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
+    location = /.well-known/caldav  { return 301 /remote.php/dav/; }
-location ~ \.php(?:\$|/) {
+    location /.well-known/acme-challenge { try_files \$uri \$uri/ =404; }
-rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+    location /.well-known/pki-validation { try_files \$uri \$uri/ =404; }
-fastcgi_split_path_info ^(.+?\.php)(/.*)\$;
+    return 301 /index.php\$request_uri;
-set \$path_info \$fastcgi_path_info;
+  }
-try_files \$fastcgi_script_name =404;
+  location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
-include fastcgi_params;
+  location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
-fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
+  location ~ \.php(?:$|/) {
-fastcgi_param PATH_INFO \$path_info;
+    rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php\$request_uri;
-fastcgi_param HTTPS on;
+    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-fastcgi_param modHeadersAvailable true;
+    set \$path_info \$fastcgi_path_info;
-fastcgi_param front_controller_active true;
+    try_files \$fastcgi_script_name =404;
-fastcgi_pass php-handler;
+    include fastcgi_params;
-fastcgi_intercept_errors on;
+    fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
-fastcgi_request_buffering off;
+    fastcgi_param PATH_INFO \$path_info;
-}
+    fastcgi_param HTTPS on;
-location ~ \.(?:css|js|mjs|svg|gif|ico|wasm|tflite|map)\$ {
+    fastcgi_param modHeadersAvailable true;
-try_files \$uri /index.php\$request_uri;
+    fastcgi_param front_controller_active true;
-expires 6M;
+    fastcgi_pass php-handler;
-access_log off;
+    fastcgi_intercept_errors on;
    fastcgi_request_buffering off;
    fastcgi_read_timeout 3600;
    fastcgi_send_timeout 3600;
    fastcgi_connect_timeout 3600;
    fastcgi_max_temp_file_size 0;
  }
  location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
    try_files \$uri /index.php\$request_uri;
    add_header Cache-Control                     "public, max-age=15768000, \$asset_immutable";
    add_header Permissions-Policy                "interest-cohort=()";
    add_header Referrer-Policy                   "no-referrer"       always;
    add_header X-Content-Type-Options            "nosniff"           always;
    add_header X-Frame-Options                   "SAMEORIGIN"        always;
    add_header X-Permitted-Cross-Domain-Policies "none"              always;
    add_header X-Robots-Tag                      "noindex, nofollow" always;
    add_header X-XSS-Protection                  "1; mode=block"     always;
    add_header Alt-Svc                           'h3=":\$server_port"; ma=86400';
    add_header x-quic                            'h3';
    add_header Alt-Svc                           'h3-29=":\$server_port"';
    access_log off;
    expires 6M;
    access_log off;
    location ~ \.wasm$ {
      default_type application/wasm;
    }
-}
+  }
-location ~ \.woff2?\$ {
+  location ~ \.(otf|woff2?)$ {
-try_files \$uri /index.php\$request_uri;
+    try_files \$uri /index.php\$request_uri;
-expires 7d;
+    expires 7d;
-access_log off;
+    access_log off;
-}
+  }
-location / {
+  location /remote {
-try_files \$uri \$uri/ /index.php\$request_uri;
+    return 301 /remote.php\$request_uri;
-}
+  }
-location /push/ {
+  location /login {
-proxy_pass http://localhost:7867/;
+    limit_req zone=NextcloudRateLimit burst=5 nodelay;
-proxy_http_version 1.1;
+    limit_req_status 429;
-proxy_set_header Upgrade \$http_upgrade;
+    try_files \$uri \$uri/ /index.php\$request_uri;
-proxy_set_header Connection "Upgrade";
+  }
-proxy_set_header Host \$host;
+  location / {
-proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+    try_files \$uri \$uri/ /index.php\$request_uri;
-}
+  }
  location ^~ /push/ {
    proxy_pass http://127.0.0.1:7867/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade \$http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host \$host;
    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
  }
 }
 EOF
 }
-systemctl restart php$NEXTCLOUD_PHP_VERSION-fpm nginx
+#### Modify php settings for Nextcloud ####
 mod_php() {
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf.bak
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini.bak
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini.bak
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php-fpm.conf /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php-fpm.conf.bak
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini.bak
 cp /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/opcache.ini /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/opcache.ini.bak
 cp /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xml.bak
-#### Adjust redis settings ####
+sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/pm.max_children =.*/pm.max_children = 200/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/pm.start_servers =.*/pm.start_servers = 100/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/pm.min_spare_servers =.*/pm.min_spare_servers = 60/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/pm.max_spare_servers =.*/pm.max_spare_servers = 140/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/;pm.max_requests =.*/pm.max_requests = 1000/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/pool.d/www.conf
 sed -i "s/allow_url_fopen =.*/allow_url_fopen = 1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/max_execution_time =.*/max_execution_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/post_max_size =.*/post_max_size = 10G/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10G/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s|;date.timezone.*|date.timezone = $LXC_TIMEZONE|" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/;cgi.fix_pathinfo.*/cgi.fix_pathinfo=0/" /etc/php/$NEXTCLOUD_PHP_VERSION/cli/php.ini
 sed -i "s/memory_limit = 128M/memory_limit = 1G/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/max_execution_time =.*/max_execution_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/post_max_size =.*/post_max_size = 10G/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10G/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s|;date.timezone.*|date.timezone = $LXC_TIMEZONE|" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.validate_timestamps=.*/opcache.validate_timestamps=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=256/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=64/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=100000/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=0/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s/;opcache.huge_code_pages=.*/opcache.huge_code_pages=0/" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php.ini
 sed -i "s|;emergency_restart_threshold.*|emergency_restart_threshold = 10|g" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php-fpm.conf
 sed -i "s|;emergency_restart_interval.*|emergency_restart_interval = 1m|g" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php-fpm.conf
 sed -i "s|;process_control_timeout.*|process_control_timeout = 10|g" /etc/php/$NEXTCLOUD_PHP_VERSION/fpm/php-fpm.conf
 sed -i '$aapc.enable_cli=1' /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/apcu.ini
 sed -i 's/opcache.jit=off/opcache.jit=on/' /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/opcache.ini
 sed -i '$aopcache.jit=1255' /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/opcache.ini
 sed -i '$aopcache.jit_buffer_size=256M' /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/opcache.ini
 sed -i "s/rights=\"none\" pattern=\"PS\"/rights=\"read|write\" pattern=\"PS\"/" /etc/ImageMagick-6/policy.xml
 sed -i "s/rights=\"none\" pattern=\"EPS\"/rights=\"read|write\" pattern=\"EPS\"/" /etc/ImageMagick-6/policy.xml
 sed -i "s/rights=\"none\" pattern=\"PDF\"/rights=\"read|write\" pattern=\"PDF\"/" /etc/ImageMagick-6/policy.xml
 sed -i "s/rights=\"none\" pattern=\"XPS\"/rights=\"read|write\" pattern=\"XPS\"/" /etc/ImageMagick-6/policy.xml
 sed -i '$apgsql.allow_persistent = On' /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/pgsql.ini
 sed -i '$apgsql.auto_reset_persistent = Off' /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/pgsql.ini
 sed -i '$apgsql.max_persistent = -1' /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/pgsql.ini
 sed -i '$apgsql.max_links = -1' /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/pgsql.ini
 sed -i '$apgsql.ignore_notice = 0' /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/pgsql.ini
 sed -i '$apgsql.log_notice = 0' /etc/php/$NEXTCLOUD_PHP_VERSION/mods-available/pgsql.ini
 }
 #### Modify Postgresql for Nextcloud ####
 mod_postgresql() {
 su - postgres <<EOF
    psql -c "CREATE USER $NEXTCLOUD_DB_USR WITH PASSWORD '$NEXTCLOUD_DB_PWD';"
    psql -c "CREATE DATABASE $NEXTCLOUD_DB_NAME ENCODING UTF8 TEMPLATE template0 OWNER $NEXTCLOUD_DB_USR;"
    echo "Postgres User $NEXTCLOUD_DB_USR and database $NEXTCLOUD_DB_NAME created."
 EOF
    cat > /etc/postgresql/$POSTGRES_VERSION/main/conf.d/nextcloud.conf <<EOF
    max_connections = 200
    shared_buffers = 1GB
    effective_cache_size = 3GB
    maintenance_work_mem = 256MB
    checkpoint_completion_target = 0.9
    wal_buffers = 16MB
    default_statistics_target = 100
    random_page_cost = 1.1
    effective_io_concurrency = 200
    work_mem = 2621kB
    min_wal_size = 1GB
    max_wal_size = 4GB
    max_worker_processes = 4
    max_parallel_workers_per_gather = 2
    max_parallel_workers = 4
    max_parallel_maintenance_workers = 2
 EOF
 }
 #### Install and modify Redis-server ####
 inst_redis() {
    apt update && DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends redis-server
 }
 mod_redis() {
 cp /etc/redis/redis.conf /etc/redis/redis.conf.bak
 sed -i "s/port 6379/port 0/" /etc/redis/redis.conf
 sed -i s/\#\ unixsocket/\unixsocket/g /etc/redis/redis.conf
 sed -i "s/unixsocketperm 700/unixsocketperm 770/" /etc/redis/redis.conf
-sed -i "s/# maxclients 10000/maxclients 512/" /etc/redis/redis.conf
+sed -i "s/# maxclients 10000/maxclients 10240/" /etc/redis/redis.conf
 sed -i "s/# requirepass foobared/requirepass $NEXTCLOUD_REDIS_PWD/" /etc/redis/redis.conf
 usermod -aG redis www-data
 #### Adjust sysctl.conf settings ####
 cp /etc/sysctl.conf /etc/sysctl.conf.bak
-echo "vm.overcommit_memory = 1" >> /etc/sysctl.conf
+sed -i '$avm.overcommit_memory = 1' /etc/sysctl.conf
-systemctl restart redis
+}
-#### HIER MÜSSTE EIN REBOOT REIN ####
+#### Install some more packages
-
+inst_packages() {
-
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends tree ldap-utils cifs-utils locate screen zip ffmpeg ghostscript libfile-fcntllock-perl libfuse2 socat imagemagick libmagickcore-6.q16-6-extra
-#### Install nextcloud ####
+timedatectl set-timezone $LXC_TIMEZONE
 mkdir -p /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www /etc/letsencrypt
 chown -R www-data:www-data /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA /var/www
 }
 #### Install and modify Nextcloud ####
 inst_nextcloud() {
 cd /usr/local/src
 wget https://download.nextcloud.com/server/releases/latest.tar.bz2
 wget https://download.nextcloud.com/server/releases/latest.tar.bz2.md5
-md5sum -c latest.tar.bz2.md5 < latest.tar.bz2
+md5sum -c --ignore-missing latest.tar.bz2.md5 < latest.tar.bz2
-
+tar -xjf latest.tar.bz2 -C /var/www && chown -R www-data:www-data /var/www/ && rm -f latest.tar.bz2*
 tar -xjf latest.tar.bz2 -C /var/www && chown -R www-data:www-data /var/www/ && rm -f latest.tar.bz2
 cat > /root/permissions.sh << EOF
 #!/bin/bash
 find /var/www/ -type f -print0 | xargs -0 chmod 0640
 find /var/www/ -type d -print0 | xargs -0 chmod 0750
 if [ -d "/var/www/nextcloud/apps/notify_push" ]; then
 chmod ug+x /var/www/nextcloud/apps/notify_push/bin/x86_64/notify_push
 fi
 chmod -R 770 /etc/letsencrypt 
 chown -R www-data:www-data /var/www
 chown -R www-data:www-data /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA
 chmod 0644 /var/www/nextcloud/.htaccess
@ -310,39 +387,14 @@ EOF
 chmod +x /root/permissions.sh
 /root/permissions.sh
-
+}
 #### install fail2ban ####
 cat <<EOF >/etc/fail2ban/filter.d/nextcloud.conf
 [Definition]
 _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
 failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
            ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
 datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
 EOF
 cat > /etc/fail2ban/jail.d/nextcloud.local << EOF
 [nextcloud]
 backend = auto
 enabled = true
 port = 80,443
 protocol = tcp
 filter = nextcloud
 maxretry = 5
 bantime = 3600
 findtime = 36000
 logpath = /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA/nextcloud.log 
 EOF
 systemctl restart fail2ban
 #### Create configuration script for nextcloud, which will be executet as user www-data
 mod_nextcloudconfig() {
-cat > /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA/config_nextcloud.sh << DFOE
+systemctl stop nginx
-#!/bin/bash 
+sudo -u www-data /usr/bin/php /var/www/nextcloud/occ maintenance:install --database pgsql \
 php /var/www/nextcloud/occ maintenance:install --database pgsql \
 --database-host $NEXTCLOUD_DB_IP \
 --database-port $NEXTCLOUD_DB_PORT \
 --database-name $NEXTCLOUD_DB_NAME \
@ -352,110 +404,175 @@ php /var/www/nextcloud/occ maintenance:install --database pgsql \
 --admin-pass $NEXTCLOUD_ADMIN_PWD \
 --data-dir /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA
-php /var/www/nextcloud/occ config:system:set trusted_domains 0 --value=$NEXTCLOUD_FQDN
+sudo -u www-data cp /var/www/nextcloud/config/config.php /var/www/nextcloud/config/config.php.bak
 php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value=https://$NEXTCLOUD_FQDN
 cp /var/www/nextcloud/config/config.php /var/www/nextcloud/config/config.php.bak
 sed -i 's/^[ ]*//' /var/www/nextcloud/config/config.php
 sed -i '/);/d' /var/www/nextcloud/config/config.php
 sed -i 's/^[ ]*//' /var/www/nextcloud/config/config.php
 sed -i "s/output_buffering=.*/output_buffering=0/" /var/www/nextcloud/.user.ini
 cat >> /var/www/nextcloud/config/config.php << EOF
-'activity_expire_days' => 14,
+  'activity_expire_days' => 14,
-'auth.bruteforce.protection.enabled' => true,
+  'allow_local_remote_servers' => true,
-'blacklisted_files' => 
+  'auth.bruteforce.protection.enabled' => true,
-array (
+  'forbidden_filenames' =>
-0 => '.htaccess',
+  array (
-1 => 'Thumbs.db',
+    0 => '.htaccess',
-2 => 'thumbs.db',
+    1 => 'Thumbs.db',
-),
+    2 => 'thumbs.db',
-'cron_log' => true,
+    ),
-'default_phone_region' => 'DE',
+  'cron_log' => true,
-'enable_previews' => true,
+  'default_phone_region' => 'DE',
-'enabledPreviewProviders' => 
+  'enable_previews' => true,
-array (
+  'enabledPreviewProviders' =>
-0 => 'OC\Preview\PNG',
+  array (
-1 => 'OC\Preview\JPEG',
+    0 => 'OC\\Preview\\PNG',
-2 => 'OC\Preview\GIF',
+    1 => 'OC\\Preview\\JPEG',
-3 => 'OC\Preview\BMP',
+    2 => 'OC\\Preview\\GIF',
-4 => 'OC\Preview\XBitmap',
+    3 => 'OC\\Preview\\BMP',
-5 => 'OC\Preview\Movie',
+    4 => 'OC\\Preview\\XBitmap',
-6 => 'OC\Preview\PDF',
+    5 => 'OC\\Preview\\Movie',
-7 => 'OC\Preview\MP3',
+    6 => 'OC\\Preview\\PDF',
-8 => 'OC\Preview\TXT',
+    7 => 'OC\\Preview\\MP3',
-9 => 'OC\Preview\MarkDown',
+    8 => 'OC\\Preview\\TXT',
-),
+    9 => 'OC\\Preview\\MarkDown',
-'filesystem_check_changes' => 0,
+    10 => 'OC\\Preview\\HEIC',
-'filelocking.enabled' => 'true',
+    11 => 'OC\\Preview\\Movie',
-'htaccess.RewriteBase' => '/',
+    12 => 'OC\\Preview\\MKV',
-'integrity.check.disabled' => false,
+    13 => 'OC\\Preview\\MP4',
-'knowledgebaseenabled' => false,
+    14 => 'OC\\Preview\\AVI',
-'logfile' => '/var/$NEXTCLOUD_DATA/nextcloud.log',
+    ),
-'loglevel' => 2,
+  'filesystem_check_changes' => 0,
-'logtimezone' => '$LXC_TIMEZONE',
+  'filelocking.enabled' => 'true',
-'log_rotate_size' => 104857600,
+  'htaccess.RewriteBase' => '/',
-'maintenance' => false,
+  'integrity.check.disabled' => false,
-'memcache.local' => '\OC\Memcache\APCu',
+  'knowledgebaseenabled' => false,
-'memcache.locking' => '\OC\Memcache\Redis',
+  'logfile' => '/$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA/nextcloud.log',
-'overwriteprotocol' => 'https',
+  'loglevel' => 2,
-'preview_max_x' => 1024,
+  'logtimezone' => '$LXC_TIMEZONE',
-'preview_max_y' => 768,
+  'log_rotate_size' => 104857600,
-'preview_max_scale_factor' => 1,
+  'memcache.local' => '\OC\Memcache\APCu',
-'redis' => 
+  'memcache.locking' => '\OC\Memcache\Redis',
-array (
+  'overwriteprotocol' => 'https',
-'host' => '/var/run/redis/redis-server.sock',
+  'preview_max_x' => 1024,
-'port' => 0,
+  'preview_max_y' => 768,
-'timeout' => 0.0,
+  'preview_max_scale_factor' => 1,
-),
+  'profile.enabled' => false,
-'quota_include_external_storage' => false,
+  'redis' => 
-'share_folder' => '/Freigaben',
+  array (
-'skeletondirectory' => '',
+    'host' => '/run/redis/redis-server.sock',
-'theme' => '',
+    'port' => 0,
-'trashbin_retention_obligation' => 'auto, 7',
+    'password' => '$NEXTCLOUD_REDIS_PWD',
-'updater.release.channel' => 'stable',
+    'timeout' => 0.0,
-'trusted_proxies' => 
+  ),
-array (
+  'quota_include_external_storage' => false,
-'$NEXTCLOUD_REVPROX',
+  'share_folder' => '/Freigaben',
-'127.0.0.1',
+  'skeletondirectory' => '',
-'::1',
+  'theme' => '',
-),
+  'trashbin_retention_obligation' => 'auto, 7',
  'updater.release.channel' => 'stable',
  'maintenance_window_start' => 1,
  'maintenance' => false,
  'mail_smtpmode' => 'sendmail',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => '$NEXTCLOUD_ADMIN_USR',
  'mail_domain' => '$NEXTCLOUD_FQDN',
  'overwrite.cli.url' => 'https://$NEXTCLOUD_FQDN',
  'overwritehost' => '$NEXTCLOUD_FQDN',
  'trusted_domains' => 
  array (
    0 => '$LXC_IP',
    1 => '$NEXTCLOUD_FQDN',
  ),
 );
 EOF
 sed -i "s/output_buffering=.*/output_buffering=0/" /var/www/nextcloud/.user.ini
 php /var/www/nextcloud/occ app:disable survey_client
 php /var/www/nextcloud/occ app:disable firstrunwizard
 php /var/www/nextcloud/occ app:enable admin_audit
 php /var/www/nextcloud/occ app:enable notify_push
 php /var/www/nextcloud/occ app:enable files_pdfviewer
 php /var/www/nextcloud/occ background:cron
 DFOE
 /root/permissions.sh
-su -s /bin/bash www-data <<EOF
+sudo -u www-data /usr/bin/cp /var/www/nextcloud/config/config.php /var/www/nextcloud/config/config.php.bak
-bash /$LXC_SHAREFS_MOUNTPOINT/$NEXTCLOUD_DATA/config_nextcloud.sh
+sudo -u www-data /usr/bin/php /var/www/nextcloud/occ app:disable survey_client
-EOF
+sudo -u www-data /usr/bin/php /var/www/nextcloud/occ app:disable firstrunwizard
 sudo -u www-data /usr/bin/php /var/www/nextcloud/occ app:enable admin_audit
 #sudo -u www-data /usr/bin/php /var/www/nextcloud/occ app:enable notify_push
 sudo -u www-data /usr/bin/php /var/www/nextcloud/occ background:cron
 sudo -u www-data /usr/bin/php /var/www/nextcloud/occ db:add-missing-indices
 sudo -u www-data nohup /usr/bin/php /var/www/nextcloud/occ maintenance:repair --include-expensive &
 sed -i 's/^[ ]*//' /var/www/nextcloud/config/config.php
 sed -i "s/output_buffering=.*/output_buffering=0/" /var/www/nextcloud/.user.ini
-#### Create file for high performance backend
+echo "*/5 * * * * www-data /usr/bin/php -f /var/www/nextcloud/cron.php > /dev/null 2>&1" > /etc/cron.d/nextcloud
 systemctl restart php$NEXTCLOUD_PHP_VERSION-fpm
 systemctl start nginx
 cat > /etc/systemd/system/notify_push.service << EOF
 [Unit]
 Description = Push daemon for Nextcloud clients
 After=nginx.service php$NEXTCLOUD_PHP_VERSION-fpm.service system-postgresql.slice redis-server.service
 [Service]
 Environment=PORT=7867
 Environment=NEXTCLOUD_URL=https://$NEXTCLOUD_FQDN
 Environment=ALLOW_SELF_SIGNED=true
 ExecStart=/var/www/nextcloud/apps/notify_push/bin/x86_64/notify_push /var/www/nextcloud/config/config.php
 User=www-data
 [Install]
 WantedBy = multi-user.target
 EOF
 systemctl daemon-reload
-systemctl enable --now notify_push
+systemctl enable notify_push
 }
-echo "*/5 * * * * www-data /usr/bin/php -f /var/www/nextcloud/cron.php > /dev/null 2>&1" > /etc/cron.d/nextcloud
+#### Modifying Crowdsec ####
 mod_crowdsec() {
 cscli collections install crowdsecurity/nginx
 cscli collections install crowdsecurity/nextcloud
 cscli collections install crowdsecurity/sshd
 cat >> /etc/crowdsec/acquis.yaml << EOF
 filenames:
 - /var/log/nextcloud/nextcloud.log
 labels:
  type: Nextcloud
 ---
 EOF
 systemctl reload crowdsec
 }
 #### Install the system !####
 echo "=> Installing Nginx ..."
 inst_nginx
 echo "=> Modifying Nginx config for Nextcloud ..."
 mod_nginx
 echo "=> Installing PHP $NEXTCLOUD_PHP_VERSION ..."
 inst_php
 echo "=> Modifying PHP config for Nextcloud ..."
 mod_php
 echo "=> Installing Postgresql $POSTGRES_VERSION ..."
 inst_postgresql
 echo "=> Modifying Postgresql config for Nextcloud ..."
 mod_postgresql
 echo "=> Installing Redis-server ..."
 inst_redis
 echo "=> Modifying Redis-server for Nextcloud ..."
 mod_redis
 echo "=> Installing some more packages ..."
 inst_packages
 echo "=> Installing Nextcloud ..."
 inst_nextcloud
 echo "=> Modifying Nextcloud ..."
 mod_nextcloudconfig
 echo "=> Installing Crowdsec ..."
 inst_crowdsec
 echo "=> Modifying Crowdsec ..."
 mod_crowdsec
 echo -e "\n######################################################################\n\n    Please note this user and password for the nextcloud login:\n        '$NEXTCLOUD_ADMIN_USR' / '$NEXTCLOUD_ADMIN_PWD'\n                Enjoy your Nextcloud intallation.\n\n######################################################################"
 shutdown -r now