bug: 20 Character (pwd)

Defines the amount of RAM for elasticsearch (Java option)

src/functions.sh

@@ -5,4 +5,9 @@
 random_password() {
     set +o pipefail
     C_CTYPE=C tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c32
+}
+
+random_password_open3a() {
+    set +o pipefail
+    C_CTYPE=C tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c20
 }

src/open3a/install-service.sh

@@ -8,10 +8,10 @@
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
-
+LXC_IP=$(hostname -I)
 webroot=/var/www/html
 
-MYSQL_PASSWORD="$(random_password)"
+MYSQL_PASSWORD="$(random_password_open3a)"
 
 apt update
 
@@ -70,4 +70,12 @@ chmod +x /etc/cron.daily/open3a-backup
 systemctl enable --now php7.4-fpm
 systemctl restart php7.4-fpm nginx
 
+cat << EOF >/var/www/html/system/DBData/Installation.pfdb.php
+<?php echo "This is a database-file."; /*
+host&%%%&user&%%%&password&%%%&datab&%%%&httpHost
+varchar(40)&%%%&varchar(20)&%%%&varchar(20)&%%%&varchar(30)&%%%&varchar(40)                                                                                         
+localhost                               &%%%&open3a              &%%%&$MYSQL_PASSWORD&%%%&open3a                        &%%%&*                                       %%&&&
+*/ ?>
+EOF
+
 echo -e "Your open3a installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$(echo $LXC_IP | cut -d'/' -f1)\nLogin:\t\tAdmin\nPassword:\tAdmin\n\nMysql-Settings:\nServer:\t\tlocalhost\nUser:\t\topen3a\nPassword:\t$MYSQL_PASSWORD\nDatabase:\topen3a"

src/zammad/constants-service.conf

@@ -18,3 +18,6 @@ LXC_UNPRIVILEGED="1"
 
 # enable nesting feature
 LXC_NESTING="1"
+
+# Defines the amount of RAM in MB your LXC container is allowed to use (default: 1024)
+LXC_MEM="2048"

src/zammad/install-service.sh

@@ -8,14 +8,42 @@
 source /root/functions.sh
 source /root/zamba.conf
 source /root/constants-service.conf
+LXC_IP=$(hostname -I)
 
 apt-key adv --fetch https://dl.packager.io/srv/zammad/zammad/key
 apt-key adv --fetch https://artifacts.elastic.co/GPG-KEY-elasticsearch
+
+cat << EOF >>/etc/hosts
+0.0.0.0 image.zammad.com
+0.0.0.0 images.zammad.com
+0.0.0.0 geo.zammad.com
+0.0.0.0 www.zammad.com
+0.0.0.0 www.zammad.org
+0.0.0.0 www.zammad.net
+0.0.0.0 www.zammad.de
+0.0.0.0 zammad.com
+0.0.0.0 zammad.org
+0.0.0.0 zammad.net
+0.0.0.0 zammad.de
+#
+127.0.0.1 elasticsearch
+0.0.0.0 geoip.elastic.co
+EOF
+
+# Java set startup environment 
+mkdir -p /etc/elasticsearch/jvm.options.d
+cat << EOF >>/etc/elasticsearch/jvm.options.d/msmx-size.options
+# INFO: https://www.elastic.co/guide/en/elasticsearch/reference/master/advanced-configuration.html#set-jvm-heap-size
+# max 50% of total RAM - 2G Ram then set Xms and Xmx 1g
+-Xms1g
+-Xmx1g
+EOF
+
 wget -O /etc/apt/sources.list.d/zammad.list https://dl.packager.io/srv/zammad/zammad/stable/installer/debian/11.repo
 echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list
 apt update
 DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq dist-upgrade
-DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install ssl-cert zammad
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install ssl-cert nginx-full postgresql
 
 # configurwe nginx
 rm -f /etc/nginx/sites-enabled/default
@@ -31,7 +59,7 @@ upstream zammad-websocket {
 
 server {
     listen 80;
-    listen [::]:80;
+#EDIT no IPv6 ;-)   listen [::]:80;
     server_name _;
     
     server_tokens off;
@@ -47,7 +75,7 @@ server {
 }
 server {
     listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+#EDIT no IPv6 ;-)    listen [::]:443 ssl http2;
 
     server_name _;
     
@@ -66,13 +94,21 @@ server {
     ssl_stapling_verify on;
 
     resolver 1.1.1.1 1.0.0.1;
-
-    add_header Strict-Transport-Security "max-age=31536000" always;
-
+#
+#  https://webdock.io/en/docs/how-guides/security-guides/how-to-configure-security-headers-in-nginx-and-apache
+#
+    add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
+    add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";
+    add_header Referrer-Policy "strict-origin";
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
+    
     location = /robots.txt  {
     access_log off; log_not_found off;
     }
-
+    
     location = /favicon.ico {
     access_log off; log_not_found off;
     }
@@ -118,6 +154,28 @@ server {
 }
 EOF
 
+#EDIT ADD
+echo -e "\n\n\n   >>> Warte 5 sek. und installier Zammad ...\n\n\n"
+sleep 5
+DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt -y -qq install zammad
+
+# SymLink nginx Zammad enable
+ln -s /etc/nginx/sites-available/zammad.conf /etc/nginx/sites-enabled/
+
 openssl dhparam -out /etc/nginx/dhparam.pem 4096
 
-systemctl restart nginx
+
+systemctl restart nginx
+systemctl enable elasticsearch.service
+systemctl start elasticsearch.service
+
+# Elasticsearch conntact to Zammad
+/usr/share/elasticsearch/bin/elasticsearch-plugin install -b ingest-attachment
+zammad run rails r "Setting.set('es_url', 'http://localhost:9200')"
+zammad run rails r "Setting.set('es_index', Socket.gethostname.downcase + '_zammad')"
+zammad run rails r "User.find_by(email: 'nicole.braun@zammad.org').destroy"
+
+systemctl restart elasticsearch.service
+zammad run rake searchindex:rebuild
+
+echo -e "Your Zammad installation is now complete. Please continue with setup in your Browser:\nURL:\t\thttp://$(echo $LXC_IP | cut -d'/' -f1)\n"