Created
August 18, 2016 18:20
-
-
Save WaaromZoMoeilijk/8e6c740218f3ee9b9e47a8ffac1269e8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
HTTPS_CONF="/etc/apache2/sites-available/$EDITORDOMAIN" | |
DOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Nextcloud url, make sure it looks like this: cloud\.yourdomain\.com" 10 60 cloud\.yourdomain\.com 3>&1 1>&2 2>&3) | |
EDITORDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Collabora subdomain eg: office.yourdomain.com" 10 60 3>&1 1>&2 2>&3) | |
# Message | |
whiptail --msgbox "Please before you start make sure port 443 is directly forwarded to this machine or open!" 20 60 2 | |
# Update & upgrade | |
{ | |
i=1 | |
while read -r line; do | |
i=$(( $i + 1 )) | |
echo $i | |
done < <(apt-get update && apt-get upgrade -y && apt-get -f install -y) | |
} | whiptail --title "Progress" --gauge "Please wait while updating repo's" 6 60 0 | |
# Check if docker is installed | |
if [ $(dpkg-query -W -f='${Status}' docker.io 2>/dev/null | grep -c "ok installed") -eq 1 ]; | |
then | |
sleep 0 | |
else | |
{ | |
i=1 | |
while read -r line; do | |
i=$(( $i + 1 )) | |
echo $i | |
done < <(apt-get install docker.io -y) | |
} | whiptail --title "Progress" --gauge "Please wait while installing docker" 6 60 0 | |
fi | |
# Install Collabora docker | |
docker pull collabora/code | |
docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=$DOMAIN" --restart always --cap-add MKNOD collabora/code | |
# Install Apache2 | |
if [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") -eq 1 ]; | |
then | |
sleep 0 | |
else | |
{ | |
i=1 | |
while read -r line; do | |
i=$(( $i + 1 )) | |
echo $i | |
done < <(apt-get install apache2 -y) | |
} | whiptail --title "Progress" --gauge "Please wait while installing Apache2" 6 60 0 | |
fi | |
# Enable Apache2 module's | |
a2enmod proxy | |
a2enmod proxy_wstunnel | |
a2enmod proxy_http | |
a2enmod ssl | |
# Create Vhost for Collabora online in Apache2 | |
if [ -f "$HTTPS_CONF" ]; | |
then | |
echo "Virtual Host exists" | |
else | |
touch "$HTTPS_CONF" | |
cat << HTTPS_CREATE > "$HTTPS_CONF" | |
<VirtualHost *:443> | |
ServerName $EDITORDOMAIN | |
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt! | |
SSLEngine on | |
SSLCertificateFile /path/to/signed_certificate | |
SSLCertificateChainFile /path/to/intermediate_certificate | |
SSLCertificateKeyFile /path/to/private/key | |
SSLProtocol all -SSLv2 -SSLv3 | |
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS | |
SSLHonorCipherOrder on | |
# Encoded slashes need to be allowed | |
AllowEncodedSlashes On | |
# Container uses a unique non-signed certificate | |
SSLProxyEngine On | |
SSLProxyVerify None | |
SSLProxyCheckPeerCN Off | |
SSLProxyCheckPeerName Off | |
# keep the host | |
ProxyPreserveHost On | |
# static html, js, images, etc. served from loolwsd | |
# loleaflet is the client part of LibreOffice Online | |
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0 | |
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet | |
# WOPI discovery URL | |
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0 | |
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery | |
# Main websocket | |
ProxyPass /lool/ws wss://127.0.0.1:9980/lool/ws | |
# Admin Console websocket | |
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws | |
# Download as, Fullscreen presentation and Image upload operations | |
ProxyPass /lool https://127.0.0.1:9980/lool | |
ProxyPassReverse /lool https://127.0.0.1:9980/lool | |
</VirtualHost> | |
HTTPS_CREATE | |
if [ -f "$HTTPS_CONF" ]; | |
then | |
echo "$HTTPS_CONF was successfully created" | |
sleep 2 | |
else | |
echo "Unable to create vhost, exiting..." | |
exit | |
fi | |
fi | |
# Restart Apache2 | |
service apache2 restart | |
# Firewall -- not needed for it to work | |
#if (whiptail --title "Test Yes/No Box" --yes-button "Firewall" --no-button "No Firewall" --yesno "Do you have a firewall enabled?" 10 60) then | |
# echo "You chose yes..." | |
#if (whiptail --title "Test Yes/No Box" --yes-button "UFW" --no-button "IPtables" --yesno "Do you have UFW or IPtables enabled?" 10 60) then | |
# echo "You chose UFW..." | |
# sudo ufw allow 9980 | |
#else | |
# echo "You chose IPtables... Please file a PR to add a rule for IPtables." | |
#fi | |
#else | |
# echo "You chose no, it is highly recommended that you use a firewall! Enable it by typing: sudo ufw enable && sudo ufw allow 9980." | |
#fi | |
# Let's Encrypt | |
##### START FIRST TRY | |
# Stop Apache to aviod port conflicts | |
a2dissite 000-default.conf | |
sudo service apache2 stop | |
# Check if $letsencryptpath exist, and if, then delete. | |
if [ -d "$letsencryptpath" ]; then | |
rm -R "$letsencryptpath" | |
fi | |
# Generate certs | |
cd "$dir_before_letsencrypt" | |
git clone https://github.com/letsencrypt/letsencrypt | |
cd "$letsencryptpath" | |
./letsencrypt-auto certonly --standalone -d "$EDITORDOMAIN" | |
# Use for testing | |
#./letsencrypt-auto --apache --server https://acme-staging.api.letsencrypt.org/directory -d EXAMPLE.COM | |
# Activate Apache again (Disabled during standalone) | |
service apache2 start | |
a2ensite 000-default.conf | |
service apache2 reload | |
# Check if $certfiles exists | |
if [ -d "$certfiles" ]; then | |
# Activate new config | |
sed -i "s|SSLCertificateKeyFile /path/to/private/key|SSLCertificateKeyFile $certfiles/$EDITORDOMAIN/privkey.pem|g" | |
sed -i "s|SSLCertificateFile /path/to/signed_certificate|SSLCertificateFile $certfiles/$EDITORDOMAIN/cert.pem|g" | |
sed -i "s|SSLCertificateChainFile /path/to/intermediate_certificate|SSLCertificateChainFile $certfiles/$EDITORDOMAIN/chain.pem|g" | |
service apache2 restart | |
bash /var/scripts/test-new-config.sh | |
# Message | |
whiptail --msgbox "\ | |
Succesfully installed Collabora online docker, now please head over to your Nextcloud apps and admin panel | |
and enable the Collabora online connector app and change the URL to whatever subdomain you choose to run Collabora on.\ | |
" $WT_HEIGHT $WT_WIDTH $WT_MENU_HEIGHT | |
exit 0 | |
else | |
echo -e "\e[96m" | |
echo -e "It seems like no certs were generated, we do three more tries." | |
echo -e "\e[32m" | |
read -p "Press any key to continue... " -n1 -s | |
echo -e "\e[0m" | |
fi | |
##### START SECOND TRY | |
# Check if $letsencryptpath exist, and if, then delete. | |
if [ -d "$letsencryptpath" ]; then | |
rm -R "$letsencryptpath" | |
fi | |
# Generate certs | |
cd "$dir_before_letsencrypt" | |
git clone https://github.com/letsencrypt/letsencrypt | |
cd "$letsencryptpath" | |
./letsencrypt-auto -d "$EDITORDOMAIN" | |
# Check if $certfiles exists | |
if [ -d "$certfiles" ]; then | |
# Activate new config | |
sed -i "s|SSLCertificateKeyFile /path/to/private/key|SSLCertificateKeyFile $certfiles/$EDITORDOMAIN/privkey.pem|g" | |
sed -i "s|SSLCertificateFile /path/to/signed_certificate|SSLCertificateFile $certfiles/$EDITORDOMAIN/cert.pem|g" | |
sed -i "s|SSLCertificateChainFile /path/to/intermediate_certificate|SSLCertificateChainFile $certfiles/$EDITORDOMAIN/chain.pem|g" | |
service apache2 restart | |
bash /var/scripts/test-new-config.sh | |
# Message | |
whiptail --msgbox "Succesfully installed Collabora online docker, now please head over to your Nextcloud apps and admin paneland enable the Collabora online connector app and change the URL to whatever subdomain you choose to run Collabora on." $WT_HEIGHT $WT_WIDTH $WT_MENU_HEIGHT | |
exit 0 | |
else | |
echo -e "\e[96m" | |
echo -e "It seems like no certs were generated, something went wrong" | |
echo -e "\e[32m" | |
read -p "Press any key to continue... " -n1 -s | |
echo -e "\e[0m" | |
fi | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment