Skip to content

Instantly share code, notes, and snippets.

@abakum
Last active February 20, 2018 07:56
Show Gist options
  • Save abakum/ccef843e616395659e133a4de69acb86 to your computer and use it in GitHub Desktop.
Save abakum/ccef843e616395659e133a4de69acb86 to your computer and use it in GitHub Desktop.
syncloud+omv3+fix of letsencrypt
#!/opt/app/platform/python/bin/python
from syncloud_platform.injector import get_injector
injector = get_injector()
injector.device.sync_all()
user_platform_config = injector.user_platform_config
if 0 and user_platform_config.is_https() and user_platform_config.get_external_access():
injector.tls.generate_real_certificate()
/dev/mmcblk0p2 / ext4 defaults,noatime 0 1
tmpfs /tmp tmpfs defaults 0 0
# >>> [openmediavault]
/dev/disk/by-id/ata-ST1000LM024_HN-M101MBB_S2ZPJ9CF404637-part1 /srv/dev-disk-by-id-ata-ST1000LM024_HN-M101MBB_S2ZPJ9CF404637-part1 ext3 defaults,nofail,user_xattr,noexec,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,acl 0 2
# <<< [openmediavault]
#!/bin/bash
cd ~/letsencrypt
host=xxxxx.syncloud.it
email=yyyyy@gmail.com
./letsencrypt-auto --logs-dir=/opt/data/platform/log --config-dir=/opt/data/platform/certbot --agree-tos --email $email --nginx --nginx-server-root /opt/data/platform/config.runtime/nginx --nginx-ctl /opt/app/platform/nginx/sbin/nginx -d $host -d gogs.$host -d files.$host -d mail.$host -d diaspora.$host -d nextcloud.$host -d owncloud.$host -d sam.$host -d platform.$host
#!/bin/bash
cd ~/letsencrypt
./letsencrypt-auto --logs-dir=/opt/data/platform/log --config-dir=/opt/data/platform/certbot renew
#!/bin/bash
export DATA_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd ../../../data && pwd )
APP_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd )
${APP_DIR}/bin/php-runner -f ${APP_DIR}/nextcloud/cron.php
user root;
worker_processes 4;
pid /opt/data/platform/log/nginx_public.pid;
error_log /opt/data/platform/log/nginx_public_error.log warn;
daemon off;
events {
worker_connections 1024;
}
http {
server_names_hash_bucket_size 64;
access_log /opt/data/platform/log/nginx_public_access.log;
client_body_temp_path /opt/data/platform/nginx/public_client_body_temp;
proxy_temp_path /opt/data/platform/nginx/public_proxy_temp;
fastcgi_temp_path /opt/data/platform/nginx/public_fastcgi_temp;
uwsgi_temp_path /opt/data/platform/nginx/public_uwsgi_temp;
scgi_temp_path /opt/data/platform/nginx/public_scgi_temp;
include /opt/app/platform/nginx/conf/mime.types;
client_max_body_size 10G;
uwsgi_read_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
#less slow sd card io
proxy_buffering off;
# device ui
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
server_name xxxxx.syncloud.it;
#ssl_certificate /opt/data/platform/syncloud.crt;
#ssl_certificate_key /opt/data/platform/syncloud.key;
ssl_certificate /opt/data/platform/certbot/live/xxxxx.syncloud.it/fullchain.pem;
ssl_certificate_key /opt/data/platform/certbot/live/xxxxx.syncloud.it/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
root /opt/app/platform/www/public;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
location /js {
alias /opt/app/platform/www/public/js;
}
location /images {
alias /opt/app/platform/www/public/images;
}
location /css {
alias /opt/app/platform/www/public/css;
}
location / {
index index.html;
include /opt/data/platform/config/uwsgi/uwsgi_params;
uwsgi_pass unix:///opt/data/platform/config/uwsgi/socket/public.wsgi.sock;
}
location /appsimages {
alias /opt/app/images;
}
location /ping {
return 200 "OK";
}
}
# apps proxy
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
server_name ~^(?P<app>.*)\.xxxxx\.syncloud\.it$;
#ssl_certificate /opt/data/platform/syncloud.crt;
#ssl_certificate_key /opt/data/platform/syncloud.key;
ssl_certificate /opt/data/platform/certbot/live/xxxxx.syncloud.it/fullchain.pem;
ssl_certificate_key /opt/data/platform/certbot/live/xxxxx.syncloud.it/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
#certbot auth dir
location /.well-known {
alias /opt/app/platform/www/public/.well-known;
}
location / {
proxy_set_header X-Forwarded-Proto $scheme ;
proxy_set_header X-Forwarded-Host $http_host ;
proxy_pass http://unix:/opt/data/$app/web.socket: ;
proxy_redirect http://unix:/opt/data/$app/web.socket: $scheme://$http_host ;
}
}
}
[Unit]
Description=External disk
Before=local-fs.target
[Mount]
#What=/dev/sda1
What=/srv/dev-disk-by-id-ata-ST1000LM024_HN-M101MBB_S2ZPJ9CF404637-part1
Where=/opt/disk/external
Type=auto
#Options=rw,nosuid,nodev,relatime
Options=bind
[Install]
WantedBy=local-fs.target
@abakum
Copy link
Author

abakum commented Jan 25, 2018

Load syncloud from https://github.com/syncloud/platform/releases
Install omv3 https://github.com/Wolf2000Pi/omv-install-3.x/blob/master/omv-install-3.x.sh
Mount /dev/sda1 in omv3 web
ssh root@you_host_ip
From /etc/fstab copy /srv/dev-disk-by-id-ata-ST1000LM024_HN-M101MBB_S2ZPJ9CF404637-part1
Paste it to What= in /etc/systemd/system/local-fs.target.wants/opt-disk-external.mount
Change from Options=rw,nosuid,nodev,relatime to Options=bind
Change in /opt/app/platform/bin/cron.py from if user_platform_config.is_https() to if 0 and user_platform_config.is_https()

cd ~
git clone https://github.com/letsencrypt/letsencrypt

Change xxxxx in ./le.sh to you_host_name
Change yyyyy in ./le.sh to you_email
./le.sh
Change xxxxx in /opt/data/platform/config.runtime/nginx/nginx.conf to you_host_name
systemctl reload platform.nginx-public.service
Add to monthly cron ~/ler.sh as root

@abakum
Copy link
Author

abakum commented Feb 20, 2018

After mail:

[bananapim1] Cron <nextcloud@bananapim1> /opt/app/nextcloud/bin/nextcloud-cron
DATA_DIR environment variable must be set

I edit /opt/app/nextcloud/bin/nextcloud-cron

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment