Update all new server scripts

Lib.sh

@@ -2,8 +2,12 @@
 
 ScopePath=""
 SetScope(){
-    [ "$1" = "Root" ] && ScopePath="/"
-    [ "$1" = "Home" ] && ScopePath="${HOME}/"
+	if [ "$1" = "Root" ]
+	then ScopePath="/"
+	elif [ "$1" = "Home" ]
+	then ScopePath="${HOME}/"
+	#else ScopePath="$1/"
+	fi
 }
 
 mkcd(){
@@ -26,7 +30,15 @@ CpSub(){
 	LBase="$1"; shift
 	RBase="$1"; shift
 	for s in $@
-	do CpItems /${LBase}${s}${RBase}
+	do
+		PathBack="${PWD}"
+		cd "${ScopePath}"
+		# Here will happen any wildcard expansion
+		for i in ${LBase}${s}${RBase}
+		do
+			cd "${PathBack}"
+			CpItem "${i}"
+		done
 	done
 }
 

Server/AptPackages.txt

@@ -5,7 +5,7 @@ apt-file curl wget netcat-openbsd git htop micro nano mc
 p7zip-full ccrypt
 
 # Web
-certbot nginx nginx-extras php php-fpm php-curl php-zip php-xml php-json php-mbstring
+certbot nginx nginx-extras php php-fpm php-curl php-zip php-xml php-json php-mbstring php-gmp
 
 # Web database
 mariadb-server php-db php-mysql php-sqlite3

Server/Repo.Update.sh

@@ -2,32 +2,53 @@
 cd "$( dirname "$( realpath "$0" )" )"
 . ../Lib.sh
 
-h=home/pi
+h=home/tux
 
 SetScope Root
 mkcd ./Root
 	CpSufx etc/ diycron
 
 	for f in \
-		diycron ncshell OneShot.AfterBoot bittorrentd \
+		diycron ncshell OneShot.AfterBoot bittorrentd SocatIpProxies \
 		Shiori ShioriFeed \
 		CringeInoltro WinDog \
 		TelegramIndex WebFileManager \
-		SpaccCraft
-	do
-		cpfile "etc/systemd/system/$f.service"
+		SpaccCraft FreshRSS-actualize \
+	; do
+		CpItem "etc/systemd/system/${f}.service"
+		CpItem "etc/systemd/system/${f}.timer"
 	done
 
-	CpItem etc/nginx/nginx.conf
-	CpSufx "etc/nginx/sites-available/*." conf old
-	CpItem etc/tor/torrc
+	for f in \
+		WindowsServer2022 Windows7Earnapp1 \
+	; do CpItem "etc/systemd/system/Vm${f}.service"
+	done
+
+	#CpItem etc/nginx/nginx.conf
+	#CpSufx "etc/nginx/sites-available/*." conf old
+	#CpItem etc/tor/torrc
+
+	CpSufx "Main/Server/Scripts/*." sh
 	CpSufx "Main/Server/Scripts/Backup/*." sh cfg
 	CpSufx "Main/Server/Scripts/Interactive/*." sh
-	CpItem Main/Server/Scripts/OneShot.AfterBoot.sh
-	CpItem Main/Server/Scripts/RenewCerts.sh
+	#CpItem Main/Server/Scripts/OneShot.AfterBoot.sh
+	#CpItem Main/Server/Scripts/RenewCerts.sh
 
-	CpItem Main/Server/Start/bittorrentd
-	CpItem Main/Transfers/aria2/Conf
+	#CpItem Main/Server/Start/bittorrentd
+	#CpItem Main/Transfers/aria2/Conf
+
+	ScopePath=/var/lib/lxc/Debian2023/rootfs/
+		CpItem etc/nginx/nginx.conf
+		CpSufx "etc/nginx/sites-available/*." conf old
+		CpItem etc/tor/torrc
+
+		#for f in \
+		#	SpaccBBS.conf SpaccCloud.conf XSpacc.conf admin.conf analytics.conf articles.conf feeds.conf root.conf \
+		#; do CpItem "etc/nginx/sites-available/${f}"
+		#done
+
+	ScopePath=/var/lib/lxc/Ubuntu2023-SpaccCraft/rootfs/
+		CpItem etc/systemd/system/SpaccCraft.service
 
 cd ..
 

Server/Root/Main/Server/Scripts/Backup/BackupGlobals.cfg

@@ -23,6 +23,7 @@ ccencryptNow() {
 	File="$1"
 	BaseKey="$2"
 	ccrypt -e -f -K"$(Hash2 "${BaseKey}" "${RunDate}")" "${File}"
+	echo "${RunDate}" > "${File}.info"
 }
 
 WriteLastLog() {

Server/Root/Main/Server/Scripts/Backup/CloudBackup.sh

@@ -4,23 +4,43 @@
 set -e
 . "$(dirname "$(realpath "$0")")/BackupGlobals.cfg"
 
-GitPush() {
+GitPush(){
 	Msg="Auto-Backup $(date) (${RunDate})"
 	git add . && git commit -m "${Msg}" && git push
 }
 
-GitPullPushPath() {
+GitPullPushPath(){
 	BackPath="$(pwd)"
 	cd "$1" && git pull && GitPush
 	cd "${BackPath}"
 }
 
-BackPathCrypt() {
+BackPathCrypt(){
+	_BackPathCrypt "$1" "$2" "$3"
+}
+
+_BackPathCrypt(){
 	Folder="$1"
 	Key="$2"
 	Ext="$([ -z "$3" ] && echo ".tar.xz" || echo "$3")"
-	cp -v "../${Folder}/Latest${Ext}" "./${Folder}${Ext}" && \
-	ccencryptNow "./${Folder}${Ext}" "${Key}"
+	Split="$4"
+	File="${Folder}${Ext}"
+	cp -v "../${Folder}/Latest${Ext}" "./${File}" && \
+	ccencryptNow "./${File}" "${Key}"
+	#DirContext="${PWD}"
+	#[ -n "${Split}" ] \
+	#	&& mkdir -p "./${File}.cpt.split" \
+	#	&& cd "./${File}.cpt.split" \
+	#	&& rm * || true \
+	#	&& split --bytes="${Split}" "../${File}.cpt" \
+	#	&& rm "../${File}.cpt" \
+	#;
+	#cd "${DirContext}"
+}
+
+BackPathCryptSplit(){
+	_BackPathCrypt "$1" "$2" "$3" 10M
+	#...
 }
 
 ServerBackupLimited(){
@@ -32,7 +52,7 @@ ServerBackupLimited(){
 	#BackPathCrypt "shiori-data" "${BackupKey_Git_Shiori}"
 	BackPathCrypt n8n-data "${BackupKey_Git_n8n}"
 	# "${BackupKey_Git_aria2}" ".7z"
-	GitPush
+	GitPush || true
 	EchoExec cd ..
 }
 
@@ -40,7 +60,7 @@ ArticlesBackupPrivate(){
 	EchoExec cd ./Articles-Backup-Private
 	EchoExec rm -rf ./shiori-data
 	EchoExec cp -rp "../shiori-data/Latest.d" "./shiori-data"
-	GitPush
+	GitPush || true
 	EchoExec cd ..
 }
 
@@ -55,7 +75,7 @@ DoSpaccBbsBackup(){
 		./SpaccBBS/arrowchat/includes/config.php \
 	; do ccencryptNow "$File" "$BackupKey_Git_SpaccBBS"
 	done
-	GitPush
+	GitPush || true
 	EchoExec cd ..
 }
 
@@ -69,17 +89,17 @@ DoSpaccCraftBackup(){
 	then
 		#cd "/Server/${McServer}"
 		cd "${BackupsBase}/${McServer}"
-		rm -rf "${DestPath}/${McEdition}"
-		cp ./*.sh "${DestPath}/"
+		rm -rf "${DestPath}/${McEdition}" || true
+		cp ./*.sh "${DestPath}/" || true
 		cp -r "./${McEdition}/Latest.d" "${DestPath}/${McEdition}"
-		GitPullPushPath "${DestPath}"
+		GitPullPushPath "${DestPath}" || true
 	fi
 }
 
-ServerBackupLimited
-ArticlesBackupPrivate
-DoSpaccBbsBackup
-DoSpaccCraftBackup
+ServerBackupLimited || true
+ArticlesBackupPrivate || true
+DoSpaccBbsBackup || true
+DoSpaccCraftBackup || true
 #GitPullPushPath "/Cloud/Repos/Personal-Game-Saves"
 #GitPullPushPath "/media/Disk/Configs"
 

Server/Root/Main/Server/Scripts/Backup/ServerDataBackup.sh

@@ -31,6 +31,7 @@ DoBackupSpaccBBS(){
 	SimpleBackup SpaccBBS www
 	lxc-attach Debian2023 -- sh -c "mariadb-dump phpBB > ${PWD}/SpaccBBS/Db.Latest.sql"
 	SimpleCompress "./SpaccBBS/Db.${RunDate}.sql" ./SpaccBBS/Db.Latest.sql
+	EchoExec rm ./SpaccBBS/Db.Latest.sql.tar.xz
 	EchoExec ln -s "./Db.${RunDate}.sql.tar.xz" ./SpaccBBS/Db.Latest.sql.tar.xz
 }
 

Server/Root/Main/Server/Scripts/FixMainPermissions.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+for Dir in \
+	Public \
+; do
+	cd "/Main/${Dir}"
+	chown -R root:root .
+	chmod -R 7777 .
+done
+#Server \
+#Backup \
+
+chown -R 1000:1000 /Main/Server/Desktop
+chown -R 101000:101000 /Main/Server/TelegramIndex-Fork
+#chmod -R 7777 /Main/Server/Desktop
+
+chown -R 100033:100033 /Main/Server/www
+#chmod -R 7777 /Main/Server/www

Server/Root/etc/nginx/nginx.conf

@@ -10,7 +10,8 @@ events {
 
 http {
 	upstream php {
-		server unix:/var/run/php/php7.4-fpm.sock;
+		#server unix:/var/run/php/php7.4-fpm.sock;
+		server unix:/var/run/php/php8.2-fpm.sock;
 	}
 
 	##

Server/Root/etc/nginx/sites-available/SpaccBBS.conf

@@ -10,7 +10,7 @@ server {
 	ssl_certificate /etc/letsencrypt/live/bbs.spacc.eu.org/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/bbs.spacc.eu.org/privkey.pem;
 	ssl_prefer_server_ciphers on;
-	root /Server/www/SpaccBBS;
+	root /Main/Server/www/SpaccBBS;
 	index index.php index.html index.htm;
 
 	# Loggers
@@ -93,10 +93,10 @@ server {
 	#}
 	location /wwwroot {
 		if ($SpaccBbsMap = '1') {
-			rewrite ^(.*) $scheme://hlb0.octt.eu.org/$request_uri last;
+			rewrite ^(.*) $scheme://hlb0.octt.eu.org/$request_uri redirect;
 		}
 		if ($SpaccBbsMap = '2') {
-			rewrite ^(.*) $scheme://octt.spaccsoj3trhzowrrblzb5m6hgkwu6syghnmhett7gvxbrz5zhsrs4ad.onion/$request_uri last;
+			rewrite ^(.*) $scheme://octt.spaccsoj3trhzowrrblzb5m6hgkwu6syghnmhett7gvxbrz5zhsrs4ad.onion/$request_uri redirect;
 		}
 	}
 }

Server/Root/etc/nginx/sites-available/admin.conf

@@ -0,0 +1,66 @@
+map "" $LanLocalhost {
+	default 192.168.1.125;
+}
+server {
+	listen 81;
+	#location /admin {
+	#	proxy_http_version 1.1;
+	#	proxy_pass http://10.0.3.106;
+	#	proxy_set_header Host $host;
+	#	proxy_set_header X-Real-IP $remote_addr;
+	#	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	#	proxy_set_header X-Forwarded-Proto $scheme;
+	#	proxy_set_header Upgrade $http_upgrade;
+	#}
+
+	location /phpmyadmin/ {
+		root /usr/share;
+		try_files $uri $uri/;
+		location ~ \.php(/|$) {
+			include fastcgi.conf;
+			fastcgi_split_path_info ^(.+\.php)(/.*)$;
+			fastcgi_param PATH_INFO $fastcgi_path_info;
+			fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+			fastcgi_param DOCUMENT_ROOT $realpath_root;
+			try_files $uri $uri/ /app.php$is_args$args;
+			fastcgi_pass php;
+		}
+	}
+
+	location /Scripts {
+		proxy_http_version 1.1;
+		proxy_pass http://$LanLocalhost:8066;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Upgrade $http_upgrade;
+	}
+
+	location /websockify {
+		proxy_http_version 1.1;
+		proxy_pass http://$LanLocalhost:42300;
+		#proxy_pass http://$LanLocalhost:22300;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+	}
+
+	location /desktop/fedora-xfce/ {
+	#location /desktop/debian-xfce/ {
+		proxy_http_version 1.1;
+		proxy_pass http://$LanLocalhost:42300;
+		#proxy_pass http://$LanLocalhost:22300;
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header Upgrade $http_upgrade;
+		add_header 'Cross-Origin-Embedder-Policy' 'require-corp';
+		add_header 'Cross-Origin-Opener-Policy' 'same-origin';
+		add_header 'Cross-Origin-Resource-Policy' 'same-site';
+	}
+}

Server/Root/etc/nginx/sites-available/analytics.conf

@@ -1,4 +1,5 @@
 server {
+	listen 80;
 	listen 443 ssl;
 	server_name private-analytics-not-for-public-use.octt.eu.org;
 	ssl_certificate /etc/letsencrypt/live/private-analytics-not-for-public-use.octt.eu.org/fullchain.pem;

Server/Root/etc/nginx/sites-available/articles.conf

@@ -5,6 +5,8 @@ server {
 	ssl_certificate /etc/letsencrypt/live/articles.octt.eu.org/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/articles.octt.eu.org/privkey.pem;
 	ssl_prefer_server_ciphers on;
+	access_log /var/log/nginx/articles.access.log;                                                                                 
+	error_log /var/log/nginx/articles.error.log; 
 	location / {
 		proxy_http_version 1.1;
 		proxy_pass http://localhost:8076;

Server/Root/etc/nginx/sites-available/feeds.conf

@@ -19,7 +19,7 @@ server {
 	#	sub_filter_once on;
 	#}
 
-	root /Server/www/FreshRSS/p;
+	root /Main/Server/www/FreshRSS/p;
 	index index.php index.html index.htm;
 
 	# nginx log files

Server/Root/etc/nginx/sites-available/root.conf

@@ -25,30 +25,42 @@ server {
 
 server {
 	listen 80;
-	listen 81;
+	#listen 81;
 	listen 443 ssl;
 	server_name hlb0.octt.eu.org;
 	ssl_certificate /etc/letsencrypt/live/hlb0.octt.eu.org/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/hlb0.octt.eu.org/privkey.pem; 
 	ssl_prefer_server_ciphers on;
-	error_page 403 = /404.html;
-	error_page 404 = /404.html;
+	error_page 403 = /error.php?code=403;
+	error_page 404 = /error.php?code=404;
+	error_page 500 = /error.php?code=500;
+	access_log /var/log/nginx/root.access.log;                                                                                 
+	error_log /var/log/nginx/root.error.log; 
 
 	location / {
-		root /Server/www/root;
+		root /Main/Server/www/root;
 		if ($request_uri ~ ^([^.\?]*[^/])$) {
 			return 301 $1/;
 		}
-		try_files $uri $uri/ $uri.html;
+		try_files $uri $uri/ $uri.html =404;
 		#try_files $uri =404;
 		#try_files $uri $uri.html $uri/index.html index.html;
 		autoindex off;
 		#error_page 404 = /404.html;
 		#rewrite  ^/(\?.*)?$ index.html$1 permanent;
+
+		location ~ ^.+?\.php(/.*)?$ {
+			fastcgi_pass php;
+			fastcgi_split_path_info ^(.+\.php)(/.*)$;
+			set $path_info $fastcgi_path_info;
+			fastcgi_param PATH_INFO $path_info;
+			include fastcgi_params;
+			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		}
 	}
 
 	location /Drive/ {
-		root /Server/www;
+		root /Main/Server/www;
 		autoindex on;
 		autoindex_exact_size off;
 		sub_filter '<a ' '</span></span>\n\n<span><a ';
@@ -69,6 +81,8 @@ server {
 	}
 
 	location /Drive/Telegram/ {
+		access_log /var/log/nginx/TelegramIndex.access.log;
+		error_log /var/log/nginx/TelegramIndex.error.log;
 		rewrite ^/Drive/Telegram/(.*)$ /$1 break;
 		proxy_http_version 1.1;
 		proxy_pass http://localhost:8095;
@@ -82,6 +96,7 @@ server {
 		sub_filter '<a href="/'     '<a href="/Drive/Telegram/';
 		sub_filter '<img src="/'    '<img src="/Drive/Telegram/';
 		sub_filter '<source src="/' '<source src="/Drive/Telegram/';
+		sub_filter '<script src="/' '<script src="/Drive/Telegram/';
 		sub_filter_once off;
 	}
 

Server/Root/etc/systemd/system/SocatIpProxies.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=SocatIpProxies
+After=network.target
+[Service]
+Type=simple
+Restart=always
+RestartSec=10
+User=root
+ExecStart=/bin/sh -c /Main/Server/SocatIpProxies.sh
+[Install]
+WantedBy=multi-user.target

Server/Root/etc/systemd/system/SpaccCraft.service

@@ -1,5 +1,5 @@
 [Unit]
-Description=spacccraft
+Description=SpaccCraft
 After=network.target
 StartLimitIntervalSec=0
 [Service]
@@ -8,7 +8,7 @@ Restart=always
 RestartSec=10
 #CPUQuota=75%
 #MemoryMax=384M
-User=pi
-ExecStart=script /dev/null -c "export TERM=vt100; screen -S SpaccCraft sh /Server/SpaccCraft/StartSpaccCraft.sh"
+User=SpaccCraft
+ExecStart=/usr/bin/script /dev/null -c "export TERM=vt100; screen -S SpaccCraft sh /Main/Server/SpaccCraft/StartSpaccCraft.sh"
 [Install]
 WantedBy=multi-user.target

Server/Root/etc/systemd/system/VmWindows7Earnapp1.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Windows 7 Earnapp 1 VM
+After=network.target
+[Service]
+Type=simple
+Restart=always
+RestartSec=10
+User=root
+ExecStart=/bin/sh -c /Main/Server/VMs/Windows7Earnapp1.sh
+[Install]
+WantedBy=multi-user.target

Server/Root/etc/systemd/system/VmWindowsServer2022.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Windows Server 2022 VM
+After=network.target
+[Service]
+Type=simple
+Restart=always
+RestartSec=10
+User=root
+ExecStart=/bin/sh -c /Main/Server/VMs/WindowsServer2022.sh
+[Install]
+WantedBy=multi-user.target