From b0310e14c72384e6c5011d4126e66708fe001c03 Mon Sep 17 00:00:00 2001 From: octospacc Date: Wed, 6 Sep 2023 13:56:08 +0200 Subject: [PATCH] Update all new server scripts --- Lib.sh | 18 ++++- Server/AptPackages.txt | 2 +- Server/Repo.Update.sh | 45 +++++++++---- .../Server/Scripts/Backup/BackupGlobals.cfg | 1 + .../Main/Server/Scripts/Backup/CloudBackup.sh | 50 +++++++++----- .../Server/Scripts/Backup/ServerDataBackup.sh | 1 + .../Main/Server/Scripts/FixMainPermissions.sh | 18 +++++ Server/Root/etc/nginx/nginx.conf | 3 +- .../etc/nginx/sites-available/SpaccBBS.conf | 6 +- .../Root/etc/nginx/sites-available/admin.conf | 66 +++++++++++++++++++ .../etc/nginx/sites-available/analytics.conf | 1 + .../etc/nginx/sites-available/articles.conf | 2 + .../Root/etc/nginx/sites-available/feeds.conf | 2 +- .../Root/etc/nginx/sites-available/root.conf | 27 ++++++-- .../etc/systemd/system/SocatIpProxies.service | 11 ++++ .../etc/systemd/system/SpaccCraft.service | 6 +- .../systemd/system/VmWindows7Earnapp1.service | 11 ++++ .../system/VmWindowsServer2022.service | 11 ++++ 18 files changed, 236 insertions(+), 45 deletions(-) create mode 100755 Server/Root/Main/Server/Scripts/FixMainPermissions.sh create mode 100644 Server/Root/etc/nginx/sites-available/admin.conf create mode 100755 Server/Root/etc/systemd/system/SocatIpProxies.service mode change 100644 => 100755 Server/Root/etc/systemd/system/SpaccCraft.service create mode 100755 Server/Root/etc/systemd/system/VmWindows7Earnapp1.service create mode 100755 Server/Root/etc/systemd/system/VmWindowsServer2022.service diff --git a/Lib.sh b/Lib.sh index 337f58a..938656e 100644 --- a/Lib.sh +++ b/Lib.sh @@ -2,8 +2,12 @@ ScopePath="" SetScope(){ - [ "$1" = "Root" ] && ScopePath="/" - [ "$1" = "Home" ] && ScopePath="${HOME}/" + if [ "$1" = "Root" ] + then ScopePath="/" + elif [ "$1" = "Home" ] + then ScopePath="${HOME}/" + #else ScopePath="$1/" + fi } mkcd(){ @@ -26,7 +30,15 @@ CpSub(){ LBase="$1"; shift RBase="$1"; shift for s in $@ - do CpItems /${LBase}${s}${RBase} + do + PathBack="${PWD}" + cd "${ScopePath}" + # Here will happen any wildcard expansion + for i in ${LBase}${s}${RBase} + do + cd "${PathBack}" + CpItem "${i}" + done done } diff --git a/Server/AptPackages.txt b/Server/AptPackages.txt index 9914bcb..afd0633 100644 --- a/Server/AptPackages.txt +++ b/Server/AptPackages.txt @@ -5,7 +5,7 @@ apt-file curl wget netcat-openbsd git htop micro nano mc p7zip-full ccrypt # Web -certbot nginx nginx-extras php php-fpm php-curl php-zip php-xml php-json php-mbstring +certbot nginx nginx-extras php php-fpm php-curl php-zip php-xml php-json php-mbstring php-gmp # Web database mariadb-server php-db php-mysql php-sqlite3 diff --git a/Server/Repo.Update.sh b/Server/Repo.Update.sh index 9ce00e0..89afbbb 100755 --- a/Server/Repo.Update.sh +++ b/Server/Repo.Update.sh @@ -2,32 +2,53 @@ cd "$( dirname "$( realpath "$0" )" )" . ../Lib.sh -h=home/pi +h=home/tux SetScope Root mkcd ./Root CpSufx etc/ diycron for f in \ - diycron ncshell OneShot.AfterBoot bittorrentd \ + diycron ncshell OneShot.AfterBoot bittorrentd SocatIpProxies \ Shiori ShioriFeed \ CringeInoltro WinDog \ TelegramIndex WebFileManager \ - SpaccCraft - do - cpfile "etc/systemd/system/$f.service" + SpaccCraft FreshRSS-actualize \ + ; do + CpItem "etc/systemd/system/${f}.service" + CpItem "etc/systemd/system/${f}.timer" done - CpItem etc/nginx/nginx.conf - CpSufx "etc/nginx/sites-available/*." conf old - CpItem etc/tor/torrc + for f in \ + WindowsServer2022 Windows7Earnapp1 \ + ; do CpItem "etc/systemd/system/Vm${f}.service" + done + + #CpItem etc/nginx/nginx.conf + #CpSufx "etc/nginx/sites-available/*." conf old + #CpItem etc/tor/torrc + + CpSufx "Main/Server/Scripts/*." sh CpSufx "Main/Server/Scripts/Backup/*." sh cfg CpSufx "Main/Server/Scripts/Interactive/*." sh - CpItem Main/Server/Scripts/OneShot.AfterBoot.sh - CpItem Main/Server/Scripts/RenewCerts.sh + #CpItem Main/Server/Scripts/OneShot.AfterBoot.sh + #CpItem Main/Server/Scripts/RenewCerts.sh - CpItem Main/Server/Start/bittorrentd - CpItem Main/Transfers/aria2/Conf + #CpItem Main/Server/Start/bittorrentd + #CpItem Main/Transfers/aria2/Conf + + ScopePath=/var/lib/lxc/Debian2023/rootfs/ + CpItem etc/nginx/nginx.conf + CpSufx "etc/nginx/sites-available/*." conf old + CpItem etc/tor/torrc + + #for f in \ + # SpaccBBS.conf SpaccCloud.conf XSpacc.conf admin.conf analytics.conf articles.conf feeds.conf root.conf \ + #; do CpItem "etc/nginx/sites-available/${f}" + #done + + ScopePath=/var/lib/lxc/Ubuntu2023-SpaccCraft/rootfs/ + CpItem etc/systemd/system/SpaccCraft.service cd .. diff --git a/Server/Root/Main/Server/Scripts/Backup/BackupGlobals.cfg b/Server/Root/Main/Server/Scripts/Backup/BackupGlobals.cfg index 378513b..1654068 100755 --- a/Server/Root/Main/Server/Scripts/Backup/BackupGlobals.cfg +++ b/Server/Root/Main/Server/Scripts/Backup/BackupGlobals.cfg @@ -23,6 +23,7 @@ ccencryptNow() { File="$1" BaseKey="$2" ccrypt -e -f -K"$(Hash2 "${BaseKey}" "${RunDate}")" "${File}" + echo "${RunDate}" > "${File}.info" } WriteLastLog() { diff --git a/Server/Root/Main/Server/Scripts/Backup/CloudBackup.sh b/Server/Root/Main/Server/Scripts/Backup/CloudBackup.sh index b489191..7adafa9 100755 --- a/Server/Root/Main/Server/Scripts/Backup/CloudBackup.sh +++ b/Server/Root/Main/Server/Scripts/Backup/CloudBackup.sh @@ -4,23 +4,43 @@ set -e . "$(dirname "$(realpath "$0")")/BackupGlobals.cfg" -GitPush() { +GitPush(){ Msg="Auto-Backup $(date) (${RunDate})" git add . && git commit -m "${Msg}" && git push } -GitPullPushPath() { +GitPullPushPath(){ BackPath="$(pwd)" cd "$1" && git pull && GitPush cd "${BackPath}" } -BackPathCrypt() { +BackPathCrypt(){ + _BackPathCrypt "$1" "$2" "$3" +} + +_BackPathCrypt(){ Folder="$1" Key="$2" Ext="$([ -z "$3" ] && echo ".tar.xz" || echo "$3")" - cp -v "../${Folder}/Latest${Ext}" "./${Folder}${Ext}" && \ - ccencryptNow "./${Folder}${Ext}" "${Key}" + Split="$4" + File="${Folder}${Ext}" + cp -v "../${Folder}/Latest${Ext}" "./${File}" && \ + ccencryptNow "./${File}" "${Key}" + #DirContext="${PWD}" + #[ -n "${Split}" ] \ + # && mkdir -p "./${File}.cpt.split" \ + # && cd "./${File}.cpt.split" \ + # && rm * || true \ + # && split --bytes="${Split}" "../${File}.cpt" \ + # && rm "../${File}.cpt" \ + #; + #cd "${DirContext}" +} + +BackPathCryptSplit(){ + _BackPathCrypt "$1" "$2" "$3" 10M + #... } ServerBackupLimited(){ @@ -32,7 +52,7 @@ ServerBackupLimited(){ #BackPathCrypt "shiori-data" "${BackupKey_Git_Shiori}" BackPathCrypt n8n-data "${BackupKey_Git_n8n}" # "${BackupKey_Git_aria2}" ".7z" - GitPush + GitPush || true EchoExec cd .. } @@ -40,7 +60,7 @@ ArticlesBackupPrivate(){ EchoExec cd ./Articles-Backup-Private EchoExec rm -rf ./shiori-data EchoExec cp -rp "../shiori-data/Latest.d" "./shiori-data" - GitPush + GitPush || true EchoExec cd .. } @@ -55,7 +75,7 @@ DoSpaccBbsBackup(){ ./SpaccBBS/arrowchat/includes/config.php \ ; do ccencryptNow "$File" "$BackupKey_Git_SpaccBBS" done - GitPush + GitPush || true EchoExec cd .. } @@ -69,17 +89,17 @@ DoSpaccCraftBackup(){ then #cd "/Server/${McServer}" cd "${BackupsBase}/${McServer}" - rm -rf "${DestPath}/${McEdition}" - cp ./*.sh "${DestPath}/" + rm -rf "${DestPath}/${McEdition}" || true + cp ./*.sh "${DestPath}/" || true cp -r "./${McEdition}/Latest.d" "${DestPath}/${McEdition}" - GitPullPushPath "${DestPath}" + GitPullPushPath "${DestPath}" || true fi } -ServerBackupLimited -ArticlesBackupPrivate -DoSpaccBbsBackup -DoSpaccCraftBackup +ServerBackupLimited || true +ArticlesBackupPrivate || true +DoSpaccBbsBackup || true +DoSpaccCraftBackup || true #GitPullPushPath "/Cloud/Repos/Personal-Game-Saves" #GitPullPushPath "/media/Disk/Configs" diff --git a/Server/Root/Main/Server/Scripts/Backup/ServerDataBackup.sh b/Server/Root/Main/Server/Scripts/Backup/ServerDataBackup.sh index ae9ef72..2db31cc 100755 --- a/Server/Root/Main/Server/Scripts/Backup/ServerDataBackup.sh +++ b/Server/Root/Main/Server/Scripts/Backup/ServerDataBackup.sh @@ -31,6 +31,7 @@ DoBackupSpaccBBS(){ SimpleBackup SpaccBBS www lxc-attach Debian2023 -- sh -c "mariadb-dump phpBB > ${PWD}/SpaccBBS/Db.Latest.sql" SimpleCompress "./SpaccBBS/Db.${RunDate}.sql" ./SpaccBBS/Db.Latest.sql + EchoExec rm ./SpaccBBS/Db.Latest.sql.tar.xz EchoExec ln -s "./Db.${RunDate}.sql.tar.xz" ./SpaccBBS/Db.Latest.sql.tar.xz } diff --git a/Server/Root/Main/Server/Scripts/FixMainPermissions.sh b/Server/Root/Main/Server/Scripts/FixMainPermissions.sh new file mode 100755 index 0000000..790e84c --- /dev/null +++ b/Server/Root/Main/Server/Scripts/FixMainPermissions.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +for Dir in \ + Public \ +; do + cd "/Main/${Dir}" + chown -R root:root . + chmod -R 7777 . +done +#Server \ +#Backup \ + +chown -R 1000:1000 /Main/Server/Desktop +chown -R 101000:101000 /Main/Server/TelegramIndex-Fork +#chmod -R 7777 /Main/Server/Desktop + +chown -R 100033:100033 /Main/Server/www +#chmod -R 7777 /Main/Server/www diff --git a/Server/Root/etc/nginx/nginx.conf b/Server/Root/etc/nginx/nginx.conf index caf4294..680fe1c 100644 --- a/Server/Root/etc/nginx/nginx.conf +++ b/Server/Root/etc/nginx/nginx.conf @@ -10,7 +10,8 @@ events { http { upstream php { - server unix:/var/run/php/php7.4-fpm.sock; + #server unix:/var/run/php/php7.4-fpm.sock; + server unix:/var/run/php/php8.2-fpm.sock; } ## diff --git a/Server/Root/etc/nginx/sites-available/SpaccBBS.conf b/Server/Root/etc/nginx/sites-available/SpaccBBS.conf index f537d76..70a00bc 100644 --- a/Server/Root/etc/nginx/sites-available/SpaccBBS.conf +++ b/Server/Root/etc/nginx/sites-available/SpaccBBS.conf @@ -10,7 +10,7 @@ server { ssl_certificate /etc/letsencrypt/live/bbs.spacc.eu.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bbs.spacc.eu.org/privkey.pem; ssl_prefer_server_ciphers on; - root /Server/www/SpaccBBS; + root /Main/Server/www/SpaccBBS; index index.php index.html index.htm; # Loggers @@ -93,10 +93,10 @@ server { #} location /wwwroot { if ($SpaccBbsMap = '1') { - rewrite ^(.*) $scheme://hlb0.octt.eu.org/$request_uri last; + rewrite ^(.*) $scheme://hlb0.octt.eu.org/$request_uri redirect; } if ($SpaccBbsMap = '2') { - rewrite ^(.*) $scheme://octt.spaccsoj3trhzowrrblzb5m6hgkwu6syghnmhett7gvxbrz5zhsrs4ad.onion/$request_uri last; + rewrite ^(.*) $scheme://octt.spaccsoj3trhzowrrblzb5m6hgkwu6syghnmhett7gvxbrz5zhsrs4ad.onion/$request_uri redirect; } } } diff --git a/Server/Root/etc/nginx/sites-available/admin.conf b/Server/Root/etc/nginx/sites-available/admin.conf new file mode 100644 index 0000000..e8990f0 --- /dev/null +++ b/Server/Root/etc/nginx/sites-available/admin.conf @@ -0,0 +1,66 @@ +map "" $LanLocalhost { + default 192.168.1.125; +} +server { + listen 81; + #location /admin { + # proxy_http_version 1.1; + # proxy_pass http://10.0.3.106; + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; + # proxy_set_header Upgrade $http_upgrade; + #} + + location /phpmyadmin/ { + root /usr/share; + try_files $uri $uri/; + location ~ \.php(/|$) { + include fastcgi.conf; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + try_files $uri $uri/ /app.php$is_args$args; + fastcgi_pass php; + } + } + + location /Scripts { + proxy_http_version 1.1; + proxy_pass http://$LanLocalhost:8066; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + } + + location /websockify { + proxy_http_version 1.1; + proxy_pass http://$LanLocalhost:42300; + #proxy_pass http://$LanLocalhost:22300; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location /desktop/fedora-xfce/ { + #location /desktop/debian-xfce/ { + proxy_http_version 1.1; + proxy_pass http://$LanLocalhost:42300; + #proxy_pass http://$LanLocalhost:22300; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + add_header 'Cross-Origin-Embedder-Policy' 'require-corp'; + add_header 'Cross-Origin-Opener-Policy' 'same-origin'; + add_header 'Cross-Origin-Resource-Policy' 'same-site'; + } +} diff --git a/Server/Root/etc/nginx/sites-available/analytics.conf b/Server/Root/etc/nginx/sites-available/analytics.conf index c6af350..1b9c155 100644 --- a/Server/Root/etc/nginx/sites-available/analytics.conf +++ b/Server/Root/etc/nginx/sites-available/analytics.conf @@ -1,4 +1,5 @@ server { + listen 80; listen 443 ssl; server_name private-analytics-not-for-public-use.octt.eu.org; ssl_certificate /etc/letsencrypt/live/private-analytics-not-for-public-use.octt.eu.org/fullchain.pem; diff --git a/Server/Root/etc/nginx/sites-available/articles.conf b/Server/Root/etc/nginx/sites-available/articles.conf index 88cc6e3..e6997d6 100644 --- a/Server/Root/etc/nginx/sites-available/articles.conf +++ b/Server/Root/etc/nginx/sites-available/articles.conf @@ -5,6 +5,8 @@ server { ssl_certificate /etc/letsencrypt/live/articles.octt.eu.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/articles.octt.eu.org/privkey.pem; ssl_prefer_server_ciphers on; + access_log /var/log/nginx/articles.access.log; + error_log /var/log/nginx/articles.error.log; location / { proxy_http_version 1.1; proxy_pass http://localhost:8076; diff --git a/Server/Root/etc/nginx/sites-available/feeds.conf b/Server/Root/etc/nginx/sites-available/feeds.conf index 7a4e559..ddf10b8 100644 --- a/Server/Root/etc/nginx/sites-available/feeds.conf +++ b/Server/Root/etc/nginx/sites-available/feeds.conf @@ -19,7 +19,7 @@ server { # sub_filter_once on; #} - root /Server/www/FreshRSS/p; + root /Main/Server/www/FreshRSS/p; index index.php index.html index.htm; # nginx log files diff --git a/Server/Root/etc/nginx/sites-available/root.conf b/Server/Root/etc/nginx/sites-available/root.conf index 59d34fe..d3eeb4d 100644 --- a/Server/Root/etc/nginx/sites-available/root.conf +++ b/Server/Root/etc/nginx/sites-available/root.conf @@ -25,30 +25,42 @@ server { server { listen 80; - listen 81; + #listen 81; listen 443 ssl; server_name hlb0.octt.eu.org; ssl_certificate /etc/letsencrypt/live/hlb0.octt.eu.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/hlb0.octt.eu.org/privkey.pem; ssl_prefer_server_ciphers on; - error_page 403 = /404.html; - error_page 404 = /404.html; + error_page 403 = /error.php?code=403; + error_page 404 = /error.php?code=404; + error_page 500 = /error.php?code=500; + access_log /var/log/nginx/root.access.log; + error_log /var/log/nginx/root.error.log; location / { - root /Server/www/root; + root /Main/Server/www/root; if ($request_uri ~ ^([^.\?]*[^/])$) { return 301 $1/; } - try_files $uri $uri/ $uri.html; + try_files $uri $uri/ $uri.html =404; #try_files $uri =404; #try_files $uri $uri.html $uri/index.html index.html; autoindex off; #error_page 404 = /404.html; #rewrite ^/(\?.*)?$ index.html$1 permanent; + + location ~ ^.+?\.php(/.*)?$ { + fastcgi_pass php; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + set $path_info $fastcgi_path_info; + fastcgi_param PATH_INFO $path_info; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } } location /Drive/ { - root /Server/www; + root /Main/Server/www; autoindex on; autoindex_exact_size off; sub_filter '\n\n