forked from stove/dataset
upgrade for nextcloud
This commit is contained in:
parent
dd4d51c53c
commit
cacc4afc4d
3 changed files with 80 additions and 43 deletions
|
@ -43,6 +43,13 @@ Vérification :
|
||||||
su - apache -s /bin/bash -c "php /usr/share/nextcloud/occ config:list"|grep know
|
su - apache -s /bin/bash -c "php /usr/share/nextcloud/occ config:list"|grep know
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Il faut quelque chose comme :
|
||||||
|
|
||||||
|
```
|
||||||
|
"well-known": "{\"grant_types_supported\": [...]}"
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
Suppression de cache nextcloud :
|
Suppression de cache nextcloud :
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -54,3 +61,9 @@ Sur lemonldap, le script de création du fichier .well-known :
|
||||||
```
|
```
|
||||||
/usr/local/lib/sbin/interne_well_known.pl
|
/usr/local/lib/sbin/interne_well_known.pl
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Pour regénérer :
|
||||||
|
|
||||||
|
```
|
||||||
|
systemctl restart lemonldap-ng-fastcgi-server.service
|
||||||
|
```
|
||||||
|
|
|
@ -29,7 +29,7 @@ $CONFIG = array (
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
'dbtype' => 'pgsql',
|
'dbtype' => 'pgsql',
|
||||||
'version' => '22.1.0.1',
|
'version' => '{{VERSION}}',
|
||||||
'overwrite.cli.url' => 'http://localhost',
|
'overwrite.cli.url' => 'http://localhost',
|
||||||
'dbname' => '%%pg_client_database',
|
'dbname' => '%%pg_client_database',
|
||||||
'dbhost' => '%%pg_client_server_domainname',
|
'dbhost' => '%%pg_client_server_domainname',
|
||||||
|
@ -37,7 +37,13 @@ $CONFIG = array (
|
||||||
'dbtableprefix' => 'oc_',
|
'dbtableprefix' => 'oc_',
|
||||||
'dbuser' => '%%pg_client_username',
|
'dbuser' => '%%pg_client_username',
|
||||||
'dbpassword' => '%%pg_client_password',
|
'dbpassword' => '%%pg_client_password',
|
||||||
'dbdriveroptions' => array('sslmode' => 'verify-full', 'sslcert' => '/etc/pki/tls/certs/postgresql.crt', 'sslkey' => '/etc/pki/tls/private/postgresql.key', 'sslrootcert' => '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt'),
|
'dbdriveroptions' =>
|
||||||
|
array (
|
||||||
|
'sslmode' => 'verify-full',
|
||||||
|
'sslcert' => '/etc/pki/tls/certs/postgresql.crt',
|
||||||
|
'sslkey' => '/etc/pki/tls/private/postgresql.key',
|
||||||
|
'sslrootcert' => '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt',
|
||||||
|
),
|
||||||
'passwordsalt' => '{{SALT}}',
|
'passwordsalt' => '{{SALT}}',
|
||||||
'secret' => '{{SECRET}}',
|
'secret' => '{{SECRET}}',
|
||||||
'instanceid' => '%%nextcloud_instance_id',
|
'instanceid' => '%%nextcloud_instance_id',
|
||||||
|
@ -46,49 +52,52 @@ $CONFIG = array (
|
||||||
'maintenance' => false,
|
'maintenance' => false,
|
||||||
'appstoreenabled' => false,
|
'appstoreenabled' => false,
|
||||||
'appcodechecker' => false,
|
'appcodechecker' => false,
|
||||||
'memcache.distributed' => '\OC\Memcache\Redis',
|
'memcache.distributed' => '\\OC\\Memcache\\Redis',
|
||||||
'memcache.locking' => '\OC\Memcache\Redis',
|
'memcache.locking' => '\\OC\\Memcache\\Redis',
|
||||||
'trusted_proxies' => '%%revprox_client_server_ip',
|
'trusted_proxies' => '%%revprox_client_server_ip',
|
||||||
'overwritehost' => '%%revprox_client_external_domainnames[0]',
|
'overwritehost' => '%%revprox_client_external_domainnames[0]',
|
||||||
'filelocking.enabled' => true,
|
'filelocking.enabled' => true,
|
||||||
'redis' => [
|
'redis' =>
|
||||||
|
array (
|
||||||
'host' => '%%redis_client_server_domainname',
|
'host' => '%%redis_client_server_domainname',
|
||||||
'port' => 6380,
|
'port' => 6380,
|
||||||
'user' => '%%redis_client_username',
|
'user' => '%%redis_client_username',
|
||||||
'password' => '%%redis_client_password',
|
'password' => '%%redis_client_password',
|
||||||
'dbindex' => 0,
|
'dbindex' => 0,
|
||||||
'ssl_context' => [
|
'ssl_context' =>
|
||||||
|
array (
|
||||||
'local_cert' => '/etc/pki/tls/certs/redis.crt',
|
'local_cert' => '/etc/pki/tls/certs/redis.crt',
|
||||||
'local_pk' => '/etc/pki/tls/private/redis.key',
|
'local_pk' => '/etc/pki/tls/private/redis.key',
|
||||||
'cafile' => '/etc/pki/ca-trust/source/anchors/ca_Redis.crt',
|
'cafile' => '/etc/pki/ca-trust/source/anchors/ca_Redis.crt',
|
||||||
]
|
)
|
||||||
],
|
),
|
||||||
'default_phone_region' => 'FR',
|
'default_phone_region' => 'FR',
|
||||||
//OIDC login
|
# OIDC login
|
||||||
'allow_user_to_change_display_name' => false,
|
'allow_user_to_change_display_name' => false,
|
||||||
'lost_password_link' => 'disabled',
|
'lost_password_link' => 'disabled',
|
||||||
'oidc_login_provider_url' => 'https://%%oauth2_client_server_domainname',
|
'oidc_login_provider_url' => 'https://%%oauth2_client_server_domainname',
|
||||||
'oidc_login_client_id' => '%%oauth2_client_id',
|
'oidc_login_client_id' => '%%oauth2_client_id',
|
||||||
'oidc_login_client_secret' => '%%oauth2_client_secret',
|
'oidc_login_client_secret' => '%%oauth2_client_secret',
|
||||||
'oidc_login_auto_redirect' => true,
|
'oidc_login_auto_redirect' => true,
|
||||||
//FIXME 'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
|
# FIXME 'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
|
||||||
//FIXME to true
|
# FIXME to true
|
||||||
'oidc_login_end_session_redirect' => false,
|
'oidc_login_end_session_redirect' => false,
|
||||||
//If no quota, we cannot send file
|
# If no quota, we cannot send file
|
||||||
'oidc_login_default_quota' => '1000000000000000',
|
'oidc_login_default_quota' => '1000000000000000',
|
||||||
'oidc_login_button_text' => 'Log in with OpenID',
|
'oidc_login_button_text' => 'Log in with OpenID',
|
||||||
'oidc_login_hide_password_form' => true,
|
'oidc_login_hide_password_form' => true,
|
||||||
'oidc_login_use_id_token' => false,
|
'oidc_login_use_id_token' => false,
|
||||||
'oidc_login_attributes' => array (
|
'oidc_login_attributes' =>
|
||||||
|
array (
|
||||||
'id' => 'sub',
|
'id' => 'sub',
|
||||||
'name' => 'name',
|
'name' => 'name',
|
||||||
'mail' => 'email',
|
'mail' => 'email',
|
||||||
// 'quota' => 'ownCloudQuota',
|
# 'quota' => 'ownCloudQuota',
|
||||||
// 'home' => 'homeDirectory',
|
# 'home' => 'homeDirectory',
|
||||||
'ldap_uid' => 'uid',
|
'ldap_uid' => 'uid',
|
||||||
// 'groups' => 'ownCloudGroups',
|
# 'groups' => 'ownCloudGroups',
|
||||||
// 'photoURL' => 'picture',
|
# 'photoURL' => 'picture',
|
||||||
// 'is_admin' => 'ownCloudAdmin',
|
# 'is_admin' => 'ownCloudAdmin',
|
||||||
),
|
),
|
||||||
'oidc_login_default_group' => 'oidc',
|
'oidc_login_default_group' => 'oidc',
|
||||||
'oidc_login_scope' => 'openid profile email',
|
'oidc_login_scope' => 'openid profile email',
|
||||||
|
@ -98,14 +107,14 @@ $CONFIG = array (
|
||||||
'oidc_login_alt_login_page' => 'assets/login.php',
|
'oidc_login_alt_login_page' => 'assets/login.php',
|
||||||
'oidc_login_tls_verify' => true,
|
'oidc_login_tls_verify' => true,
|
||||||
'oidc_create_groups' => false,
|
'oidc_create_groups' => false,
|
||||||
//FIXME
|
# FIXME
|
||||||
'oidc_login_webdav_enabled' => false,
|
'oidc_login_webdav_enabled' => false,
|
||||||
'oidc_login_password_authentication' => false,
|
'oidc_login_password_authentication' => false,
|
||||||
'oidc_login_public_key_caching_time' => 86400,
|
'oidc_login_public_key_caching_time' => 86400,
|
||||||
'oidc_login_min_time_between_jwks_requests' => 10,
|
'oidc_login_min_time_between_jwks_requests' => 10,
|
||||||
'oidc_login_well_known_caching_time' => 86400,
|
'oidc_login_well_known_caching_time' => 86400,
|
||||||
'oidc_login_update_avatar' => false,
|
'oidc_login_update_avatar' => false,
|
||||||
//mail
|
# mail
|
||||||
'mail_smtpmode' => 'smtp',
|
'mail_smtpmode' => 'smtp',
|
||||||
'mail_smtpsecure' => 'tls',
|
'mail_smtpsecure' => 'tls',
|
||||||
'mail_sendmailmode' => 'smtp',
|
'mail_sendmailmode' => 'smtp',
|
||||||
|
@ -118,4 +127,5 @@ $CONFIG = array (
|
||||||
'mail_smtpport' => '25',
|
'mail_smtpport' => '25',
|
||||||
'mail_smtpname' => '%%smtp_relay_user@%%ip_eth0',
|
'mail_smtpname' => '%%smtp_relay_user@%%ip_eth0',
|
||||||
'mail_smtppassword' => '%%smtp_relay_password',
|
'mail_smtppassword' => '%%smtp_relay_password',
|
||||||
|
'loglevel' => 2,
|
||||||
);
|
);
|
||||||
|
|
|
@ -5,17 +5,26 @@ if [ ! -f /srv/nextcloud/keys/secret.txt ]; then
|
||||||
umask 027
|
umask 027
|
||||||
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get passwordsalt > /srv/nextcloud/keys/passwordsalt.txt
|
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get passwordsalt > /srv/nextcloud/keys/passwordsalt.txt
|
||||||
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get secret > /srv/nextcloud/keys/secret.txt
|
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get secret > /srv/nextcloud/keys/secret.txt
|
||||||
|
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get version > /srv/nextcloud/keys/version.txt
|
||||||
|
|
||||||
/usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q
|
/usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q
|
||||||
/usr/bin/php /usr/share/nextcloud/occ ldap:create-empty-config -q
|
/usr/bin/php /usr/share/nextcloud/occ ldap:create-empty-config -q
|
||||||
else
|
else
|
||||||
sed -i "s'{{SECRET}}'$(cat /srv/nextcloud/keys/secret.txt)'g" /etc/nextcloud/config.php
|
sed -i "s'{{SECRET}}'$(cat /srv/nextcloud/keys/secret.txt)'g" /etc/nextcloud/config.php
|
||||||
sed -i "s'{{SALT}}'$(cat /srv/nextcloud/keys/passwordsalt.txt)'g" /etc/nextcloud/config.php
|
sed -i "s'{{SALT}}'$(cat /srv/nextcloud/keys/passwordsalt.txt)'g" /etc/nextcloud/config.php
|
||||||
|
sed -i "s'{{VERSION}}'$(cat /srv/nextcloud/keys/version.txt)'g" /etc/nextcloud/config.php
|
||||||
sed -i "s/'installed' => false,/'installed' => true,/g" /etc/nextcloud/config.php
|
sed -i "s/'installed' => false,/'installed' => true,/g" /etc/nextcloud/config.php
|
||||||
|
# Upgrade
|
||||||
|
sha256sum /etc/nextcloud/config.php > /tmp/sha
|
||||||
|
sed -i "s/'config_is_read_only' => true,/'config_is_read_only' => false,/g" /etc/nextcloud/config.php
|
||||||
|
/usr/bin/php /usr/share/nextcloud/occ upgrade || true
|
||||||
|
sed -i "s/'config_is_read_only' => false,/'config_is_read_only' => true,/g" /etc/nextcloud/config.php
|
||||||
|
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get version > /srv/nextcloud/keys/version.txt
|
||||||
|
## if file is modified, copy upgraded version
|
||||||
|
sha256sum -c /tmp/sha || cp -a /etc/nextcloud/config.php /srv/nextcloud/keys/config.UPGRADED.php
|
||||||
|
# Configure LDAP
|
||||||
/usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q
|
/usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q
|
||||||
fi
|
fi
|
||||||
# Upgrade
|
|
||||||
/usr/bin/php /usr/share/nextcloud/occ upgrade || true
|
|
||||||
# SSO
|
# SSO
|
||||||
/usr/bin/php /usr/share/nextcloud/occ app:enable oidc_login
|
/usr/bin/php /usr/share/nextcloud/occ app:enable oidc_login
|
||||||
# Feature
|
# Feature
|
||||||
|
@ -52,6 +61,11 @@ fi
|
||||||
/usr/bin/php /usr/share/nextcloud/occ app:disable weather_status
|
/usr/bin/php /usr/share/nextcloud/occ app:disable weather_status
|
||||||
# Maintenance
|
# Maintenance
|
||||||
/usr/bin/php /usr/share/nextcloud/occ files:scan --all -q
|
/usr/bin/php /usr/share/nextcloud/occ files:scan --all -q
|
||||||
|
sha256sum /etc/nextcloud/config.php > /tmp/sha
|
||||||
|
sed -i "s/'config_is_read_only' => true,/'config_is_read_only' => false,/g" /etc/nextcloud/config.php
|
||||||
/usr/bin/php /usr/share/nextcloud/occ maintenance:repair -q
|
/usr/bin/php /usr/share/nextcloud/occ maintenance:repair -q
|
||||||
|
sed -i "s/'config_is_read_only' => false,/'config_is_read_only' => true,/g" /etc/nextcloud/config.php
|
||||||
|
## if file is modified, copy upgraded version
|
||||||
|
sha256sum -c /tmp/sha || cp -a /etc/nextcloud/config.php /srv/nextcloud/keys/config.UPGRADED.php
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
Loading…
Reference in a new issue