upgrade for nextcloud

This commit is contained in:
Emmanuel Garette 2022-10-01 19:11:05 +02:00
parent dd4d51c53c
commit cacc4afc4d
3 changed files with 80 additions and 43 deletions

View file

@ -43,6 +43,13 @@ Vérification :
su - apache -s /bin/bash -c "php /usr/share/nextcloud/occ config:list"|grep know su - apache -s /bin/bash -c "php /usr/share/nextcloud/occ config:list"|grep know
``` ```
Il faut quelque chose comme :
```
"well-known": "{\"grant_types_supported\": [...]}"
```
Suppression de cache nextcloud : Suppression de cache nextcloud :
``` ```
@ -54,3 +61,9 @@ Sur lemonldap, le script de création du fichier .well-known :
``` ```
/usr/local/lib/sbin/interne_well_known.pl /usr/local/lib/sbin/interne_well_known.pl
``` ```
Pour regénérer :
```
systemctl restart lemonldap-ng-fastcgi-server.service
```

View file

@ -29,7 +29,7 @@ $CONFIG = array (
), ),
), ),
'dbtype' => 'pgsql', 'dbtype' => 'pgsql',
'version' => '22.1.0.1', 'version' => '{{VERSION}}',
'overwrite.cli.url' => 'http://localhost', 'overwrite.cli.url' => 'http://localhost',
'dbname' => '%%pg_client_database', 'dbname' => '%%pg_client_database',
'dbhost' => '%%pg_client_server_domainname', 'dbhost' => '%%pg_client_server_domainname',
@ -37,7 +37,13 @@ $CONFIG = array (
'dbtableprefix' => 'oc_', 'dbtableprefix' => 'oc_',
'dbuser' => '%%pg_client_username', 'dbuser' => '%%pg_client_username',
'dbpassword' => '%%pg_client_password', 'dbpassword' => '%%pg_client_password',
'dbdriveroptions' => array('sslmode' => 'verify-full', 'sslcert' => '/etc/pki/tls/certs/postgresql.crt', 'sslkey' => '/etc/pki/tls/private/postgresql.key', 'sslrootcert' => '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt'), 'dbdriveroptions' =>
array (
'sslmode' => 'verify-full',
'sslcert' => '/etc/pki/tls/certs/postgresql.crt',
'sslkey' => '/etc/pki/tls/private/postgresql.key',
'sslrootcert' => '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt',
),
'passwordsalt' => '{{SALT}}', 'passwordsalt' => '{{SALT}}',
'secret' => '{{SECRET}}', 'secret' => '{{SECRET}}',
'instanceid' => '%%nextcloud_instance_id', 'instanceid' => '%%nextcloud_instance_id',
@ -46,49 +52,52 @@ $CONFIG = array (
'maintenance' => false, 'maintenance' => false,
'appstoreenabled' => false, 'appstoreenabled' => false,
'appcodechecker' => false, 'appcodechecker' => false,
'memcache.distributed' => '\OC\Memcache\Redis', 'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\OC\Memcache\Redis', 'memcache.locking' => '\\OC\\Memcache\\Redis',
'trusted_proxies' => '%%revprox_client_server_ip', 'trusted_proxies' => '%%revprox_client_server_ip',
'overwritehost' => '%%revprox_client_external_domainnames[0]', 'overwritehost' => '%%revprox_client_external_domainnames[0]',
'filelocking.enabled' => true, 'filelocking.enabled' => true,
'redis' => [ 'redis' =>
array (
'host' => '%%redis_client_server_domainname', 'host' => '%%redis_client_server_domainname',
'port' => 6380, 'port' => 6380,
'user' => '%%redis_client_username', 'user' => '%%redis_client_username',
'password' => '%%redis_client_password', 'password' => '%%redis_client_password',
'dbindex' => 0, 'dbindex' => 0,
'ssl_context' => [ 'ssl_context' =>
array (
'local_cert' => '/etc/pki/tls/certs/redis.crt', 'local_cert' => '/etc/pki/tls/certs/redis.crt',
'local_pk' => '/etc/pki/tls/private/redis.key', 'local_pk' => '/etc/pki/tls/private/redis.key',
'cafile' => '/etc/pki/ca-trust/source/anchors/ca_Redis.crt', 'cafile' => '/etc/pki/ca-trust/source/anchors/ca_Redis.crt',
] )
], ),
'default_phone_region' => 'FR', 'default_phone_region' => 'FR',
//OIDC login # OIDC login
'allow_user_to_change_display_name' => false, 'allow_user_to_change_display_name' => false,
'lost_password_link' => 'disabled', 'lost_password_link' => 'disabled',
'oidc_login_provider_url' => 'https://%%oauth2_client_server_domainname', 'oidc_login_provider_url' => 'https://%%oauth2_client_server_domainname',
'oidc_login_client_id' => '%%oauth2_client_id', 'oidc_login_client_id' => '%%oauth2_client_id',
'oidc_login_client_secret' => '%%oauth2_client_secret', 'oidc_login_client_secret' => '%%oauth2_client_secret',
'oidc_login_auto_redirect' => true, 'oidc_login_auto_redirect' => true,
//FIXME 'oidc_login_logout_url' => 'https://openid.example.com/thankyou', # FIXME 'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
//FIXME to true # FIXME to true
'oidc_login_end_session_redirect' => false, 'oidc_login_end_session_redirect' => false,
//If no quota, we cannot send file # If no quota, we cannot send file
'oidc_login_default_quota' => '1000000000000000', 'oidc_login_default_quota' => '1000000000000000',
'oidc_login_button_text' => 'Log in with OpenID', 'oidc_login_button_text' => 'Log in with OpenID',
'oidc_login_hide_password_form' => true, 'oidc_login_hide_password_form' => true,
'oidc_login_use_id_token' => false, 'oidc_login_use_id_token' => false,
'oidc_login_attributes' => array ( 'oidc_login_attributes' =>
array (
'id' => 'sub', 'id' => 'sub',
'name' => 'name', 'name' => 'name',
'mail' => 'email', 'mail' => 'email',
// 'quota' => 'ownCloudQuota', # 'quota' => 'ownCloudQuota',
// 'home' => 'homeDirectory', # 'home' => 'homeDirectory',
'ldap_uid' => 'uid', 'ldap_uid' => 'uid',
// 'groups' => 'ownCloudGroups', # 'groups' => 'ownCloudGroups',
// 'photoURL' => 'picture', # 'photoURL' => 'picture',
// 'is_admin' => 'ownCloudAdmin', # 'is_admin' => 'ownCloudAdmin',
), ),
'oidc_login_default_group' => 'oidc', 'oidc_login_default_group' => 'oidc',
'oidc_login_scope' => 'openid profile email', 'oidc_login_scope' => 'openid profile email',
@ -98,14 +107,14 @@ $CONFIG = array (
'oidc_login_alt_login_page' => 'assets/login.php', 'oidc_login_alt_login_page' => 'assets/login.php',
'oidc_login_tls_verify' => true, 'oidc_login_tls_verify' => true,
'oidc_create_groups' => false, 'oidc_create_groups' => false,
//FIXME # FIXME
'oidc_login_webdav_enabled' => false, 'oidc_login_webdav_enabled' => false,
'oidc_login_password_authentication' => false, 'oidc_login_password_authentication' => false,
'oidc_login_public_key_caching_time' => 86400, 'oidc_login_public_key_caching_time' => 86400,
'oidc_login_min_time_between_jwks_requests' => 10, 'oidc_login_min_time_between_jwks_requests' => 10,
'oidc_login_well_known_caching_time' => 86400, 'oidc_login_well_known_caching_time' => 86400,
'oidc_login_update_avatar' => false, 'oidc_login_update_avatar' => false,
//mail # mail
'mail_smtpmode' => 'smtp', 'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'tls', 'mail_smtpsecure' => 'tls',
'mail_sendmailmode' => 'smtp', 'mail_sendmailmode' => 'smtp',
@ -118,4 +127,5 @@ $CONFIG = array (
'mail_smtpport' => '25', 'mail_smtpport' => '25',
'mail_smtpname' => '%%smtp_relay_user@%%ip_eth0', 'mail_smtpname' => '%%smtp_relay_user@%%ip_eth0',
'mail_smtppassword' => '%%smtp_relay_password', 'mail_smtppassword' => '%%smtp_relay_password',
'loglevel' => 2,
); );

View file

@ -5,17 +5,26 @@ if [ ! -f /srv/nextcloud/keys/secret.txt ]; then
umask 027 umask 027
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get passwordsalt > /srv/nextcloud/keys/passwordsalt.txt /usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get passwordsalt > /srv/nextcloud/keys/passwordsalt.txt
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get secret > /srv/nextcloud/keys/secret.txt /usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get secret > /srv/nextcloud/keys/secret.txt
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get version > /srv/nextcloud/keys/version.txt
/usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q /usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q
/usr/bin/php /usr/share/nextcloud/occ ldap:create-empty-config -q /usr/bin/php /usr/share/nextcloud/occ ldap:create-empty-config -q
else else
sed -i "s'{{SECRET}}'$(cat /srv/nextcloud/keys/secret.txt)'g" /etc/nextcloud/config.php sed -i "s'{{SECRET}}'$(cat /srv/nextcloud/keys/secret.txt)'g" /etc/nextcloud/config.php
sed -i "s'{{SALT}}'$(cat /srv/nextcloud/keys/passwordsalt.txt)'g" /etc/nextcloud/config.php sed -i "s'{{SALT}}'$(cat /srv/nextcloud/keys/passwordsalt.txt)'g" /etc/nextcloud/config.php
sed -i "s'{{VERSION}}'$(cat /srv/nextcloud/keys/version.txt)'g" /etc/nextcloud/config.php
sed -i "s/'installed' => false,/'installed' => true,/g" /etc/nextcloud/config.php sed -i "s/'installed' => false,/'installed' => true,/g" /etc/nextcloud/config.php
# Upgrade
sha256sum /etc/nextcloud/config.php > /tmp/sha
sed -i "s/'config_is_read_only' => true,/'config_is_read_only' => false,/g" /etc/nextcloud/config.php
/usr/bin/php /usr/share/nextcloud/occ upgrade || true
sed -i "s/'config_is_read_only' => false,/'config_is_read_only' => true,/g" /etc/nextcloud/config.php
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get version > /srv/nextcloud/keys/version.txt
## if file is modified, copy upgraded version
sha256sum -c /tmp/sha || cp -a /etc/nextcloud/config.php /srv/nextcloud/keys/config.UPGRADED.php
# Configure LDAP
/usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q /usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q
fi fi
# Upgrade
/usr/bin/php /usr/share/nextcloud/occ upgrade || true
# SSO # SSO
/usr/bin/php /usr/share/nextcloud/occ app:enable oidc_login /usr/bin/php /usr/share/nextcloud/occ app:enable oidc_login
# Feature # Feature
@ -52,6 +61,11 @@ fi
/usr/bin/php /usr/share/nextcloud/occ app:disable weather_status /usr/bin/php /usr/share/nextcloud/occ app:disable weather_status
# Maintenance # Maintenance
/usr/bin/php /usr/share/nextcloud/occ files:scan --all -q /usr/bin/php /usr/share/nextcloud/occ files:scan --all -q
sha256sum /etc/nextcloud/config.php > /tmp/sha
sed -i "s/'config_is_read_only' => true,/'config_is_read_only' => false,/g" /etc/nextcloud/config.php
/usr/bin/php /usr/share/nextcloud/occ maintenance:repair -q /usr/bin/php /usr/share/nextcloud/occ maintenance:repair -q
sed -i "s/'config_is_read_only' => false,/'config_is_read_only' => true,/g" /etc/nextcloud/config.php
## if file is modified, copy upgraded version
sha256sum -c /tmp/sha || cp -a /etc/nextcloud/config.php /srv/nextcloud/keys/config.UPGRADED.php
exit 0 exit 0