upgrade for nextcloud

This commit is contained in:
Emmanuel Garette 2022-10-01 19:11:05 +02:00
parent dd4d51c53c
commit cacc4afc4d
3 changed files with 80 additions and 43 deletions

View file

@ -43,6 +43,13 @@ Vérification :
su - apache -s /bin/bash -c "php /usr/share/nextcloud/occ config:list"|grep know
```
Il faut quelque chose comme :
```
"well-known": "{\"grant_types_supported\": [...]}"
```
Suppression de cache nextcloud :
```
@ -54,3 +61,9 @@ Sur lemonldap, le script de création du fichier .well-known :
```
/usr/local/lib/sbin/interne_well_known.pl
```
Pour regénérer :
```
systemctl restart lemonldap-ng-fastcgi-server.service
```

View file

@ -17,19 +17,19 @@ $CONFIG = array (
array (
0 =>
array (
'path' => '/usr/share/nextcloud/apps',
'url' => '/apps',
'writable' => false,
'path' => '/usr/share/nextcloud/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/usr/local/share/nextcloud/apps',
'url' => '/apps-appstore',
'writable' => true,
'path' => '/usr/local/share/nextcloud/apps',
'url' => '/apps-appstore',
'writable' => true,
),
),
'dbtype' => 'pgsql',
'version' => '22.1.0.1',
'version' => '{{VERSION}}',
'overwrite.cli.url' => 'http://localhost',
'dbname' => '%%pg_client_database',
'dbhost' => '%%pg_client_server_domainname',
@ -37,7 +37,13 @@ $CONFIG = array (
'dbtableprefix' => 'oc_',
'dbuser' => '%%pg_client_username',
'dbpassword' => '%%pg_client_password',
'dbdriveroptions' => array('sslmode' => 'verify-full', 'sslcert' => '/etc/pki/tls/certs/postgresql.crt', 'sslkey' => '/etc/pki/tls/private/postgresql.key', 'sslrootcert' => '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt'),
'dbdriveroptions' =>
array (
'sslmode' => 'verify-full',
'sslcert' => '/etc/pki/tls/certs/postgresql.crt',
'sslkey' => '/etc/pki/tls/private/postgresql.key',
'sslrootcert' => '/etc/pki/ca-trust/source/anchors/ca_PostgreSQL.crt',
),
'passwordsalt' => '{{SALT}}',
'secret' => '{{SECRET}}',
'instanceid' => '%%nextcloud_instance_id',
@ -46,49 +52,52 @@ $CONFIG = array (
'maintenance' => false,
'appstoreenabled' => false,
'appcodechecker' => false,
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'trusted_proxies' => '%%revprox_client_server_ip',
'overwritehost' => '%%revprox_client_external_domainnames[0]',
'filelocking.enabled' => true,
'redis' => [
'host' => '%%redis_client_server_domainname',
'port' => 6380,
'user' => '%%redis_client_username',
'password' => '%%redis_client_password',
'dbindex' => 0,
'ssl_context' => [
'local_cert' => '/etc/pki/tls/certs/redis.crt',
'local_pk' => '/etc/pki/tls/private/redis.key',
'cafile' => '/etc/pki/ca-trust/source/anchors/ca_Redis.crt',
]
],
'redis' =>
array (
'host' => '%%redis_client_server_domainname',
'port' => 6380,
'user' => '%%redis_client_username',
'password' => '%%redis_client_password',
'dbindex' => 0,
'ssl_context' =>
array (
'local_cert' => '/etc/pki/tls/certs/redis.crt',
'local_pk' => '/etc/pki/tls/private/redis.key',
'cafile' => '/etc/pki/ca-trust/source/anchors/ca_Redis.crt',
)
),
'default_phone_region' => 'FR',
//OIDC login
# OIDC login
'allow_user_to_change_display_name' => false,
'lost_password_link' => 'disabled',
'oidc_login_provider_url' => 'https://%%oauth2_client_server_domainname',
'oidc_login_client_id' => '%%oauth2_client_id',
'oidc_login_client_secret' => '%%oauth2_client_secret',
'oidc_login_auto_redirect' => true,
//FIXME 'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
//FIXME to true
# FIXME 'oidc_login_logout_url' => 'https://openid.example.com/thankyou',
# FIXME to true
'oidc_login_end_session_redirect' => false,
//If no quota, we cannot send file
# If no quota, we cannot send file
'oidc_login_default_quota' => '1000000000000000',
'oidc_login_button_text' => 'Log in with OpenID',
'oidc_login_hide_password_form' => true,
'oidc_login_use_id_token' => false,
'oidc_login_attributes' => array (
'id' => 'sub',
'name' => 'name',
'mail' => 'email',
// 'quota' => 'ownCloudQuota',
// 'home' => 'homeDirectory',
'ldap_uid' => 'uid',
// 'groups' => 'ownCloudGroups',
// 'photoURL' => 'picture',
// 'is_admin' => 'ownCloudAdmin',
'oidc_login_attributes' =>
array (
'id' => 'sub',
'name' => 'name',
'mail' => 'email',
# 'quota' => 'ownCloudQuota',
# 'home' => 'homeDirectory',
'ldap_uid' => 'uid',
# 'groups' => 'ownCloudGroups',
# 'photoURL' => 'picture',
# 'is_admin' => 'ownCloudAdmin',
),
'oidc_login_default_group' => 'oidc',
'oidc_login_scope' => 'openid profile email',
@ -98,14 +107,14 @@ $CONFIG = array (
'oidc_login_alt_login_page' => 'assets/login.php',
'oidc_login_tls_verify' => true,
'oidc_create_groups' => false,
//FIXME
# FIXME
'oidc_login_webdav_enabled' => false,
'oidc_login_password_authentication' => false,
'oidc_login_public_key_caching_time' => 86400,
'oidc_login_min_time_between_jwks_requests' => 10,
'oidc_login_well_known_caching_time' => 86400,
'oidc_login_update_avatar' => false,
//mail
# mail
'mail_smtpmode' => 'smtp',
'mail_smtpsecure' => 'tls',
'mail_sendmailmode' => 'smtp',
@ -118,4 +127,5 @@ $CONFIG = array (
'mail_smtpport' => '25',
'mail_smtpname' => '%%smtp_relay_user@%%ip_eth0',
'mail_smtppassword' => '%%smtp_relay_password',
'loglevel' => 2,
);

View file

@ -5,17 +5,26 @@ if [ ! -f /srv/nextcloud/keys/secret.txt ]; then
umask 027
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get passwordsalt > /srv/nextcloud/keys/passwordsalt.txt
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get secret > /srv/nextcloud/keys/secret.txt
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get version > /srv/nextcloud/keys/version.txt
/usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q
/usr/bin/php /usr/share/nextcloud/occ ldap:create-empty-config -q
else
sed -i "s'{{SECRET}}'$(cat /srv/nextcloud/keys/secret.txt)'g" /etc/nextcloud/config.php
sed -i "s'{{SALT}}'$(cat /srv/nextcloud/keys/passwordsalt.txt)'g" /etc/nextcloud/config.php
sed -i "s'{{VERSION}}'$(cat /srv/nextcloud/keys/version.txt)'g" /etc/nextcloud/config.php
sed -i "s/'installed' => false,/'installed' => true,/g" /etc/nextcloud/config.php
# Upgrade
sha256sum /etc/nextcloud/config.php > /tmp/sha
sed -i "s/'config_is_read_only' => true,/'config_is_read_only' => false,/g" /etc/nextcloud/config.php
/usr/bin/php /usr/share/nextcloud/occ upgrade || true
sed -i "s/'config_is_read_only' => false,/'config_is_read_only' => true,/g" /etc/nextcloud/config.php
/usr/bin/php /usr/share/nextcloud/occ --no-warnings config:system:get version > /srv/nextcloud/keys/version.txt
## if file is modified, copy upgraded version
sha256sum -c /tmp/sha || cp -a /etc/nextcloud/config.php /srv/nextcloud/keys/config.UPGRADED.php
# Configure LDAP
/usr/bin/php /usr/share/nextcloud/occ app:enable user_ldap -q
fi
# Upgrade
/usr/bin/php /usr/share/nextcloud/occ upgrade || true
# SSO
/usr/bin/php /usr/share/nextcloud/occ app:enable oidc_login
# Feature
@ -52,6 +61,11 @@ fi
/usr/bin/php /usr/share/nextcloud/occ app:disable weather_status
# Maintenance
/usr/bin/php /usr/share/nextcloud/occ files:scan --all -q
sha256sum /etc/nextcloud/config.php > /tmp/sha
sed -i "s/'config_is_read_only' => true,/'config_is_read_only' => false,/g" /etc/nextcloud/config.php
/usr/bin/php /usr/share/nextcloud/occ maintenance:repair -q
sed -i "s/'config_is_read_only' => false,/'config_is_read_only' => true,/g" /etc/nextcloud/config.php
## if file is modified, copy upgraded version
sha256sum -c /tmp/sha || cp -a /etc/nextcloud/config.php /srv/nextcloud/keys/config.UPGRADED.php
exit 0