[Watchdog] Ignore null name in jq

[Nginx] Merge sites
[Scripts] Nextcloud helper script (testing!)

data/Dockerfiles/watchdog/watchdog.sh

@@ -65,7 +65,7 @@ get_container_ip() {
   LOOP_C=1
   until [[ ${CONTAINER_IP} =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]] || [[ ${LOOP_C} -gt 5 ]]; do
     sleep 1
-    CONTAINER_ID=$(curl --silent http://dockerapi:8080/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], id: .Id}" | jq -rc "select( .name | contains(\"${1}\")) | .id")
+    CONTAINER_ID=$(curl --silent http://dockerapi:8080/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], id: .Id}" | jq -rc "select( .name | tostring | contains(\"${1}\")) | .id")
     if [[ ! -z ${CONTAINER_ID} ]]; then
     	CONTAINER_IP=$(curl --silent http://dockerapi:8080/containers/${CONTAINER_ID}/json | jq -r '.NetworkSettings.Networks[].IPAddress')
 	fi
@@ -142,7 +142,7 @@ postfix_checks() {
   # Reduce error count by 2 after restarting an unhealthy container
   trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
   while [ ${err_count} -lt ${THRESHOLD} ]; do
-  host_ip=$(get_container_ip postfix-mailcow)
+	host_ip=$(get_container_ip postfix-mailcow)
     err_c_cur=${err_count}
     /usr/lib/nagios/plugins/check_smtp -4 -H ${host_ip} -p 589 -f watchdog -C "RCPT TO:null@localhost" -C DATA -C . -R 250 1>&2; err_count=$(( ${err_count} + $? ))
     /usr/lib/nagios/plugins/check_smtp -4 -H ${host_ip} -p 589 -S 1>&2; err_count=$(( ${err_count} + $? ))
@@ -368,7 +368,7 @@ while true; do
   if [[ ${com_pipe_answer} =~ .+-mailcow ]]; then
     kill -STOP ${BACKGROUND_TASKS[*]}
     sleep 3
-    CONTAINER_ID=$(curl --silent http://dockerapi:8080/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], id: .Id}" | jq -rc "select( .name | contains(\"${com_pipe_answer}\")) | .id")
+    CONTAINER_ID=$(curl --silent http://dockerapi:8080/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], id: .Id}" | jq -rc "select( .name | tostring | contains(\"${com_pipe_answer}\")) | .id")
     if [[ ! -z ${CONTAINER_ID} ]]; then
       log_to_redis "Sending restart command to ${CONTAINER_ID}..."
       echo "Sending restart command to ${CONTAINER_ID}..."

data/conf/nginx/site.conf

@@ -1,9 +1,6 @@
 server_tokens off;
-
-# includes to http {
 proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h  max_size=1g;
 server_names_hash_bucket_size 64;
-# }
 
 map $http_x_forwarded_proto $client_req_scheme {
      default $scheme;
@@ -11,7 +8,6 @@ map $http_x_forwarded_proto $client_req_scheme {
 }
 
 server {
-  include /etc/nginx/conf.d/listen_ssl.active;
   include /etc/nginx/mime.types;
   charset utf-8;
   override_charset on;
@@ -25,6 +21,7 @@ server {
   ssl_session_cache shared:SSL:50m;
   ssl_session_timeout 1d;
   ssl_session_tickets off;
+
   add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
   add_header X-Content-Type-Options nosniff;
   add_header X-XSS-Protection "1; mode=block";
@@ -33,173 +30,15 @@ server {
   add_header X-Permitted-Cross-Domain-Policies none;
 
   index index.php index.html;
-  include /etc/nginx/conf.d/server_name.active;
-  error_log  /var/log/nginx/error.log;
-  access_log /var/log/nginx/access.log;
-  absolute_redirect off;
-  root /web;
-
-  location ~ ^/api/v1/(.*)$ {
-    try_files $uri $uri/ /json_api.php?query=$1;
-  }
-
-  location ^~ /.well-known/acme-challenge/ {
-    allow all;
-    default_type "text/plain";
-  }
-
-  # If behind reverse proxy, forwards the correct IP
-  set_real_ip_from 172.22.1.1;
-  real_ip_header X-Forwarded-For;
-  real_ip_recursive on;
-
-  rewrite ^/.well-known/caldav$ /SOGo/dav/ permanent;
-  rewrite ^/.well-known/carddav$ /SOGo/dav/ permanent;
-
-  location ^~ /principals {
-	return 301 /SOGo/dav;
-  }
-
-  location ~ \.php$ {
-    try_files $uri =404;
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass phpfpm:9000;
-    fastcgi_index index.php;
-    include /etc/nginx/fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    fastcgi_param PATH_INFO $fastcgi_path_info;
-    fastcgi_param PHP_VALUE "max_execution_time = 1200
-                             max_input_time = 1200
-                             memory_limit = 64M";
-    fastcgi_read_timeout 1200;
-  }
-
-  location /rspamd/ {
-    proxy_pass       http://172.22.1.253:11334/;
-    proxy_set_header Host      $http_host;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_redirect off;
-  }
-
-  location ~* ^/Autodiscover/Autodiscover.xml {
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass phpfpm:9000;
-    include /etc/nginx/fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    try_files /autodiscover.php =404;
-  }
-
-  location ~* ^/Autodiscover/Autodiscover.json {
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass phpfpm:9000;
-    include /etc/nginx/fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    try_files /autodiscover-json.php =404;
-  }
-
-  location ~ /(?:m|M)ail/(?:c|C)onfig-v1.1.xml {
-    fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    fastcgi_pass phpfpm:9000;
-    include /etc/nginx/fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    try_files /autoconfig.php =404;
-  }
-
-  location ^~ /Microsoft-Server-ActiveSync {
-    proxy_pass http://172.22.1.252:20000/SOGo/Microsoft-Server-ActiveSync;
-    proxy_connect_timeout 1000;
-    proxy_next_upstream timeout error;
-    proxy_send_timeout 1000;
-    proxy_read_timeout 1000;
-    proxy_buffer_size 8k;
-    proxy_buffers 4 32k;
-    proxy_temp_file_write_size 64k;
-    proxy_busy_buffers_size 64k;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-    proxy_set_header x-webobjects-server-protocol HTTP/1.0;
-    proxy_set_header x-webobjects-remote-host $remote_addr;
-    proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
-    proxy_set_header x-webobjects-server-port $server_port;
-    client_body_buffer_size 128k;
-    client_max_body_size 0;
-  }
-
-  location ^~ /SOGo {
-    proxy_pass http://172.22.1.252:20000;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-    proxy_set_header x-webobjects-server-protocol HTTP/1.0;
-    proxy_set_header x-webobjects-remote-host $remote_addr;
-    proxy_set_header x-webobjects-server-name $server_name;
-    proxy_set_header x-webobjects-server-url $client_req_scheme://$http_host;
-    proxy_set_header x-webobjects-server-port $server_port;
-    client_body_buffer_size 128k;
-    client_max_body_size 0;
-    break;
-  }
 
-  location /SOGo.woa/WebServerResources/ {
-    proxy_pass http://172.22.1.252:9192/WebServerResources/;
-    proxy_set_header Host $http_host;
-    proxy_cache sogo;
-    proxy_cache_valid 200 1d;
-    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
-    #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
-    allow all;
-  }
-
-  location /.woa/WebServerResources/ {
-    proxy_pass http://172.22.1.252:9192/WebServerResources/;
-    proxy_set_header Host $http_host;
-    proxy_cache sogo;
-    proxy_cache_valid 200 1d;
-    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
-    #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
-    allow all;
-  }
-
-  location /SOGo/WebServerResources/ {
-    proxy_pass http://172.22.1.252:9192/WebServerResources/;
-    proxy_set_header Host $http_host;
-    proxy_cache sogo;
-    proxy_cache_valid 200 1d;
-    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
-    #alias /usr/lib/GNUstep/SOGo/WebServerResources/;
-    allow all;
-  }
-
-  location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$ {
-    proxy_pass http://172.22.1.252:9192/$1.SOGo/Resources/$2;
-    proxy_set_header Host $http_host;
-    proxy_cache sogo;
-    proxy_cache_valid 200 1d;
-    proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
-    #alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
-  }
-
-  include /etc/nginx/conf.d/site.*.custom;
-}
-server {
   include /etc/nginx/conf.d/listen_plain.active;
-  include /etc/nginx/mime.types;
-  charset utf-8;
-  override_charset on;
-  index index.php index.html;
+  include /etc/nginx/conf.d/listen_ssl.active;
   include /etc/nginx/conf.d/server_name.active;
+
   error_log  /var/log/nginx/error.log;
   access_log /var/log/nginx/access.log;
   absolute_redirect off;
   root /web;
-  add_header X-Content-Type-Options nosniff;
-  add_header X-XSS-Protection "1; mode=block";
-  add_header X-Robots-Tag none;
-  add_header X-Download-Options noopen;
-  add_header X-Permitted-Cross-Domain-Policies none;
 
   location ~ ^/api/v1/(.*)$ {
     try_files $uri $uri/ /json_api.php?query=$1;
@@ -219,7 +58,7 @@ server {
   rewrite ^/.well-known/carddav$ /SOGo/dav/ permanent;
 
   location ^~ /principals {
-    return 301 /SOGo/dav;
+	return 301 /SOGo/dav;
   }
 
   location ~ \.php$ {

helper-scripts/nextcloud.sh

@@ -0,0 +1,112 @@
+#!/bin/bash
+
+[[ -z ${1} ]] && { echo "No parameters given"; exit 1; }
+
+while [ "$1" != '' ]; do
+  case "${1}" in
+    -p|--purge) NC_PURGE=y && shift;;
+    -i|--install) NC_INSTALL=y && shift;;
+    *) echo "Unknown parameter: ${1}" && shift;;
+  esac
+done
+
+[[ ${NC_PURGE} == "y" ]] && [[ ${NC_INSTALL} == "y" ]] && { echo "Cannot use -p and -i at the same time"; }
+
+source ./mailcow.conf
+
+if [[ ${NC_PURGE} == "y" ]]; then
+
+	docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e \
+	  "$(docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "SELECT GROUP_CONCAT('DROP TABLE ', TABLE_SCHEMA, '.', TABLE_NAME SEPARATOR ';') FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE 'nc_%' AND TABLE_SCHEMA = '${DBNAME}';" -BN)"
+	docker exec -it $(docker ps -f name=redis-mailcow -q) /bin/sh -c 'redis-cli KEYS "*nextcloud*" | xargs redis-cli DEL'
+	if [ -d ./data/web/nextcloud/config ]; then
+	  mv ./data/web/nextcloud/config/ ./data/conf/nextcloud-config-folder-$(date +%s).bak
+	fi
+	[[ -d ./data/web/nextcloud ]] && rm -rf ./data/web/nextcloud
+
+	[[ -f ./data/conf/nginx/site.nextcloud.custom ]] && mv ./data/conf/nginx/site.nextcloud.custom ./data/conf/nginx/site.nextcloud.custom-$(date +%s).bak
+	[[ -f ./data/conf/nginx/nextcloud.conf ]] && mv ./data/conf/nginx/nextcloud.conf ./data/conf/nginx/nextcloud.conf-$(date +%s).bak
+
+	docker-compose restart nginx-mailcow
+
+elif [[ ${NC_INSTALL} == "y" ]]; then
+
+	NC_TYPE=
+	while [[ ! ${NC_TYPE} =~ ^subfolder$|^subdomain$ ]]; do
+		read -p "Configure as subdomain or subfolder? [subdomain/subfolder] " NC_TYPE
+	done
+
+
+	if [[ ${NC_TYPE} == "subdomain" ]]; then
+		NC_SUBD=
+	    while [[ -z ${NC_SUBD} ]]; do
+    	    read -p "Which subdomain? [format: nextcloud.domain.tld] " NC_SUBD
+    	done
+		if ! ping -q -c2 ${NC_SUBD} > /dev/null 2>&1 ; then
+			read -p "Cannot ping subdomain, continue anyway? [y|N] " NC_CONT_FAIL
+			[[ ! ${NC_CONT_FAIL,,} =~ ^(yes|y)$ ]] && { echo "Ok, exiting..."; exit 1; }
+		fi
+	fi
+
+	ADMIN_NC_PASS=$(</dev/urandom tr -dc A-Za-z0-9 | head -c 28)
+	NEXTCLOUD_VERSION=$(curl -s https://www.servercow.de/nextcloud/latest.php)
+
+	[[ -z ${NEXTCLOUD_VERSION} ]] && { echo "Error, cannot determine nextcloud version, exiting..."; exit 1; }
+
+	curl -L# -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \
+	  && curl -L# -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc" \
+	  && export GNUPGHOME="$(mktemp -d)" \
+	  && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A \
+	  && gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2 \
+	  && rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc \
+	  && tar -xjf nextcloud.tar.bz2 -C ./data/web/ \
+	  && rm nextcloud.tar.bz2 \
+	  && rm -rf ./data/web/nextcloud/updater \
+	  && mkdir -p ./data/web/nextcloud/data \
+	  && mkdir -p ./data/web/nextcloud/custom_apps \
+	  && chmod +x ./data/web/nextcloud/occ
+
+	docker exec -it $(docker ps -f name=php-fpm-mailcow -q) /bin/bash -c "chown -R www-data:www-data /web/nextcloud/data /web/nextcloud/config /web/nextcloud/apps /web/nextcloud/custom_apps"
+	docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) /web/nextcloud/occ maintenance:install \
+	  --database mysql \
+	  --database-host mysql \
+	  --database-name ${DBNAME} \
+	  --database-user ${DBUSER} \
+	  --database-pass ${DBPASS} \
+	  --database-table-prefix nc_ \
+	  --admin-user admin \
+	  --admin-pass ${ADMIN_NC_PASS} \
+      --data-dir /web/nextcloud/data
+
+	docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) bash -c "/web/nextcloud/occ config:system:set redis host --value=redis --type=string; \
+	  /web/nextcloud/occ config:system:set redis port --value=6379 --type=integer; \
+	  /web/nextcloud/occ config:system:set memcache.locking --value='\OC\Memcache\Redis' --type=string; \
+	  /web/nextcloud/occ config:system:set memcache.local --value='\OC\Memcache\Redis' --type=string; \
+	  /web/nextcloud/occ config:system:set trusted_proxies 0 --value=fd4d:6169:6c63:6f77::1; \
+	  /web/nextcloud/occ config:system:set trusted_proxies 1 --value=172.22.1.0/24; \
+	  /web/nextcloud/occ config:system:set overwritewebroot --value=/nextcloud; \
+	  /web/nextcloud/occ config:system:set overwritehost --value=${MAILCOW_HOSTNAME}; \
+	  /web/nextcloud/occ config:system:set mail_smtpmode --value=smtp; \
+	  /web/nextcloud/occ config:system:set mail_smtpauthtype --value=LOGIN; \
+	  /web/nextcloud/occ config:system:set mail_from_address --value=nextcloud; \
+	  /web/nextcloud/occ config:system:set mail_domain --value=${MAILCOW_HOSTNAME}; \
+	  /web/nextcloud/occ config:system:set mail_smtphost --value=postfix; \
+	  /web/nextcloud/occ config:system:set mail_smtpport --value=588
+	  /web/nextcloud/occ app:enable user_external
+	  /web/nextcloud/occ config:system:set user_backends 0 arguments 0 --value={dovecot:143/imap/tls/novalidate-cert}
+	  /web/nextcloud/occ config:system:set user_backends 0 class --value=OC_User_IMAP"
+
+	if [[ ${NC_TYPE} == "subdomain" ]]; then
+		docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) /web/nextcloud/occ config:system:set overwritewebroot --value=/
+		docker exec -it -u www-data $(docker ps -f name=php-fpm-mailcow -q) /web/nextcloud/occ config:system:set overwritehost --value=nextcloud.develcow.de
+		cp ./data/assets/nextcloud/nextcloud.conf ./data/conf/nginx/
+		sed sed -i 's/NC_SUBD/${NC_SUBD}/g' ./data/assets/nextcloud/nextcloud.conf
+	elif [[ ${NC_TYPE} == "subfolder" ]]; then
+		cp ./data/assets/nextcloud/site.nextcloud.custom ./data/conf/nginx/
+	fi
+
+	docker-compose restart nginx-mailcow
+
+	echo "Login as admin with password: ${ADMIN_NC_PASS}"
+
+fi