diff --git a/optimizations.sh b/optimizations.sh deleted file mode 100644 index 520dba1..0000000 --- a/optimizations.sh +++ /dev/null @@ -1,139 +0,0 @@ -####################################################### -# Carsten Rieger IT-Services -# OPTIMIZATIONS.SH -# Version 1.2 -# April 23rd, 2018 -# version 1.2: remove whitespaces from config.php -# version 1.1: added functions -# Version 1.0: initial script -####################################################### -#!/bin/bash -###global function to update and cleanup the environment -function update_and_clean() { -apt update -apt upgrade -y -apt autoclean -y -apt autoremove -y -} -###global function to restart all cloud services -function restart_all_services() { -/usr/sbin/service nginx restart -/usr/sbin/service mysql restart -/usr/sbin/service redis-server restart -/usr/sbin/service php7.2-fpm restart -} -###global function to scan Nextcloud data and generate an overview for fail2ban & ufw -function nextcloud_scan_data() { -sudo -u www-data php /var/www/nextcloud/occ files:scan --all -sudo -u www-data php /var/www/nextcloud/occ files:scan-app-data -fail2ban-client status nextcloud -ufw status verbose -} -###backup of the effected file -cp /var/www/nextcloud/.user.ini /var/www/nextcloud/.user.ini.bak -###apply optimizations -sudo -u www-data sed -i "s/upload_max_filesize=.*/upload_max_filesize=10240M/" /var/www/nextcloud/.user.ini -sudo -u www-data sed -i "s/post_max_size=.*/post_max_size=10240M/" /var/www/nextcloud/.user.ini -sudo -u www-data sed -i "s/output_buffering=.*/output_buffering='Off'/" /var/www/nextcloud/.user.ini -sudo -u www-data cp /var/www/nextcloud/config/config.php /var/www/nextcloud/config/config.php.bak -sudo -u www-data php /var/www/nextcloud/occ background:cron -###apply optimizations to Nextclouds config.php -sed -i '/);/d' /var/www/nextcloud/config/config.php -cat <>/var/www/nextcloud/config/config.php -'activity_expire_days' => 14, -'auth.bruteforce.protection.enabled' => true, -'blacklisted_files' => -array ( -0 => '.htaccess', -1 => 'Thumbs.db', -2 => 'thumbs.db', -), -'cron_log' => true, -'enable_previews' => true, -'enabledPreviewProviders' => -array ( -0 => 'OC\\Preview\\PNG', -1 => 'OC\\Preview\\JPEG', -2 => 'OC\\Preview\\GIF', -3 => 'OC\\Preview\\BMP', -4 => 'OC\\Preview\\XBitmap', -5 => 'OC\\Preview\\Movie', -6 => 'OC\\Preview\\PDF', -7 => 'OC\\Preview\\MP3', -8 => 'OC\\Preview\\TXT', -9 => 'OC\\Preview\\MarkDown', -), -'filesystem_check_changes' => 0, -'filelocking.enabled' => 'true', -'htaccess.RewriteBase' => '/', -'integrity.check.disabled' => false, -'knowledgebaseenabled' => false, -'logtimezone' => 'Europe/Berlin', -'log_rotate_size' => 104857600, -'memcache.local' => '\\OC\\Memcache\\APCu', -'memcache.locking' => '\\OC\\Memcache\\Redis', -'preview_max_x' => 1024, -'preview_max_y' => 768, -'preview_max_scale_factor' => 1, -'redis' => -array ( -'host' => '/var/run/redis/redis.sock', -'port' => 0, -'timeout' => 0.0, -), -'quota_include_external_storage' => false, -'share_folder' => '/Shares', -'skeletondirectory' => '', -'trashbin_retention_obligation' => 'auto, 7', -); -EOF -###remove leading whitespaces -sed -i 's/^[ ]*//' /var/www/nextcloud/config/config.php -restart_all_services -update_and_clean -###installfail2ban -apt install fail2ban -y -###create a fail2ban Nextcloud filter -touch /etc/fail2ban/filter.d/nextcloud.conf -cat </etc/fail2ban/filter.d/nextcloud.conf -[Definition] -failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: ''\)","level":2,"time":".*"}\$ -^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: ''\)".*}\$ -^.*\"remoteAddr\":\"\".*Trusted domain error.*\$ -EOF -###create a fail2ban Nextcloud jail -touch /etc/fail2ban/jail.d/nextcloud.local -cat </etc/fail2ban/jail.d/nextcloud.local -[nextcloud] -backend = auto -enabled = true -port = 80,443 -protocol = tcp -filter = nextcloud -maxretry = 3 -bantime = 36000 -findtime = 36000 -logpath = /var/nc_data/nextcloud.log -EOF -update_and_clean -###install ufw -apt install ufw -y -###open firewall ports 80+443 for http(s) -ufw allow 80/tcp -ufw allow 443/tcp -###open firewall port 22 for SSH -ufw allow 22/tcp -###enable UFW (autostart) -ufw enable -###restart fail2ban, ufw and redis-server services -/usr/sbin/service ufw restart -/usr/sbin/service fail2ban restart -/usr/sbin/service redis-server restart -###clean up redis-server -redis-cli -s /var/run/redis/redis.sock <