diff --git a/nextcloud-updater b/nextcloud-updater index 9973b4a..9a5ee21 100644 --- a/nextcloud-updater +++ b/nextcloud-updater @@ -1,22 +1,104 @@ #!/bin/bash set -euo pipefail +### VARIABLEN ### user=www-data -php=/usr/bin/php8.2 +php_version=8.2 +php="/usr/bin/php${php_version}" path=/var/www/nextcloud +lxc_timezone="Europe/Berlin" echo "===== Starting Nextcloud update script =====" + +### 1. Pakete sicherstellen ### +export DEBIAN_FRONTEND=noninteractive +export DEBIAN_PRIORITY=critical +apt update -qq +apt install -y -qq --no-install-recommends \ + tree locate screen zip ffmpeg ghostscript libfile-fcntllock-perl libfuse2 socat fail2ban ldap-utils cifs-utils redis-server imagemagick libmagickcore-6.q16-6-extra \ + postgresql-15 nginx php${php_version}-{fpm,gd,mysql,pgsql,curl,xml,zip,intl,mbstring,bz2,ldap,apcu,bcmath,gmp,imagick,igbinary,redis,dev,smbclient,cli,common,opcache,readline} + +### 2. Backups ### +for file in \ + /etc/php/${php_version}/fpm/pool.d/www.conf \ + /etc/php/${php_version}/cli/php.ini \ + /etc/php/${php_version}/fpm/php.ini \ + /etc/php/${php_version}/fpm/php-fpm.conf \ + /etc/php/${php_version}/mods-available/apcu.ini \ + /etc/ImageMagick-6/policy.xml +do + [ -f "$file" ] && cp "$file" "${file}.bak" +done + +### 3. PHP-Optionen setzen ### +set_php_option() { + local key="$1" + local value="$2" + local file="$3" + if grep -Eq "^[;#]*\s*${key}\s*=" "$file"; then + sed -i -E "s|^[;#]*\s*(${key})\s*=.*|\1 = ${value}|" "$file" + else + echo "${key} = ${value}" >> "$file" + fi +} + +echo "Updating PHP configuration..." +for ini in "/etc/php/${php_version}/cli/php.ini" "/etc/php/${php_version}/fpm/php.ini"; do + set_php_option memory_limit 1024M "$ini" + set_php_option upload_max_filesize 10240M "$ini" + set_php_option post_max_size 10240M "$ini" + set_php_option max_execution_time 3600 "$ini" + set_php_option max_input_time 3600 "$ini" + set_php_option date.timezone "$lxc_timezone" "$ini" + set_php_option output_buffering Off "$ini" +done + +# OPCache speziell +for ini in "/etc/php/${php_version}/fpm/php.ini"; do + set_php_option opcache.enable 1 "$ini" + set_php_option opcache.enable_cli 1 "$ini" + set_php_option opcache.memory_consumption 128 "$ini" + set_php_option opcache.interned_strings_buffer 16 "$ini" + set_php_option opcache.max_accelerated_files 10000 "$ini" + set_php_option opcache.revalidate_freq 1 "$ini" + set_php_option opcache.save_comments 1 "$ini" +done + +# APCu +if ! grep -q "apc.enable_cli" /etc/php/${php_version}/mods-available/apcu.ini; then + echo "apc.enable_cli=1" >> /etc/php/${php_version}/mods-available/apcu.ini +fi + +# FPM Pool Einstellungen +fpm_pool="/etc/php/${php_version}/fpm/pool.d/www.conf" +sed -i -E "s|^;?env\[PATH\]|env[PATH]|" "$fpm_pool" +sed -i -E "s|^pm.max_children\s*=.*|pm.max_children = 120|" "$fpm_pool" +sed -i -E "s|^pm.start_servers\s*=.*|pm.start_servers = 12|" "$fpm_pool" +sed -i -E "s|^pm.min_spare_servers\s*=.*|pm.min_spare_servers = 6|" "$fpm_pool" +sed -i -E "s|^pm.max_spare_servers\s*=.*|pm.max_spare_servers = 18|" "$fpm_pool" +sed -i -E "s|^;?pm.max_requests\s*=.*|pm.max_requests = 1000|" "$fpm_pool" + +### 4. ImageMagick Policies ### +sed -i "s/rights=\"none\" pattern=\"\(PS\|EPS\|PDF\|XPS\)\"/rights=\"read|write\" pattern=\"\1\"/" /etc/ImageMagick-6/policy.xml + +### 5. PHP-FPM & nginx reload ### +systemctl restart php${php_version}-fpm +systemctl reload nginx + +### 6. Nextcloud status vor Update ### sudo -u "$user" "$php" "$path/occ" status -# Update via updater.phar +### 7. Updater ### +echo "Running updater.phar..." sudo -u "$user" "$php" "$path/updater/updater.phar" --no-backup --no-interaction -# OCC-Befehle +### 8. OCC Aufgaben ### declare -a occ_commands=( "db:add-missing-primary-keys" "db:add-missing-indices" "db:add-missing-columns" "db:convert-filecache-bigint -n" + "maintenance:repair --include-expensive" "files:scan-app-data" "files:scan --all" "app:update --all" @@ -24,9 +106,27 @@ declare -a occ_commands=( ) for cmd in "${occ_commands[@]}"; do - echo "Running: occ $cmd" + echo " Running: occ $cmd" sudo -u "$user" "$php" "$path/occ" $cmd done +### 9. Wartungsfenster setzen ### +sudo -u "$user" "$php" "$path/occ" config:system:set maintenance_window_start --value="3" --type=integer + +### 10. MIME-Type für .mjs setzen ### +if ! grep -q "mjs" /etc/nginx/mime.types; then + echo " application/javascript mjs;" >> /etc/nginx/mime.types + systemctl reload nginx +fi + +### 11. Header setzen, falls noch nicht vorhanden ### +if ! grep -q "X-Robots-Tag" /etc/nginx/conf.d/*; then + sed -i '/server {/a \\tadd_header X-Robots-Tag "noindex, nofollow" always;' /etc/nginx/conf.d/nextcloud.conf + systemctl reload nginx +fi + +### 12. Status nach Update ### sudo -u "$user" "$php" "$path/occ" status -echo "===== Nextcloud update complete =====" +echo " Nextcloud update complete." + +reboot