#!/bin/bash set -euo pipefail ### VARIABLEN ### user=www-data php_version=8.2 php="/usr/bin/php${php_version}" path=/var/www/nextcloud lxc_timezone="Europe/Berlin" echo "===== Starting Nextcloud update script =====" ### 1. Pakete sicherstellen ### export DEBIAN_FRONTEND=noninteractive export DEBIAN_PRIORITY=critical apt update -qq apt install -y -qq --no-install-recommends \ tree locate screen zip ffmpeg ghostscript libfile-fcntllock-perl libfuse2 socat fail2ban ldap-utils cifs-utils redis-server imagemagick libmagickcore-6.q16-6-extra \ postgresql-15 nginx php${php_version}-{fpm,gd,mysql,pgsql,curl,xml,zip,intl,mbstring,bz2,ldap,apcu,bcmath,gmp,imagick,igbinary,redis,dev,smbclient,cli,common,opcache,readline} ### 2. Backups ### for file in \ /etc/php/${php_version}/fpm/pool.d/www.conf \ /etc/php/${php_version}/cli/php.ini \ /etc/php/${php_version}/fpm/php.ini \ /etc/php/${php_version}/fpm/php-fpm.conf \ /etc/php/${php_version}/mods-available/apcu.ini \ /etc/ImageMagick-6/policy.xml do [ -f "$file" ] && cp "$file" "${file}.bak" done ### 3. PHP-Optionen setzen ### set_php_option() { local key="$1" local value="$2" local file="$3" if grep -Eq "^[;#]*\s*${key}\s*=" "$file"; then sed -i -E "s|^[;#]*\s*(${key})\s*=.*|\1 = ${value}|" "$file" else echo "${key} = ${value}" >> "$file" fi } echo "Updating PHP configuration..." for ini in "/etc/php/${php_version}/cli/php.ini" "/etc/php/${php_version}/fpm/php.ini"; do set_php_option memory_limit 1024M "$ini" set_php_option upload_max_filesize 10240M "$ini" set_php_option post_max_size 10240M "$ini" set_php_option max_execution_time 3600 "$ini" set_php_option max_input_time 3600 "$ini" set_php_option date.timezone "$lxc_timezone" "$ini" set_php_option output_buffering Off "$ini" done # OPCache speziell for ini in "/etc/php/${php_version}/fpm/php.ini"; do set_php_option opcache.enable 1 "$ini" set_php_option opcache.enable_cli 1 "$ini" set_php_option opcache.memory_consumption 128 "$ini" set_php_option opcache.interned_strings_buffer 16 "$ini" set_php_option opcache.max_accelerated_files 10000 "$ini" set_php_option opcache.revalidate_freq 1 "$ini" set_php_option opcache.save_comments 1 "$ini" done # APCu if ! grep -q "apc.enable_cli" /etc/php/${php_version}/mods-available/apcu.ini; then echo "apc.enable_cli=1" >> /etc/php/${php_version}/mods-available/apcu.ini fi # FPM Pool Einstellungen fpm_pool="/etc/php/${php_version}/fpm/pool.d/www.conf" sed -i -E "s|^;?env\[PATH\]|env[PATH]|" "$fpm_pool" sed -i -E "s|^pm.max_children\s*=.*|pm.max_children = 120|" "$fpm_pool" sed -i -E "s|^pm.start_servers\s*=.*|pm.start_servers = 12|" "$fpm_pool" sed -i -E "s|^pm.min_spare_servers\s*=.*|pm.min_spare_servers = 6|" "$fpm_pool" sed -i -E "s|^pm.max_spare_servers\s*=.*|pm.max_spare_servers = 18|" "$fpm_pool" sed -i -E "s|^;?pm.max_requests\s*=.*|pm.max_requests = 1000|" "$fpm_pool" ### 4. ImageMagick Policies ### sed -i "s/rights=\"none\" pattern=\"\(PS\|EPS\|PDF\|XPS\)\"/rights=\"read|write\" pattern=\"\1\"/" /etc/ImageMagick-6/policy.xml ### 5. PHP-FPM & nginx reload ### systemctl restart php${php_version}-fpm systemctl reload nginx ### 6. Nextcloud status vor Update ### sudo -u "$user" "$php" "$path/occ" status ### 7. Updater ### echo "Running updater.phar..." sudo -u "$user" "$php" "$path/updater/updater.phar" --no-backup --no-interaction ### 8. OCC Aufgaben ### declare -a occ_commands=( "db:add-missing-primary-keys" "db:add-missing-indices" "db:add-missing-columns" "db:convert-filecache-bigint -n" "maintenance:repair --include-expensive" "files:scan-app-data" "files:scan --all" "app:update --all" "upgrade" ) for cmd in "${occ_commands[@]}"; do echo " Running: occ $cmd" sudo -u "$user" "$php" "$path/occ" $cmd done ### 9. Wartungsfenster setzen ### sudo -u "$user" "$php" "$path/occ" config:system:set maintenance_window_start --value="3" --type=integer ### 10. MIME-Type für .mjs setzen ### if ! grep -q "mjs" /etc/nginx/mime.types; then echo " application/javascript mjs;" >> /etc/nginx/mime.types systemctl reload nginx fi ### 11. Header setzen, falls noch nicht vorhanden ### if ! grep -q "X-Robots-Tag" /etc/nginx/conf.d/*; then sed -i '/server {/a \\tadd_header X-Robots-Tag "noindex, nofollow" always;' /etc/nginx/conf.d/nextcloud.conf systemctl reload nginx fi ### 12. Status nach Update ### sudo -u "$user" "$php" "$path/occ" status echo " Nextcloud update complete." reboot