commit 32f158b57b991c3c3c3e93e52796d407dec98943
Author: alban <alban@octopuce.fr>
Date:   Sat Sep 7 22:32:42 2019 +0200

    [init]

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..8e05a86
--- /dev/null
+++ b/README.md
@@ -0,0 +1,71 @@
+# Wekan BASH Installer
+
+## Why using this script?
+
+If like me, you want to run Wekan on Debian and the [install options](https://github.com/wekan/wekan/wiki/Platforms) don't fit your model.
+
+**Debian 9 Stretch images required for this script to work**
+
+It won't work on Debian 10 Buster, little story about that below if you're interested.
+
+## Crash course
+
+
+`curl https://git.interhacker.space/alban/wekan-bash-installer/raw/branch/master/install.sh | bash`
+
+Pretty simple if you're into `curl|bash` methods ;) Otherwise feel free to `git clone`, `wget`, or use the method of your liking to download and execute.
+
+
+## How it works
+
+**The script will install the following assets**
+
+* Wekan
+* NodeJS
+* MongoDB
+* Nginx
+* Letsencrypt
+* Supervisor
+* Postfix
+* Wekan auto updater
+
+**Notes**
+
+* Wekan runs on localhost port 8080
+* Nginx acts as a reverse proxy for Wekan
+* Letsencrypt is used to provide HTTPS
+* Supervisor provides the daemonization of the process
+* Postfix runs on localhost to send emails, if not configured previously
+* The Wekan auto updater cron will check new bundles, install them, and reload the service
+* You can configure in the script the NodeJS version of your choice
+* NodeJS is installed from the NodeSource repository
+
+
+
+## Words of Caution
+
+### HTTPS and $DOMAIN
+
+If you want an HTTPS vhost, better add your domain to the DNS.
+
+Or Letsencrypt won't be able to verify your domain and you will get no certificate.
+
+#### Backups
+
+There's no mongodb backup automatically configured. Please don't run this in production without a data backup plan.
+
+## Bugs, contribution
+
+All are welcome.
+
+Please send an email to wekan@albancrommer.com in case of an emergency.
+
+## Why Debian 9 only?
+
+Ah, well, you're reading, hey? Here's our little story.
+
+Some day, mongodb decided it should change its licensing, and since it was restricting the freedom of its users Debian to remove mongodb packages from its new repositories.
+
+Installing mongodb on Debian 10 «Buster» is a mess, and it doesn't look like mongodb has made any move to fix it.
+
+So meanwhile, you're better off running
diff --git a/install.sh b/install.sh
new file mode 100644
index 0000000..5ea4929
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,284 @@
+#! /bin/bash
+# @author   alban
+# @since    2019-09-06
+# @license  GPLv3
+# @url      https://git.interhacker.space/alban/wekan-bash-installer
+
+# Which
+MSG="Please provide the domain name you want to host wekan on [Default:localhost] : "
+read -p "$MSG" DOMAIN
+DOMAIN=${DOMAIN:-localhost}
+
+MSG="Please provide the email address for wekan service mails [Default:wekan@${DOMAIN}] : "
+read -p "$MSG" EMAIL
+DEFAULT_EMAIL="wekan@$DOMAIN"
+EMAIL=${EMAIL:-$DEFAULT_EMAIL}
+
+[ "$DOMAIN" != "localhost" ] && {
+  MSG="Do you want to deploy an HTTPS vhost for wekan? [Y/n]"
+  read -p "$MSG"
+  REPLY=${REPLY:-Y}
+  SSL=$( [ "${REPLY^^}" == "Y" ] && echo "yes" || echo "no" )
+
+}
+
+################################################################################
+# You MIGHT change the following variables depending on your situation
+################################################################################
+
+# Which nodejs do you wish to install
+NODEREPO="node_12.x"
+
+
+################################################################################
+# After that, you should not need to edit anything below.
+# But hack at leisure ;)
+################################################################################
+
+# This script will only work on Debian 9 "Stretch"
+DISTRO="stretch"
+
+# Helper functions
+ops=0
+Lets(){ let $(( ops++ )); echo -e "\n# ${ops}: $@\n"; }
+Red(){ echo -e "\033[0;31m$@\033[0m"; }
+
+# Now comments will be noted by "^Lets" lines, see next line as an example
+Lets install required packages for basic APT operations
+apt update
+apt install -y apt-transport-https curl gnupg
+
+Lets install the nodejs repository
+curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
+echo "deb https://deb.nodesource.com/${NODEREPO} ${DISTRO} main" > /etc/apt/sources.list.d/$NODEREPO.list
+
+Lets install application packages and set the services auto up
+apt update
+apt install -y nodejs mongodb mongodb-server git nginx npm supervisor certbot make g++ unzip
+for f in mongodb nginx supervisor ; do systemctl enable $f; done
+
+dpkg -l postfix | grep -q -E "^.i +postfix" || {
+
+  Lets install and configure the email service
+  Red Caution! Please choose the  \"Internet Site\" option when requested!
+  apt install -y postfix
+
+  Lets configure Postfix to run on local loopback only
+  postconf -e 'inet_interfaces = 127.0.0.1'
+  service postfix restart
+
+}
+
+if [ $SSL == "yes" ] ; then
+
+  Lets create the nginx HTTP virtual host
+cat << HEREDOC > /etc/nginx/sites-available/wekan.conf
+# nginx configuration for wekan proxying
+
+# this section is needed to proxy web-socket connections
+map \$http_upgrade \$connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+server {
+  listen 80;
+  server_name $DOMAIN;
+  large_client_header_buffers 8 64k;
+  client_header_buffer_size 64k;
+  location .well-known/acme-challenge {
+    root /var/www/letsencrypt;
+  }
+  location / {
+    return 301 https://\$host\$request_uri;
+  }
+}
+HEREDOC
+  [ -L /etc/nginx/sites-enabled/wekan.conf ] || ln -s ../sites-available/wekan.conf /etc/nginx/sites-enabled/wekan.conf
+
+  Lets reload nginx
+  nginx -t && service nginx reload
+
+  Lets request the certificate from Letsencrypt
+  mkdir -p /var/www/letsencrypt/.well-known/acme-challenge
+  echo "test $(hostname) OK" > /var/www/letsencrypt/.well-known/acme-challenge/test.txt
+  chown -R www-data:www-data /var/www/letsencrypt
+  curl http://$DOMAIN/.well-known/acme-challenge/test.txt && \
+  certbot certonly --webroot --agree-tos -w /var/www/letsencrypt/ --email certs@$DOMAIN -d $DOMAIN
+
+  Lets create the HTTPS virtual host
+cat << HEREDOC >> /etc/nginx/sites-available/wekan.conf
+server {
+  listen 443 http2;
+  server_name $DOMAIN;
+  large_client_header_buffers 8 64k;
+  client_header_buffer_size 64k;
+  ssl on;
+  ssl_certificate     /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
+  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+
+  # If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
+  # This works because IE 11 does not present itself as MSIE anymore
+  if (\$http_user_agent ~ "MSIE" ) {
+      return 303 https://browser-update.org/update.html;
+  }
+
+  # Pass requests to Wekan.
+  # If you have Wekan at https://example.com/wekan , change location to:
+  # location /wekan {
+  location / {
+      proxy_pass http://127.0.0.1:8080;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade \$http_upgrade; # allow websockets
+      proxy_set_header Connection \$connection_upgrade;
+      proxy_set_header X-Forwarded-For \$remote_addr; # preserve client IP
+
+      # this setting allows the browser to cache the application in a way compatible with Meteor
+      # on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
+      # the root path (/) MUST NOT be cached
+      if (\$uri != '/wekan') {
+          expires 30d;
+      }
+  }
+
+}
+HEREDOC
+
+  Lets reload nginx to handle HTTPS
+  nginx -t && service nginx restart
+else
+
+  Lets create the nginx HTTP virtual host
+cat << HEREDOC > /etc/nginx/sites-available/wekan.conf
+# nginx configuration for wekan proxying
+
+# this section is needed to proxy web-socket connections
+map \$http_upgrade \$connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+server {
+  listen 80;
+  server_name $DOMAIN;
+  large_client_header_buffers 8 64k;
+  client_header_buffer_size 64k;
+  location .well-known/acme-challenge {
+    root /var/www/letsencrypt;
+  }
+
+  # If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
+  # This works because IE 11 does not present itself as MSIE anymore
+  if (\$http_user_agent ~ "MSIE" ) {
+      return 303 https://browser-update.org/update.html;
+  }
+
+  # Pass requests to Wekan.
+  # If you have Wekan at https://example.com/wekan , change location to:
+  # location /wekan {
+  location / {
+      proxy_pass http://127.0.0.1:8080;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade \$http_upgrade; # allow websockets
+      proxy_set_header Connection \$connection_upgrade;
+      proxy_set_header X-Forwarded-For \$remote_addr; # preserve client IP
+
+      # this setting allows the browser to cache the application in a way compatible with Meteor
+      # on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
+      # the root path (/) MUST NOT be cached
+      if (\$uri != '/wekan') {
+          expires 30d;
+      }
+  }
+}
+HEREDOC
+
+fi
+
+Lets create the supervisor configuration
+mkdir /var/log/wekan
+ROOT_URL=$( [ $SSL == "yes" ] && echo "https://$DOMAIN" || echo "http://$DOMAIN")
+
+cat << HEREDOC > /etc/supervisor/conf.d/wekan.conf
+[program:wekan]
+command=/usr/bin/node main.js
+process_name=%(program_name)s
+numprocs=1
+directory=/home/wekan/bundle
+umask=022
+priority=999
+autostart=true
+startsecs=1
+startretries=3
+autorestart=unexpected
+exitcodes=0,2
+stopsignal=QUIT
+stopwaitsecs=10
+stopasgroup=false
+killasgroup=false
+user=wekan
+redirect_stderr=false
+stdout_logfile=/var/log/wekan/out.log
+stdout_logfile_maxbytes=1MB
+stdout_logfile_backups=10
+stdout_capture_maxbytes=1MB
+stdout_events_enabled=false
+stderr_logfile=/var/log/wekan/err.log
+stderr_logfile_maxbytes=1MB
+stderr_logfile_backups=10
+stderr_capture_maxbytes=1MB
+stderr_events_enabled=false
+environment=MONGO_URL='mongodb://127.0.0.1:27017/wekan',ROOT_URL='$ROOT_URL',MAIL_URL='smtp://localhost:25/',MAIL_FROM='$EMAIL',PORT=8080,BIND_IP=127.0.0.1,HTTP_FORWARDED_COUNT=1
+serverurl=AUTO
+HEREDOC
+
+Lets create the auto upgrade script
+cat << HEREDOC > /usr/local/sbin/auto_upgrade_wekan
+#! /bin/bash
+exec & >> /var/log/auto_upgrade_wekan.log
+URL="https://releases.wekan.team/"
+NEW=\$(curl -s \$URL | grep -e ">wekan.*zip"|sed -r "s/^.*>wekan-(.*?).zip<.*\$/\1/"| sort | tail -n 1)
+CUR=\$(readlink /home/wekan/bundle| cut -d"/" -f 4)
+[ "\$NEW" == "\$CUR" ] && exit 0
+[ -e /home/wekan/\$NEW ] && exit 0
+echo "$(date) Install $NEW"
+TMP=\$( mktemp -d )
+cd "\$TMP"
+wget --quiet "\$URL/wekan-\$NEW.zip"
+unzip "wekan-\$NEW.zip" &>/dev/null
+mv bundle "/home/wekan/\$NEW"
+cd "/home/wekan/\$NEW/programs/server"
+npm uninstall fibers
+npm install fibers
+chown -R wekan:wekan "/home/wekan/\$NEW"
+rm -rf "\$TMP"
+rm -f "/home/wekan/bundle"
+ln -s "/home/wekan/\$NEW" "/home/wekan/bundle"
+supervisorctl restart wekan
+echo "$(date) Restarted"
+HEREDOC
+chmod +x /usr/local/sbin/auto_upgrade_wekan
+cat << HEREDOC > /etc/cron.d/auto_upgrade_wekan
+0 0 * * * root /usr/local/sbin/auto_upgrade_wekan
+HEREDOC
+
+Lets add a wekan user
+adduser --disabled-password --gecos "" wekan
+
+Lets download the latest bundle
+URL="https://releases.wekan.team/"
+NEW=$(curl -s $URL | grep -e ">wekan.*zip"|sed -r "s/^.*>wekan-(.*?).zip<.*$/\1/"| sort | tail -n 1)
+TMP=$( mktemp -d )
+cd "$TMP"
+wget --quiet "$URL/wekan-$NEW.zip"
+unzip "wekan-$NEW.zip" &>/dev/null
+mv bundle "/home/wekan/$NEW"
+cd "/home/wekan/$NEW/programs/server"
+npm uninstall fibers
+npm install fibers
+chown -R wekan:wekan "/home/wekan/$NEW"
+rm -rf "$TMP"
+ln -s "/home/wekan/$NEW" "/home/wekan/bundle"
+
+Lets reload supervisor
+supervisorctl reread
+supervisorctl update