You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

install.sh 9.0KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284
  1. #! /bin/bash
  2. # @author alban
  3. # @since 2019-09-06
  4. # @license GPLv3
  5. # @url https://git.interhacker.space/alban/wekan-bash-installer
  6. MSG="Please provide the domain name you want to host wekan on [Default:localhost] : "
  7. read -p "$MSG" DOMAIN
  8. DOMAIN=${DOMAIN:-localhost}
  9. MSG="Please provide the email address for wekan service mails [Default:wekan@${DOMAIN}] : "
  10. read -p "$MSG" EMAIL
  11. DEFAULT_EMAIL="wekan@$DOMAIN"
  12. EMAIL=${EMAIL:-$DEFAULT_EMAIL}
  13. [ "$DOMAIN" != "localhost" ] && {
  14. MSG="Do you want to deploy an HTTPS vhost for wekan? [Y/n]"
  15. read -p "$MSG"
  16. REPLY=${REPLY:-Y}
  17. SSL=$( [ "${REPLY^^}" == "Y" ] && echo "yes" || echo "no" )
  18. }
  19. ################################################################################
  20. # You MIGHT change the following variables depending on your situation
  21. ################################################################################
  22. # Which nodejs do you wish to install
  23. NODEREPO="node_12.x"
  24. ################################################################################
  25. # After that, you should not need to edit anything below.
  26. # But hack at leisure ;)
  27. ################################################################################
  28. # This script will only work on Debian 9 "Stretch"
  29. DISTRO="stretch"
  30. # Helper functions
  31. ops=0
  32. Lets(){ let $(( ops++ )); echo -e "\n# ${ops}: $@\n"; }
  33. Red(){ echo -e "\033[0;31m$@\033[0m"; }
  34. # Now comments will be noted by "^Lets" lines, see next line as an example
  35. Lets install required packages for basic APT operations
  36. apt update
  37. apt install -y apt-transport-https curl gnupg
  38. Lets install the nodejs repository
  39. curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
  40. echo "deb https://deb.nodesource.com/${NODEREPO} ${DISTRO} main" > /etc/apt/sources.list.d/$NODEREPO.list
  41. Lets install application packages and set the services auto up
  42. apt update
  43. apt install -y nodejs mongodb mongodb-server git nginx npm supervisor certbot make g++ unzip
  44. for f in mongodb nginx supervisor ; do systemctl enable $f; done
  45. dpkg -l postfix | grep -q -E "^.i +postfix" || {
  46. Lets install and configure the email service
  47. Red Caution! Please choose the \"Internet Site\" option when requested!
  48. apt install -y postfix
  49. Lets configure Postfix to run on local loopback only
  50. postconf -e 'inet_interfaces = 127.0.0.1'
  51. service postfix restart
  52. }
  53. if [ $SSL == "yes" ] ; then
  54. Lets create the nginx HTTP virtual host
  55. cat << HEREDOC > /etc/nginx/sites-available/wekan.conf
  56. # nginx configuration for wekan proxying
  57. # this section is needed to proxy web-socket connections
  58. map \$http_upgrade \$connection_upgrade {
  59. default upgrade;
  60. '' close;
  61. }
  62. server {
  63. listen 80;
  64. server_name $DOMAIN;
  65. large_client_header_buffers 8 64k;
  66. client_header_buffer_size 64k;
  67. location .well-known/acme-challenge {
  68. root /var/www/letsencrypt;
  69. }
  70. location / {
  71. return 301 https://\$host\$request_uri;
  72. }
  73. }
  74. HEREDOC
  75. [ -L /etc/nginx/sites-enabled/wekan.conf ] || ln -s ../sites-available/wekan.conf /etc/nginx/sites-enabled/wekan.conf
  76. Lets reload nginx
  77. nginx -t && service nginx reload
  78. Lets request the certificate from Letsencrypt
  79. mkdir -p /var/www/letsencrypt/.well-known/acme-challenge
  80. echo "test $(hostname) OK" > /var/www/letsencrypt/.well-known/acme-challenge/test.txt
  81. chown -R www-data:www-data /var/www/letsencrypt
  82. curl http://$DOMAIN/.well-known/acme-challenge/test.txt && \
  83. certbot certonly --webroot --agree-tos -w /var/www/letsencrypt/ --email certs@$DOMAIN -d $DOMAIN
  84. Lets create the HTTPS virtual host
  85. cat << HEREDOC >> /etc/nginx/sites-available/wekan.conf
  86. server {
  87. listen 443 http2;
  88. server_name $DOMAIN;
  89. large_client_header_buffers 8 64k;
  90. client_header_buffer_size 64k;
  91. ssl on;
  92. ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
  93. ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
  94. ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
  95. # If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
  96. # This works because IE 11 does not present itself as MSIE anymore
  97. if (\$http_user_agent ~ "MSIE" ) {
  98. return 303 https://browser-update.org/update.html;
  99. }
  100. # Pass requests to Wekan.
  101. # If you have Wekan at https://example.com/wekan , change location to:
  102. # location /wekan {
  103. location / {
  104. proxy_pass http://127.0.0.1:8080;
  105. proxy_http_version 1.1;
  106. proxy_set_header Upgrade \$http_upgrade; # allow websockets
  107. proxy_set_header Connection \$connection_upgrade;
  108. proxy_set_header X-Forwarded-For \$remote_addr; # preserve client IP
  109. # this setting allows the browser to cache the application in a way compatible with Meteor
  110. # on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
  111. # the root path (/) MUST NOT be cached
  112. if (\$uri != '/wekan') {
  113. expires 30d;
  114. }
  115. }
  116. }
  117. HEREDOC
  118. Lets reload nginx to handle HTTPS
  119. nginx -t && service nginx restart
  120. else
  121. Lets create the nginx HTTP virtual host
  122. cat << HEREDOC > /etc/nginx/sites-available/wekan.conf
  123. # nginx configuration for wekan proxying
  124. # this section is needed to proxy web-socket connections
  125. map \$http_upgrade \$connection_upgrade {
  126. default upgrade;
  127. '' close;
  128. }
  129. server {
  130. listen 80;
  131. server_name $DOMAIN;
  132. large_client_header_buffers 8 64k;
  133. client_header_buffer_size 64k;
  134. location .well-known/acme-challenge {
  135. root /var/www/letsencrypt;
  136. }
  137. # If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
  138. # This works because IE 11 does not present itself as MSIE anymore
  139. if (\$http_user_agent ~ "MSIE" ) {
  140. return 303 https://browser-update.org/update.html;
  141. }
  142. # Pass requests to Wekan.
  143. # If you have Wekan at https://example.com/wekan , change location to:
  144. # location /wekan {
  145. location / {
  146. proxy_pass http://127.0.0.1:8080;
  147. proxy_http_version 1.1;
  148. proxy_set_header Upgrade \$http_upgrade; # allow websockets
  149. proxy_set_header Connection \$connection_upgrade;
  150. proxy_set_header X-Forwarded-For \$remote_addr; # preserve client IP
  151. # this setting allows the browser to cache the application in a way compatible with Meteor
  152. # on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
  153. # the root path (/) MUST NOT be cached
  154. if (\$uri != '/wekan') {
  155. expires 30d;
  156. }
  157. }
  158. }
  159. HEREDOC
  160. fi
  161. Lets create the supervisor configuration
  162. mkdir /var/log/wekan
  163. ROOT_URL=$( [ $SSL == "yes" ] && echo "https://$DOMAIN" || echo "http://$DOMAIN")
  164. cat << HEREDOC > /etc/supervisor/conf.d/wekan.conf
  165. [program:wekan]
  166. command=/usr/bin/node main.js
  167. process_name=%(program_name)s
  168. numprocs=1
  169. directory=/home/wekan/bundle
  170. umask=022
  171. priority=999
  172. autostart=true
  173. startsecs=1
  174. startretries=3
  175. autorestart=unexpected
  176. exitcodes=0,2
  177. stopsignal=QUIT
  178. stopwaitsecs=10
  179. stopasgroup=false
  180. killasgroup=false
  181. user=wekan
  182. redirect_stderr=false
  183. stdout_logfile=/var/log/wekan/out.log
  184. stdout_logfile_maxbytes=1MB
  185. stdout_logfile_backups=10
  186. stdout_capture_maxbytes=1MB
  187. stdout_events_enabled=false
  188. stderr_logfile=/var/log/wekan/err.log
  189. stderr_logfile_maxbytes=1MB
  190. stderr_logfile_backups=10
  191. stderr_capture_maxbytes=1MB
  192. stderr_events_enabled=false
  193. environment=MONGO_URL='mongodb://127.0.0.1:27017/wekan',ROOT_URL='$ROOT_URL',MAIL_URL='smtp://localhost:25/',MAIL_FROM='$EMAIL',PORT=8080,BIND_IP=127.0.0.1,HTTP_FORWARDED_COUNT=1
  194. serverurl=AUTO
  195. HEREDOC
  196. Lets create the auto upgrade script
  197. cat << HEREDOC > /usr/local/sbin/auto_upgrade_wekan
  198. #! /bin/bash
  199. exec & >> /var/log/auto_upgrade_wekan.log
  200. URL="https://releases.wekan.team/"
  201. NEW=\$(curl -s \$URL | grep -e ">wekan.*zip"|sed -r "s/^.*>wekan-(.*?).zip<.*\$/\1/"| sort | tail -n 1)
  202. CUR=\$(readlink /home/wekan/bundle| cut -d"/" -f 4)
  203. [ "\$NEW" == "\$CUR" ] && exit 0
  204. [ -e /home/wekan/\$NEW ] && exit 0
  205. echo "\$(date) Install \$NEW"
  206. TMP=\$( mktemp -d )
  207. cd "\$TMP"
  208. wget --quiet "\$URL/wekan-\$NEW.zip"
  209. unzip "wekan-\$NEW.zip" &>/dev/null
  210. mv bundle "/home/wekan/\$NEW"
  211. cd "/home/wekan/\$NEW/programs/server"
  212. npm uninstall fibers
  213. npm install fibers
  214. chown -R wekan:wekan "/home/wekan/\$NEW"
  215. rm -rf "\$TMP"
  216. rm -f "/home/wekan/bundle"
  217. ln -s "/home/wekan/\$NEW" "/home/wekan/bundle"
  218. supervisorctl restart wekan
  219. echo "\$(date) Restarted"
  220. HEREDOC
  221. chmod +x /usr/local/sbin/auto_upgrade_wekan
  222. cat << HEREDOC > /etc/cron.d/auto_upgrade_wekan
  223. PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin/:/usr/local/bin/
  224. 0 0 * * * root /usr/local/sbin/auto_upgrade_wekan
  225. HEREDOC
  226. Lets add a wekan user
  227. adduser --disabled-password --gecos "" wekan
  228. Lets download the latest bundle
  229. URL="https://releases.wekan.team/"
  230. NEW=$(curl -s $URL | grep -e ">wekan.*zip"|sed -r "s/^.*>wekan-(.*?).zip<.*$/\1/"| sort | tail -n 1)
  231. TMP=$( mktemp -d )
  232. cd "$TMP"
  233. wget --quiet "$URL/wekan-$NEW.zip"
  234. unzip "wekan-$NEW.zip" &>/dev/null
  235. mv bundle "/home/wekan/$NEW"
  236. cd "/home/wekan/$NEW/programs/server"
  237. npm uninstall fibers
  238. npm install fibers
  239. chown -R wekan:wekan "/home/wekan/$NEW"
  240. rm -rf "$TMP"
  241. ln -s "/home/wekan/$NEW" "/home/wekan/bundle"
  242. Lets reload supervisor
  243. supervisorctl reread
  244. supervisorctl update