diff --git a/doc/rpm-build/debian.control b/doc/rpm-build/debian.control index 1933925350..952588c8b1 100644 --- a/doc/rpm-build/debian.control +++ b/doc/rpm-build/debian.control @@ -46,8 +46,8 @@ Description: web-based groupware suite - metapackage Package: egroupware-epl-core Architecture: all -Depends: apache2, - php5 (>= 5.6.0) | libapache2-mod-php (>=7.0), +Depends: apache2 | nginx, + php5 (>= 5.6.0) | libapache2-mod-php (>=7.0) | php-fpm (>=7.0), php5-cli | php-cli, php5-mysql | php5-pgsql | php-mysql | php-pgsql, php5-json | php-json, diff --git a/doc/rpm-build/debian.postinst b/doc/rpm-build/debian.postinst index 84314e2465..5250086a61 100644 --- a/doc/rpm-build/debian.postinst +++ b/doc/rpm-build/debian.postinst @@ -32,7 +32,8 @@ then then /usr/share/egroupware/doc/rpm-build/post_install.php 2>&1 | /usr/bin/tee -a $install_log else - if grep -q '^DISTRIB_ID="*Univention"*$' /etc/lsb-release + # Debian 9 has no more /etc/lsb-release and gives an error + if test -f /etc/lsb-release && grep -q '^DISTRIB_ID="*Univention"*$' /etc/lsb-release then if [ -n "$DOCKER_HOST_NAME" -a -n "$DB_HOST" ] then @@ -46,37 +47,43 @@ then --admin_passwd "*unchanged*" 2>&1 | /usr/bin/tee -a $install_log fi else - # Get configuration passwords - db_get "egroupware/header/user" - header_user="$RET" - db_get "egroupware/header/password" - header_password="$RET" + # for non-interactive install let post_install generate passwords + if [ "$DEBIAN_FRONTEND"="noninteractive" ] + then + /usr/share/egroupware/doc/rpm-build/post_install.php 2>&1 | /usr/bin/tee -a $install_log + else + # Get configuration passwords + db_get "egroupware/header/user" + header_user="$RET" + db_get "egroupware/header/password" + header_password="$RET" - # Get first egroupware user / pw - db_get "egroupware/admin/user" - admin_user="$RET" - db_get "egroupware/admin/password" - admin_password="$RET" + # Get first egroupware user / pw + db_get "egroupware/admin/user" + admin_user="$RET" + db_get "egroupware/admin/password" + admin_password="$RET" - # Get egroupware language - db_get "egroupware/lang" - lang="$RET" + # Get egroupware language + db_get "egroupware/lang" + lang="$RET" - # Get mysql root / pw - db_get "egroupware/db_root" - db_root="$RET" - db_get "egroupware/db_root_pw" - db_root_pw="$RET" + # Get mysql root / pw + db_get "egroupware/db_root" + db_root="$RET" + db_get "egroupware/db_root_pw" + db_root_pw="$RET" - /usr/share/egroupware/doc/rpm-build/post_install.php \ - --config_user "$header_user" \ - --config_passwd "$header_password" \ - --admin_user "$admin_user" \ - --admin_passwd "$admin_password" \ - --lang "$lang" \ - --db_type mysql \ - --db_root "$db_root" \ - --db_root_pw "$db_root_pw" 2>&1 | /usr/bin/tee -a $install_log + /usr/share/egroupware/doc/rpm-build/post_install.php \ + --config_user "$header_user" \ + --config_passwd "$header_password" \ + --admin_user "$admin_user" \ + --admin_passwd "$admin_password" \ + --lang "$lang" \ + --db_type mysql \ + --db_root "$db_root" \ + --db_root_pw "$db_root_pw" 2>&1 | /usr/bin/tee -a $install_log + fi fi fi echo "EGroupware install log saved to $install_log" @@ -89,16 +96,28 @@ then fi # Set up web server and reload it. - if [ -d /etc/apache2/conf.d ] ; then - ln -fs ../../egroupware/apache.conf /etc/apache2/conf.d/egroupware - else - if [ -d /etc/apache2/sites-available ] ; then - ln -fs ../../egroupware/apache.conf /etc/apache2/sites-available/egroupware.conf - a2ensite egroupware + if [ -d /etc/nginx ] + then + ln -fs ../../egroupware/nginx.conf /etc/nginx/sites-available/egroupware.conf + # initial install: enable egroupware and disable default site + if [ -z "$2" ] + then + ln -fs /etc/nginx/sites-available/egroupware.conf /etc/nginx/sites-enabled/ + rm -f /etc/nginx/sites-enabled/default fi + nginx -s reload + else + if [ -d /etc/apache2/conf.d ] ; then + ln -fs ../../egroupware/apache.conf /etc/apache2/conf.d/egroupware + else + if [ -d /etc/apache2/sites-available ] ; then + ln -fs ../../egroupware/apache.conf /etc/apache2/sites-available/egroupware.conf + a2ensite egroupware + fi + fi + a2enmod actions >/dev/null + webserver_soft_reload apache2 fi - a2enmod actions >/dev/null - webserver_soft_reload apache2 fi #DEBHELPER# diff --git a/doc/rpm-build/debian.rules b/doc/rpm-build/debian.rules index bda52b9a13..197bf958da 100644 --- a/doc/rpm-build/debian.rules +++ b/doc/rpm-build/debian.rules @@ -39,9 +39,10 @@ install: build # apply the patch cat ./doc/rpm-build/asyncservice.patch | patch -p1 - # customize apache config + # customize Apache/Nginx config mkdir -p $(CURDIR)/debian/egroupware-epl-core/etc/egroupware cp $(CURDIR)/doc/rpm-build/apache.conf $(CURDIR)/debian/egroupware-epl-core/etc/egroupware/apache.conf + cp $(CURDIR)/doc/rpm-build/nginx.conf $(CURDIR)/debian/egroupware-epl-core/etc/egroupware/nginx.conf # install core modules diff --git a/doc/rpm-build/nginx.conf b/doc/rpm-build/nginx.conf new file mode 100644 index 0000000000..ddedc840f0 --- /dev/null +++ b/doc/rpm-build/nginx.conf @@ -0,0 +1,83 @@ +# /etc/nginx/sites-available/egroupware-nginx.conf +# need to be symlinked to /etc/nginx/sites-enabled/ and nginx -s reload (after removing default!) +server { + listen 80 default_server; + + # ssl config + listen 443 ssl http2 default_server; + include snippets/snakeoil.conf; + # concatenate private key, certificate and intermediate certs to /etc/ssl/private/certificate.pem + #ssl_certificate /etc/ssl/private/certificate.pem; + #ssl_certificate_key /etc/ssl/private/certificate.pem; + # HTTP Strict-Transport-Security header (start with a short max-age!) + #add_header Strict-Transport-Security max-age=31536000; # 31536000sec=1year + + server_name _; + root /var/www/html; + + index index.php index.nginx-debian.html index.html index.htm; + + # EGroupware installed in /usr/share/egroupware + location ^~ /egroupware { + alias /usr/share/egroupware/; + try_files $uri $uri/ =404; + location ~ ^/egroupware(/(?U).+\.php) { + alias /usr/share/egroupware; + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + # added to support WebDAV/CalDAV/CardDAV + fastcgi_read_timeout 60m; + fastcgi_index index.php; + fastcgi_split_path_info ^((?U).+\.php)(.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; + # standard Nginx + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/share/egroupware$1; + fastcgi_param DOCUMENT_ROOT /var/www/html; + } + location ~ (?i)\.(ico|jpe?g|gif|png|svg|xet|xml|js|css|html|map|swf)$ { + access_log off; + expires 10d; + add_header Pragma public; + add_header Cache-Control "public"; + location ~ ^/egroupware(/.*)$ { + alias /usr/share/egroupware/; + try_files $1 =404; + } + } + } + + # PHP in docroot + #location ~ \.php { + # fastcgi_pass unix:/run/php/php7.0-fpm.sock; + # include fastcgi_params; + #} + + # ActiveSync support + location /Microsoft-Server-ActiveSync { + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + # added to support WebDAV/CalDAV/CardDAV + fastcgi_read_timeout 60m; + fastcgi_index index.php; + fastcgi_split_path_info ^((?U).+\.php)(.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/share/egroupware/activesync/index.php; + } + # CalDAV & CardDAV autoconfig + location ~ ^/.well-known/(caldav|carddav)$ { + return 301 $scheme://\$host/egroupware/groupdav.php/; + } + location ~ ^(/principals/users/.*)$ { + return 301 $scheme://$host/egroupware/groupdav.php$1; + } + # Nginx does NOT use index for OPTIONS requests breakng WebDAV + # for Windows, which sends OPTIONS / and stalls on Nginx 405 response! + # This also redirects all requests to root to EGroupware. + location = / { + return 301 $scheme://$host/egroupware/index.php; + } +}