diff --git a/.configure.sh b/.configure.sh index 605f854..c987577 100644 --- a/.configure.sh +++ b/.configure.sh @@ -1,8 +1,11 @@ -#!/bin/bash +!/bin/bash echo "### ownDynDNS configuration script" # set variables -scriptversion="1.0" +scriptversion="1.2" + +wwwuserd="www-data" +wwwgroupd="www-data" defaultenvfile=".env.dist" @@ -65,8 +68,7 @@ else log="false" fi -echo "the logfile is created in this directory by default." -echo "your ip history is thereby publically available." +echo "the logfile is created in this directory by default. your ip history is thereby publically available." echo "select where the logfile should be created if enabled:" echo "[1] default: ${log1}" echo "[2] private: ${log2}" @@ -86,9 +88,52 @@ case $choice in ;; esac +echo "the logfile needs to be writable by the webserver if logging is enabled." +read -p "which user does the webserver run as? [${wwwuserd}]: " wwwuser +wwwuser=${wwwuser:-$wwwuserd} + +read -p "which group does the webserver run as? [${wwwgroupd}]: " wwwgroup +wwwgroup=${wwwgroup:-$wwwgroupd} + mkdir -p $(dirname $logfile) && touch $logfile || echo "### could not create logfile!" +chown $wwwuser:$wwwgroup $logfile +chmod 0640 $logfile #echo "logfile will be created at: ${logfile}" + + +### Apache htaccess file config +echo "if you are using apache it is recommended to enable the .htaccess file to prevent unauthorized access to the .env file and any logfile." +echo "select if you want to enable the .htaccess file:" +echo "[1] no .htaccess file. (e.g. using nginx)" +echo "[2] block access to .env file only (default log location accessible)" +echo "[3] block access to .env file and log file" + +read -p "select from the choices above [1]: " choice +case $choice in + 2) + cat > $htaccess << EOM + + Order allow,deny + Deny from all + +EOM + rm .htaccess.example + ;; + 3) + mv .htaccess{.example,} + ;; + *) + rm .htaccess.example + ;; +esac + +### nginx htaccess equivalent message +echo "if you are using nginx please read the docs about how to disable access to certain files and folders.\nyou might add a location block to the beginning of your site config as follows:" +echo -e " location ~* (env|log|json) {\n deny all;\n return 404;\n }" + + + ### create the .env file if [ -f $envfile ] then