cedricAbonnel/notes-techniques
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
48c26f9f8430370380f4cc074d126e8f463833b3
notes-techniques/scripts/all_inclusive/lychee_install.sh
Cédrix 1b758b6161 définir la timezone
2025-04-05 06:23:52 +02:00

160 lines
5.2 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# Vérifier que le script est lancé en root
if [[ $EUID -ne 0 ]]; then
echo "Ce script doit être exécuté en tant que root." >&2
exit 1
fi
# Définir les variables
DB_NAME="lychee"
DB_USER="lycheeuser"
LYCHEE_DIR="/var/www/lychee"
APACHE_CONF="/etc/apache2/sites-available/lychee.conf"
PHP_VERSION="8.3"
PHP_INI_CLI="/etc/php/${PHP_VERSION}/cli/php.ini"
PHP_INI_APACHE="/etc/php/${PHP_VERSION}/apache2/php.ini"
TIMEZONE=$(timedatectl show --value --property=Timezone)
# Générer un mot de passe alphanumérique sécurisé
DB_PASSWORD=$(tr -dc 'A-Za-z0-9' </dev/urandom | head -c 16)
echo "Mot de passe généré pour la base de données : ${DB_PASSWORD}"
# Sauvegarde temporaire root-only
echo "${DB_PASSWORD}" > /root/.lychee_db_password
chmod 600 /root/.lychee_db_password
# Mise à jour du système
apt update && apt upgrade -y
# Ajout du dépôt Sury pour PHP 8.3
apt install -y apt-transport-https lsb-release ca-certificates wget gnupg2
wget -qO - https://packages.sury.org/php/apt.gpg | gpg --dearmor -o /etc/apt/trusted.gpg.d/php.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
apt update
# Installation des paquets nécessaires
apt install -y apache2 mariadb-server php${PHP_VERSION} php${PHP_VERSION}-cli php${PHP_VERSION}-intl php${PHP_VERSION}-xmlrpc \
php${PHP_VERSION}-soap php${PHP_VERSION}-mysql php${PHP_VERSION}-zip php${PHP_VERSION}-gd php${PHP_VERSION}-tidy \
php${PHP_VERSION}-mbstring php${PHP_VERSION}-curl php${PHP_VERSION}-xml php${PHP_VERSION}-bcmath php${PHP_VERSION}-imagick \
php${PHP_VERSION}-tokenizer libapache2-mod-php${PHP_VERSION} unzip
# Définir la timezone PHP pour CLI et Apache
sed -i "s|^;*date.timezone =.*|date.timezone = ${TIMEZONE}|" "${PHP_INI_CLI}"
sed -i "s|^;*date.timezone =.*|date.timezone = ${TIMEZONE}|" "${PHP_INI_APACHE}"
# Sécuriser MariaDB
mysql_secure_installation <<EOF
y
n
y
y
y
y
EOF
# Créer la base et l'utilisateur avec droits restreints
mysql <<EOF
CREATE DATABASE ${DB_NAME} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASSWORD}';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON ${DB_NAME}.* TO '${DB_USER}'@'localhost';
FLUSH PRIVILEGES;
EOF
# Télécharger et installer Lychee proprement
cd /tmp
wget https://github.com/LycheeOrg/Lychee/releases/latest/download/Lychee.zip
unzip Lychee.zip
rm -rf ${LYCHEE_DIR}
mv Lychee ${LYCHEE_DIR}
rm Lychee.zip
# Demander le nom de domaine ou l'IP publique
read -p "Entrez le nom de domaine ou l'adresse IP d'accès à Lychee (ex: lychee.mondomaine.fr ou 192.168.1.100) : " LYCHEE_HOST
# Forcer le protocole HTTP pour APP_URL
APP_URL="http://${LYCHEE_HOST}"
# Modification du .env
cp ${LYCHEE_DIR}/.env.example ${LYCHEE_DIR}/.env
sed -i "s|^APP_URL=.*|APP_URL=${APP_URL}|" ${LYCHEE_DIR}/.env
sed -i "s|^DB_CONNECTION=.*|DB_CONNECTION=mysql|" ${LYCHEE_DIR}/.env
sed -i "s|^DB_HOST=.*|DB_HOST=127.0.0.1|" ${LYCHEE_DIR}/.env
sed -i "s|^DB_PORT=.*|DB_PORT=3306|" ${LYCHEE_DIR}/.env
sed -i "s|^#*DB_DATABASE=.*|DB_DATABASE=${DB_NAME}|" ${LYCHEE_DIR}/.env
sed -i "s|^#*DB_USERNAME=.*|DB_USERNAME=${DB_USER}|" ${LYCHEE_DIR}/.env
sed -i "s|^#*DB_PASSWORD=.*|DB_PASSWORD=\"${DB_PASSWORD}\"|" ${LYCHEE_DIR}/.env
# Définir le fuseau horaire
echo "APP_TIMEZONE=Europe/Paris" >> ${LYCHEE_DIR}/.env
# Propriétés et permissions
chown -R www-data:www-data ${LYCHEE_DIR}
chmod 640 ${LYCHEE_DIR}/.env
find ${LYCHEE_DIR} -type f -exec chmod 640 {} \;
find ${LYCHEE_DIR} -type d -exec chmod 750 {} \;
# Permissions spécifiques pour data/upload
chmod -R 750 ${LYCHEE_DIR}/uploads/ ${LYCHEE_DIR}/data/
# Permissions spécifiques attendues par Lychee
chmod -R g+s ${LYCHEE_DIR}/public/uploads
chmod -R g+s ${LYCHEE_DIR}/public/sym
chmod 2775 ${LYCHEE_DIR}/public/uploads
chmod 2775 ${LYCHEE_DIR}/public/uploads/import
chmod 2775 ${LYCHEE_DIR}/public/sym
chmod 0664 ${LYCHEE_DIR}/public/uploads/import/index.html
chmod 0664 ${LYCHEE_DIR}/public/sym/index.html
chmod 2775 ${LYCHEE_DIR}/storage/tmp/jobs
chmod 2775 ${LYCHEE_DIR}/storage/tmp/uploads
chmod -R g+s ${LYCHEE_DIR}/storage/tmp/jobs
chmod -R g+s ${LYCHEE_DIR}/storage/tmp/uploads
# Protéger les fichiers sensibles via .htaccess
cat > ${LYCHEE_DIR}/.htaccess <<EOF
<FilesMatch "\.(env|env\.example|sql|log|conf)$">
Order allow,deny
Deny from all
</FilesMatch>
EOF
# Configuration Apache
cat > ${APACHE_CONF} <<EOF
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot ${LYCHEE_DIR}/public
<Directory ${LYCHEE_DIR}/public>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog \${APACHE_LOG_DIR}/lychee_error.log
CustomLog \${APACHE_LOG_DIR}/lychee_access.log combined
LimitRequestBody 10485760
</VirtualHost>
EOF
# Désactiver modules inutiles
a2dismod -f autoindex status cgi userdir
# Activer Lychee et désactiver le site par défaut
a2enmod rewrite
a2ensite lychee.conf
a2dissite 000-default.conf
# Recharger Apache
systemctl reload apache2
# Déterminer l'IP locale
IP=$(hostname -I | awk '{print $1}')
echo "Installation de Lychee terminée."
echo "Accédez à linterface web pour finaliser la configuration : http://${IP}"
Reference in New Issue View Git Blame Copy Permalink