Skip to content

Commit

Permalink
v8.19
Browse files Browse the repository at this point in the history
- DietPi-Software/DietPi-LetsEncrypt | Use shipped Lighttpd setenv module config from Bullseye on where required
- DietPi-Software | MediaWiki: Set nosniff header for uploads to mute warning on Lighttpd and Nginx, set OOTB on Apache
  • Loading branch information
MichaIng committed Jun 25, 2023
1 parent ed1efc4 commit 12e13fd
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 9 deletions.
7 changes: 6 additions & 1 deletion dietpi/dietpi-letsencrypt
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,12 @@
[[ -f $fp_cert_dir/combined.pem ]] && G_EXEC rm "$fp_cert_dir/combined.pem"

# Allow adding environment variables via: setenv.add-environment
G_CONFIG_INJECT '"mod_setenv"' ' "mod_setenv",' /etc/lighttpd/lighttpd.conf '"mod_.+",'
if (( $G_DISTRO < 6 ))
then
G_CONFIG_INJECT '"mod_setenv"' ' "mod_setenv",' /etc/lighttpd/lighttpd.conf '"mod_.+",'
else
[[ -f '/etc/lighttpd/conf-enabled/05-setenv.conf' ]] || G_EXEC lighty-enable-mod dietpi-https
fi

cat << _EOF_ > /etc/lighttpd/conf-available/50-dietpi-https.conf
# Based on: https://ssl-config.mozilla.org/#server=lighttpd
Expand Down
65 changes: 57 additions & 8 deletions dietpi/dietpi-software
Original file line number Diff line number Diff line change
Expand Up @@ -3626,7 +3626,7 @@ _EOF_

Remove_SysV lighttpd

# Enable mod_deflate, if flagged
# Enable mod_deflate if flagged
[[ ${deflate[0]} && ! -f '/etc/lighttpd/conf-enabled/20-deflate.conf' ]] && G_EXEC lighty-enable-mod deflate

# Change webroot from /var/www/html to /var/www
Expand Down Expand Up @@ -4454,7 +4454,12 @@ Redirect 301 /.well-known/caldav /owncloud/remote.php/dav' > /etc/apache2/conf-

# Enable required modules
G_CONFIG_INJECT '"mod_access",' ' "mod_access",' /etc/lighttpd/lighttpd.conf '"mod_.+",'
G_CONFIG_INJECT '"mod_setenv",' ' "mod_setenv",' /etc/lighttpd/lighttpd.conf '"mod_.+",'
if (( $G_DISTRO < 6 ))
then
G_CONFIG_INJECT '"mod_setenv"' ' "mod_setenv",' /etc/lighttpd/lighttpd.conf '"mod_.+",'
else
[[ -f '/etc/lighttpd/conf-enabled/05-setenv.conf' ]] || G_EXEC lighty-enable-mod dietpi-https
fi

# Move ownCloud configuration file in place and activate it
owncloud_conf='/etc/lighttpd/conf-available/99-dietpi-owncloud.conf'
Expand Down Expand Up @@ -4716,7 +4721,12 @@ Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav' > /etc/apache2/conf

# Enable required modules
G_CONFIG_INJECT '"mod_access",' ' "mod_access",' /etc/lighttpd/lighttpd.conf '"mod_.+",'
G_CONFIG_INJECT '"mod_setenv",' ' "mod_setenv",' /etc/lighttpd/lighttpd.conf '"mod_.+",'
if (( $G_DISTRO < 6 ))
then
G_CONFIG_INJECT '"mod_setenv"' ' "mod_setenv",' /etc/lighttpd/lighttpd.conf '"mod_.+",'
else
[[ -f '/etc/lighttpd/conf-enabled/05-setenv.conf' ]] || G_EXEC lighty-enable-mod dietpi-https
fi

# Move Nextcloud configuration file in place and activate it
nextcloud_conf='/etc/lighttpd/conf-available/99-dietpi-nextcloud.conf'
Expand Down Expand Up @@ -6138,7 +6148,12 @@ _EOF_
if (( ${aSOFTWARE_INSTALL_STATE[84]} > 0 ))
then
# Enable required modules
G_CONFIG_INJECT '"mod_setenv",' ' "mod_setenv",' /etc/lighttpd/lighttpd.conf '"mod_.+",'
if (( $G_DISTRO < 6 ))
then
G_CONFIG_INJECT '"mod_setenv"' ' "mod_setenv",' /etc/lighttpd/lighttpd.conf '"mod_.+",'
else
[[ -f '/etc/lighttpd/conf-enabled/05-setenv.conf' ]] || G_EXEC lighty-enable-mod dietpi-https
fi

# Add and enable Pi-hole config
dps_index=$software_id Download_Install 'lighttpd.pihole.conf' /etc/lighttpd/conf-available/99-dietpi-pihole.conf
Expand Down Expand Up @@ -8110,7 +8125,12 @@ _EOF_
then
# Enable Lighttpd setenv, access and rewrite modules
G_CONFIG_INJECT '"mod_access",' ' "mod_access",' /etc/lighttpd/lighttpd.conf '"mod_.+",'
G_CONFIG_INJECT '"mod_setenv",' ' "mod_setenv",' /etc/lighttpd/lighttpd.conf '"mod_.+",'
if (( $G_DISTRO < 6 ))
then
G_CONFIG_INJECT '"mod_setenv"' ' "mod_setenv",' /etc/lighttpd/lighttpd.conf '"mod_.+",'
else
[[ -f '/etc/lighttpd/conf-enabled/05-setenv.conf' ]] || G_EXEC lighty-enable-mod dietpi-https
fi

# Move Pydio Lighttpd config in place
dps_index=$software_id Download_Install 'lighttpd.pydio.conf' /etc/lighttpd/conf-available/99-dietpi-pydio.conf
Expand Down Expand Up @@ -11666,10 +11686,9 @@ _EOF_
if To_Install 210 # MediaWiki
then
# Install required PHP modules: https://www.mediawiki.org/wiki/Manual:Installation_requirements#PHP
aDEPS=("php$PHP_VERSION-intl")
aDEPS=("php$PHP_VERSION-gd" "php$PHP_VERSION-intl")
# - Add JSON module for PHP7, as it does not exist (embedded in core package) on PHP8
local json=()
[[ $PHP_VERSION == 8* ]] || aDEPS+=("php$PHP_VERSION-json") json=('json')
[[ $PHP_VERSION == 8* ]] || aDEPS+=("php$PHP_VERSION-json")

# Create MariaDB database and user
if [[ -d '/mnt/dietpi_userdata/mysql/mediawiki' ]]
Expand All @@ -11683,6 +11702,36 @@ _EOF_
local fallback_url='https://releases.wikimedia.org/mediawiki/1.39/mediawiki-1.39.3.tar.gz'
Download_Install "$(curl -sSfL 'https://www.mediawiki.org/wiki/Download' | grep -o 'https://releases\.wikimedia\.org/mediawiki/[^/"]*/mediawiki-[^"]*\.tar\.gz' | head -1)"

# Enable required PHP modules
G_EXEC phpenmod "${aDEPS[@]##*-}"

# Webserver configs
# - Lighttpd
if (( ${aSOFTWARE_INSTALL_STATE[84]} > 1 ))
then
if (( $G_DISTRO < 6 ))
then
G_CONFIG_INJECT '"mod_setenv"' ' "mod_setenv",' /etc/lighttpd/lighttpd.conf '"mod_.+",'
else
[[ -f '/etc/lighttpd/conf-enabled/05-setenv.conf' ]] || G_EXEC lighty-enable-mod dietpi-https
fi
cat << '_EOF_' > /etc/lighttpd/conf-available/98-dietpi-mediawiki.conf
$HTTP["url"] =~ "^/wiki/images($|/)" {
setenv.set-response-header = ("X-Content-Type-Options" => "nosniff")
}
_EOF_
[[ -f '/etc/lighttpd/conf-enabled/98-dietpi-mediawiki.conf' ]] || lighty-enable-mod dietpi-mediawiki

# - Nginx
elif (( $aSOFTWARE_INSTALL_STATE[85]} > 1 ))
then
cat << '_EOF_' > /etc/nginx/sites-dietpi/dietpi-mediawiki.conf
location ^~ /wiki/images {
add_header X-Content-Type-Options "nosniff" always;
}
_EOF_
fi

# Reinstall: Clean install but preserve existing config file
if [[ -f '/var/www/wiki/LocalSettings.php' ]]
then
Expand Down

0 comments on commit 12e13fd

Please sign in to comment.