--marcflavor flavor Set the MARC flavor. Valid values are marc21 (default),
normarc and unimarc.
--zebralang lang Choose the primary language for Zebra indexing. Valid
- values are en (default), es, fr, gr, nb, ru and uk.
+ values are cs, en (default), es, fr, gr, nb, ru and uk.
--auth-idx idx_mode Set the indexing mode for authority records. Valid
values are dom (default) and grs1.
--biblio-idx idx_mode Set the indexing mode for bibliographic records.
--defaultsql some.sql Specify a default SQL file to be loaded on the DB.
--configfile cfg_file Specify an alternate config file for reading default values.
--passwdfile passwd Specify an alternate passwd file.
+ --dbhost host Enforce the use of the specified DB server
--database dbname Enforce the use of the specified DB name (64 char limit)
--adminuser n Explicit the admin user ID in the DB. Relevant in
conjunction with --defaultsql and --populate-db.
+ --upload-path dir Set a user defined upload_path. It defaults to
+ /var/lib/koha/<instance>/uploads
+ --letsencrypt Set up a https-only site with letsencrypt certificates
--help,-h Show this help.
Note: the instance name cannot be longer that 11 chars.
touch "$2"
chown "root:$username" "$2"
chmod 0640 "$2"
- sed -e "s/__KOHASITE__/$name/g" \
+ sed -e "s/__KOHA_CONF_DIR__/\/etc\/koha\/sites\/$name/g" \
+ -e "s/__KOHASITE__/$name/g" \
-e "s/__OPACPORT__/$OPACPORT/g" \
-e "s/__INTRAPORT__/$INTRAPORT/g" \
-e "s/__OPACSERVER__/$opacdomain/g" \
-e "s/__END_BIBLIOS_RETRIEVAL_INFO__/`echo $END_BIBLIOS_RETRIEVAL_INFO`/g" \
-e "s/__START_AUTHORITIES_RETRIEVAL_INFO__/`echo $START_AUTHORITIES_RETRIEVAL_INFO`/g" \
-e "s/__END_AUTHORITIES_RETRIEVAL_INFO__/`echo $END_AUTHORITIES_RETRIEVAL_INFO`/g" \
+ -e "s/__API_SECRET__/$API_SECRET/g" \
-e "s/__DB_NAME__/$mysqldb/g" \
-e "s/__DB_HOST__/$mysqlhost/g" \
-e "s/__DB_USER__/$mysqluser/g" \
-e "s/__DB_PASS__/$mysqlpwd/g" \
-e "s/__UNIXUSER__/$username/g" \
-e "s/__UNIXGROUP__/$username/g" \
+ -e "s#__UPLOAD_PATH__#$UPLOAD_PATH#g" \
+ -e "s/__LOG_DIR__/\/var\/log\/koha\/$name/g" \
-e "s/__PLUGINS_DIR__/\/var\/lib\/koha\/$name\/plugins/g" \
-e "s/__MEMCACHED_NAMESPACE__/$MEMCACHED_NAMESPACE/g" \
-e "s/__MEMCACHED_SERVERS__/$MEMCACHED_SERVERS/g" \
die
fi
+ # Check that mod_ssl is installed and enabled.
+ if [ "$CLO_LETSENCRYPT" = "yes" ]; then
+ if ! /usr/sbin/apachectl -M 2> /dev/null | grep -q 'ssl_module'; then
+ cat 1>&2 <<EOM
+
+Koha requires mod_ssl to be enabled within Apache in order to run with --letsencrypt.
+Typically this can be enabled with:
+
+ sudo a2enmod ssl
+EOM
+ die
+ fi
+ fi
+
}
set_biblios_indexing_mode()
}
+set_upload_path()
+{
+ local instance="$1"
+
+ if [ "$CLO_UPLOAD_PATH" != "" ]; then
+ UPLOAD_PATH=$CLO_UPLOAD_PATH
+ else
+ UPLOAD_PATH="$UPLOAD_PATH_BASE/$instance/$UPLOAD_DIR"
+ fi
+}
+
enable_sru_server()
{
# remove the commenting symbols
fi
}
+check_letsencrypt()
+{
+ if [ $(dpkg-query -W -f='${Status}' letsencrypt 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
+ set +e
+ apt-cache show letsencrypt &>/dev/null
+ local aptcacheshow=$?
+ set -e
+ if [ $aptcacheshow -eq 0 ]; then
+ read -r -p "The letsencrypt package is not installed. Do it now? [y/N] " response
+ if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]]; then
+ local debrelease="$(lsb_release -c -s)"
+ if [ $debrelease = "jessie" ]; then
+ apt-get install -y -t jessie-backports letsencrypt
+ else
+ apt-get install -y letsencrypt
+ fi
+ else
+ die "You have to install letsencrypt to use the --letsencrypt parameter."
+ fi
+ else
+ echo "No installation candidate available for package letsencrypt."
+ if [[ -f /usr/bin/letsencrypt ]]; then
+ read -r -p "If you have a symlink from /usr/bin/letsencrypt to letsencrypt-auto, it should work. [y/N] " response
+ if [[ ! $response =~ ^([yY][eE][sS]|[yY])$ ]]; then
+ die "You have to install letsencrypt to use the --letsencrypt parameter."
+ fi
+ else
+ die "You can create a symlink from /usr/bin/letsencrypt to letsencrypt-auto."
+ fi
+ fi
+ fi
+}
+
+letsencrypt_instance()
+{
+ # Get letsencrypt certificates
+ letsencrypt --agree-tos --renew-by-default --webroot certonly \
+ -w /usr/share/koha/opac/htdocs/ -d $opacdomain -w /usr/share/koha/intranet/htdocs/ -d $intradomain
+ # enable all ssl settings (apache won't start with these before certs are present)
+ sed -i "s:^\s*#\(\s*SSL.*\)$:\1:" "/etc/apache2/sites-available/$name.conf"
+ # change port from 80 to 443. (apache won't start if it is 443 without certs present)
+ sed -i "s:^\s*\(<VirtualHost \*\:\)80> #https$:\1443>:" "/etc/apache2/sites-available/$name.conf"
+ # enable redirect from http to https on port 80
+ sed -i "s:^\s*#\(.*\)#nohttps$:\1:" "/etc/apache2/sites-available/$name.conf"
+ # make koha-list --letsencrypt aware of this instance # could be done by checking apache conf instead
+ echo -e "opacdomain=\"$opacdomain\"\nintradomain=\"$intradomain\"" > /var/lib/koha/$name/letsencrypt.enabled
+ # restart apache with working certs
+ service apache2 restart
+}
+
# Set defaults and read config file, if it exists.
DOMAIN=""
OPACPORT="80"
# hardcoded memcached defaults
DEFAULT_MEMCACHED_SERVERS="127.0.0.1:11211"
DEFAULT_MEMCACHED_PREFIX="koha_"
-
+# hardcoded upload_path
+UPLOAD_PATH_BASE="/var/lib/koha"
+UPLOAD_DIR="uploads"
+UPLOAD_PATH=""
+# Generate a randomizaed API secret
+API_SECRET="$(pwgen -s 64 1)"
# SRU server variables
ENABLE_SRU="no"
SRU_SERVER_PORT=""
START_AUTHORITIES_RETRIEVAL_INFO=""
END_AUTHORITIES_RETRIEVAL_INFO=""
+APACHE_CONFIGFILE=""
+
if [ -e /etc/koha/koha-sites.conf ]
then
. /etc/koha/koha-sites.conf
[ $# -ge 1 ] && [ $# -le 16 ] || ( usage ; die "Error: wrong parameters" )
-TEMP=`getopt -o chrpm:l:d:f:b:a: -l create-db,request-db,populate-db,use-db,use-memcached,enable-sru,sru-port:,help,marcflavor:,auth-idx:,biblio-idx:,zebralang:,defaultsql:,configfile:,passwdfile:,database:,adminuser:,memcached-servers:,memcached-prefix:, \
+TEMP=`getopt -o chrpm:l:d:f:b:a: -l create-db,request-db,populate-db,use-db,use-memcached,enable-sru,sru-port:,help,marcflavor:,auth-idx:,biblio-idx:,zebralang:,defaultsql:,configfile:,passwdfile:,dbhost:,database:,adminuser:,memcached-servers:,memcached-prefix:,upload-path:,letsencrypt, \
-n "$0" -- "$@"`
# Note the quotes around `$TEMP': they are essential!
CLO_AUTHORITIES_INDEXING_MODE=""
CLO_MEMCACHED_SERVERS=""
CLO_MEMCACHED_PREFIX=""
-
+CLO_UPLOAD_PATH=""
+CLO_LETSENCRYPT=""
while true ; do
case "$1" in
CLO_PASSWDFILE="$2" ; shift 2 ;;
-b|--database)
CLO_DATABASE="$2" ; shift 2 ;;
+ --dbhost)
+ CLO_DBHOST="$2" ; shift 2 ;;
-a|--adminuser)
CLO_ADMINUSER="$2" ; shift 2 ;;
--enable-sru)
ENABLE_SRU="yes" ; shift ;;
--sru-port)
SRU_SERVER_PORT="$2" ; shift 2 ;;
+ --upload-path)
+ CLO_UPLOAD_PATH="$2" ; shift 2 ;;
+ --letsencrypt)
+ CLO_LETSENCRYPT="yes" ; shift ;;
-h|--help)
usage ; exit 0 ;;
--)
set_authorities_indexing_mode $AUTHORITIES_INDEXING_MODE $ZEBRA_MARC_FORMAT
+[ $# -ge 1 ] || ( usage ; die "Missing instance name..." )
+
name="$1"
+set_upload_path $name
+
if [ "$USE_MEMCACHED" = "yes" ]; then
set_memcached $name
elif [ "$CLO_MEMCACHED_SERVERS" != "" ] || \
opacdomain="$OPACPREFIX$name$OPACSUFFIX$DOMAIN"
intradomain="$INTRAPREFIX$name$INTRASUFFIX$DOMAIN"
+# Check everything is ok with letsencrypt, die otherwise
+if [ "$CLO_LETSENCRYPT" = "yes" ]; then
+ check_letsencrypt
+fi
if [ -f $PASSWDFILE ] && [ `cat $PASSWDFILE | grep "^$name:"` ]
then
mysqluser=`echo $passwdline | cut -d ":" -f 2`
mysqlpwd=`echo $passwdline | cut -d ":" -f 3`
mysqldb=`echo $passwdline | cut -d ":" -f 4`
+ mysqlhost=`echo $passwdline | cut -d ":" -f 5`
fi
# The order of precedence for MySQL database name is:
then
mysqldb="koha_$name"
fi
+
if [ "$CLO_DATABASE" != "" ]
then
mysqldb="$CLO_DATABASE"
then
mysqluser="koha_$name"
fi
-mysqlhost="$(getmysqlhost)"
+
+if [ "$CLO_DBHOST" != "" ]
+then
+ mysqlhost="$CLO_DBHOST"
+fi
+
+if [ "$mysqlhost" = "" ]
+then
+ mysqlhost="$(getmysqlhost)"
+fi
if [ "$op" = create ] || [ "$op" = request ] || [ "$op" = use ]
then
CREATE USER \`$mysqluser\`@'$mysql_hostname' IDENTIFIED BY '$mysqlpwd';
CREATE USER \`$mysqluser\`@'%' IDENTIFIED BY '$mysqlpwd';
GRANT ALL PRIVILEGES ON \`$mysqldb\`.* TO \`$mysqluser\`;
+GRANT ALL PRIVILEGES ON \`$mysqldb\`.* TO \`$mysqluser\`@'$mysql_hostname';
FLUSH PRIVILEGES;
eof
fi #`
- if [ "$op" = use ]
- then
- mysql --defaults-extra-file=/etc/mysql/koha-common.cnf --force <<eof
-CREATE USER \`$mysqluser\`@'$mysql_hostname' IDENTIFIED BY '$mysqlpwd';
-CREATE USER \`$mysqluser\`@'%' IDENTIFIED BY '$mysqlpwd';
-GRANT ALL PRIVILEGES ON \`$mysqldb\`.* TO \`$mysqluser\`;
-FLUSH PRIVILEGES;
-eof
- fi #`
-
+ if [ "$CLO_LETSENCRYPT" = "yes" ]; then
+ APACHE_CONFIGFILE="apache-site-https.conf.in"
+ else
+ APACHE_CONFIGFILE="apache-site.conf.in"
+ fi
# Generate and install Apache site-available file and log dir.
- generate_config_file apache-site.conf.in \
+ generate_config_file $APACHE_CONFIGFILE \
"/etc/apache2/sites-available/$name.conf"
mkdir "/var/log/koha/$name"
chown "$username:$username" "/var/log/koha/$name"
then
# Populate the database with default content.
zcat "$DEFAULTSQL" |
- sed "s/__KOHASITE__/$name/g" |
+ sed "s/__KOHASITE__/koha_$name/g" |
mysql --host="$mysqlhost" --user="$mysqluser" --password="$mysqlpwd" "$mysqldb"
# Start Indexer daemon
koha-indexer --start "$name"
fi
+
+ if [ "$CLO_LETSENCRYPT" = "yes" ]; then
+ # Get letsencrypt certificates
+ letsencrypt_instance
+ fi
fi