diff --git a/osticket-install.sh b/1-osticket-install.sh old mode 100644 new mode 100755 similarity index 74% rename from osticket-install.sh rename to 1-osticket-install.sh index 61803c1..a509253 --- a/osticket-install.sh +++ b/1-osticket-install.sh @@ -10,17 +10,23 @@ ostdir="/var/www/osticket" ostpluginsrc="/usr/src/osticket/plugins" webuser="nginx" webgroup="nginx" +basedir=$PWD ############################ cd ~ +#dnf -y in php php-intl php-zip php-mysqli php-gd php-gettext php-json php-mbstring php-xml php-pecl-apcu mariadb-server mariadb nginx php-fpm git && \ -#install modules de base -#dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -#dnf -y module enable php:8.0 && \ -dnf -y in php php-mysqli php-gd php-gettext php-json php-mbstring php-xml php-pecl-apcu mariadb-server mariadb nginx php-fpm git && \ + +dnf install http://rpms.remirepo.net/fedora/remi-release-36.rpm -y && \ +dnf remove -y php* && \ +dnf module list reset php -y && \ +dnf module list php && \ +dnf module enable php:remi-8.0 -y +\ +dnf -y in php php-intl php-imap php-zip php-mysqli php-gd php-gettext php-json php-mbstring php-xml php-pecl-apcu mariadb-server mariadb nginx php-fpm git && \ \ \ -cp nginx-conf/osticket.conf /etc/nginx/conf.d/. && \ +cp $basedir/nginx-conf/osticket.conf /etc/nginx/conf.d/. && \ \ \ systemctl enable --now mariadb && \ @@ -31,11 +37,11 @@ systemctl enable --now php-fpm && \ git clone https://github.com/osTicket/osTicket.git && \ cd osTicket && \ git checkout $ostver && \ -git pull && \ +git fetch && \ \ #setup / deploiement mkdir -p $ostdir && \ -chown -R $webuser:$webgroup $ostdir && \ +#chown -R $webuser:$webgroup $ostdir && \ chmod -R a+rX $ostdir && \ chmod -R u+rw $ostdir && \ \ @@ -46,7 +52,7 @@ cd .. && \ git clone -b develop https://github.com/osTicket/osTicket-plugins $ostpluginsrc && \ cd $ostpluginsrc && \ php make.php hydrate && \ -for plugin in $(find * -maxdepth 0 -type d ! -path doc ! -path lib); do cp -r ${plugin} $ostdir/include/plugins; done; && \ +for plugin in $(find * -maxdepth 0 -type d ! -path doc ! -path lib); do cp -r ${plugin} $ostdir/include/plugins; done && \ cp -R $ostpluginsrc/*.phar $ostdir/include/plugins/ && \ cd ~ && \ # Add Community Plugins @@ -77,7 +83,15 @@ cd ~ && \ \ ### Log Miscellany Installation touch /var/log/msmtp.log && \ - chown $webuser:$webgroup /var/log/msmtp.log + chown $webuser:$webgroup /var/log/msmtp.log && \ +\ +mv /var/www/osticket/include/ost-sampleconfig.php /var/www/osticket/include/ost-config.php && \ +chmod 0666 /var/www/osticket/include/ost-config.php +chown -R $webuser:$webgroup $ostdir && \ +\ +echo "fin" + + ##update diff --git a/2-osticket-sql.sh b/2-osticket-sql.sh new file mode 100755 index 0000000..0073281 --- /dev/null +++ b/2-osticket-sql.sh @@ -0,0 +1,5 @@ +#!/bin/bash + + +mysql -u root < securesetup.sql + diff --git a/3-osticket-secure.sh b/3-osticket-secure.sh new file mode 100755 index 0000000..04c01d7 --- /dev/null +++ b/3-osticket-secure.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +set -x +chmod 0644 /var/www/osticket/include/ost-config.php diff --git a/fail-cleanup.sh b/fail-cleanup.sh new file mode 100755 index 0000000..52a42d1 --- /dev/null +++ b/fail-cleanup.sh @@ -0,0 +1,9 @@ +#!/bin/bash +echo "Nettoyage..." +set -x +cd ~ +rm -rf osTicket +rm -rf /var/www/osticket +rm -rf /usr/src/osticket +set +x +echo "Fin" diff --git a/nginx-conf/osticket.conf b/nginx-conf/osticket.conf index f69debd..357d06e 100644 --- a/nginx-conf/osticket.conf +++ b/nginx-conf/osticket.conf @@ -1,48 +1,50 @@ +#server { +# listen 80; +## server_name tickets.noc.1nfo.services; +# rewrite ^ https://tickets.mydomain.com permanent; +# } server { listen 80; - server_name tickets.noc.1nfo.services; - rewrite ^ https://tickets.mydomain.com permanent; - } -server { - listen 443; server_name tickets.1nfo.services; - ssl on; - ssl_certificate /etc/nginx/certs/cert.pem; - ssl_certificate_key /etc/nginx/certs/cert.key; + #ssl on; + #ssl_certificate /etc/nginx/certs/cert.pem; + #ssl_certificate_key /etc/nginx/certs/cert.key; keepalive_timeout 70; root /var/www/osticket; - set \$path_info ""; + index index.php index.html index.htm; + + set $path_info ""; location ~ /include { deny all; return 403; } - if (\$request_uri ~ "^/api(/[^\?]+)") { - set \$path_info \$1; + if ($request_uri ~ "^/api(/[^\?]+)") { + set $path_info \$1; } location ~ ^/api/(?:tickets|tasks).*$ { - try_files \$uri \$uri/ /api/http.php?\$query_string; + try_files $uri $uri/ /api/http.php?$query_string; } - if (\$request_uri ~ "^/scp/.*\.php(/[^\?]+)") { - set \$path_info \$1; + if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") { + set $path_info \$1; } - if (\$request_uri ~ "^/.*\.php(/[^\?]+)") { - set \$path_info \$1; + if ($request_uri ~ "^/.*\.php(/[^\?]+)") { + set $path_info \$1; } location ~ ^/scp/ajax.php/.*$ { - try_files \$uri \$uri/ /scp/ajax.php?\$query_string; + try_files $uri \$uri/ /scp/ajax.php?$query_string; } location ~ ^/ajax.php/.*$ { - try_files \$uri \$uri/ /ajax.php?\$query_string; + try_files $uri \$uri/ /ajax.php?$query_string; } location / { - try_files \$uri \$uri/ index.php; + try_files $uri $uri/ index.php; } location ~ \.php$ { - try_files \$uri = 404; - fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + try_files $uri = 404; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; - fastcgi_param PATH_INFO \$path_info; - fastcgi_pass 127.0.0.1:8888; + fastcgi_param PATH_INFO $path_info; + fastcgi_pass unix:/run/php-fpm/www.sock; } } diff --git a/nginx-conf/osticket.orig b/nginx-conf/osticket.orig new file mode 100644 index 0000000..a4fb341 --- /dev/null +++ b/nginx-conf/osticket.orig @@ -0,0 +1,48 @@ +server { + listen 80; + server_name tickets.noc.1nfo.services; + rewrite ^ https://tickets.mydomain.com permanent; + } +server { + listen 443; + server_name tickets.1nfo.services; + ssl on; + ssl_certificate /etc/nginx/certs/cert.pem; + ssl_certificate_key /etc/nginx/certs/cert.key; + keepalive_timeout 70; + root /var/www/osticket; + set $path_info ""; + location ~ /include { + deny all; + return 403; + } + if ($request_uri ~ "^/api(/[^\?]+)") { + set $path_info \$1; + } + location ~ ^/api/(?:tickets|tasks).*$ { + try_files $uri $uri/ /api/http.php?$query_string; + } + if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") { + set $path_info \$1; + } + if ($request_uri ~ "^/.*\.php(/[^\?]+)") { + set $path_info \$1; + } + location ~ ^/scp/ajax.php/.*$ { + try_files $uri \$uri/ /scp/ajax.php?$query_string; + } + location ~ ^/ajax.php/.*$ { + try_files $uri \$uri/ /ajax.php?$query_string; + } + location / { + try_files $uri $uri/ index.php; + } + location ~ \.php$ { + try_files $uri = 404; + fastcgi_param SCRIPT_FILENAME $document_root\$fastcgi_script_name; + include fastcgi_params; + fastcgi_param PATH_INFO $path_info; + fastcgi_pass 127.0.0.1:8888; + } + } + diff --git a/php-imap-8.1.8-1.fc36.remi.x86_64.rpm b/php-imap-8.1.8-1.fc36.remi.x86_64.rpm new file mode 100644 index 0000000..0e65faa Binary files /dev/null and b/php-imap-8.1.8-1.fc36.remi.x86_64.rpm differ diff --git a/securesetup.sql b/securesetup.sql new file mode 100644 index 0000000..2e07dfe --- /dev/null +++ b/securesetup.sql @@ -0,0 +1,11 @@ +ALTER USER 'root'@'localhost' IDENTIFIED BY 'msqlroot-=-'; +DELETE FROM mysql.global_priv WHERE User=''; +DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); +DROP DATABASE IF EXISTS test; +DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'; +FLUSH PRIVILEGES; + + +create database osticket_db; +grant all privileges on osticket_db.* to osticket_user identified by 'OsTicketP4'; +flush privileges;