diff --git a/install.sh b/install.sh index 4adcf8d2..d1cbb7de 100644 --- a/install.sh +++ b/install.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -SCRIPT_VERSION="65" +SCRIPT_VERSION="66" SCRIPT_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/install.sh' sudo apt install -y curl wget dirmngr gnupg lsb-release @@ -172,14 +172,55 @@ sudo chmod 775 -R /etc/letsencrypt print_green 'Installing Nginx' +wget -qO - https://nginx.org/packages/keys/nginx_signing.key | sudo apt-key add - + +nginxrepo="$(cat << EOF +deb https://nginx.org/packages/$osname/ $codename nginx +deb-src https://nginx.org/packages/$osname/ $codename nginx +EOF +)" +echo "${nginxrepo}" | sudo tee /etc/apt/sources.list.d/nginx.list > /dev/null + +sudo apt update sudo apt install -y nginx sudo systemctl stop nginx + nginxdefaultconf='/etc/nginx/nginx.conf' -sudo sed -i '/worker_rlimit_nofile.*/d' $nginxdefaultconf -sudo sed -i 's/worker_connections.*/worker_connections 2048;/g' $nginxdefaultconf -sudo sed -i 's/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 64;/g' $nginxdefaultconf -sudo sed -i '1s/^/worker_rlimit_nofile 1000000;\ -/' $nginxdefaultconf + +nginxconf="$(cat << EOF +worker_rlimit_nofile 1000000; +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 4096; +} + +http { + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + server_names_hash_bucket_size 64; + include /etc/nginx/mime.types; + default_type application/octet-stream; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + gzip on; + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} +EOF +)" +echo "${nginxconf}" | sudo tee $nginxdefaultconf > /dev/null + +for i in sites-available sites-enabled +do +sudo mkdir -p /etc/nginx/$i +done print_green 'Installing NodeJS' @@ -519,7 +560,7 @@ server { } server { - listen 443 ssl; + listen 443 ssl reuseport; listen [::]:443 ssl; server_name ${rmmdomain}; client_max_body_size 300M; diff --git a/restore.sh b/restore.sh index c1f877b3..1e3ea2ad 100755 --- a/restore.sh +++ b/restore.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -SCRIPT_VERSION="39" +SCRIPT_VERSION="40" SCRIPT_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/restore.sh' sudo apt update @@ -121,20 +121,22 @@ sudo npm install -g npm print_green 'Restoring Nginx' +wget -qO - https://nginx.org/packages/keys/nginx_signing.key | sudo apt-key add - + +nginxrepo="$(cat << EOF +deb https://nginx.org/packages/$osname/ $codename nginx +deb-src https://nginx.org/packages/$osname/ $codename nginx +EOF +)" +echo "${nginxrepo}" | sudo tee /etc/apt/sources.list.d/nginx.list > /dev/null + +sudo apt update sudo apt install -y nginx sudo systemctl stop nginx sudo rm -rf /etc/nginx sudo mkdir /etc/nginx sudo tar -xzf $tmp_dir/nginx/etc-nginx.tar.gz -C /etc/nginx -nginxdefaultconf='/etc/nginx/nginx.conf' -sudo sed -i 's/worker_connections.*/worker_connections 2048;/g' $nginxdefaultconf -CHECK_NGINX_NOLIMIT=$(grep "worker_rlimit_nofile 1000000" $nginxdefaultconf) -if ! [[ $CHECK_NGINX_NOLIMIT ]]; then -sudo sed -i '/worker_rlimit_nofile.*/d' $nginxdefaultconf -printf >&2 "${GREEN}Increasing nginx open file limit${NC}\n" -sudo sed -i '1s/^/worker_rlimit_nofile 1000000;\ -/' $nginxdefaultconf -fi + rmmdomain=$(grep server_name /etc/nginx/sites-available/rmm.conf | grep -v 301 | head -1 | tr -d " \t" | sed 's/.*server_name//' | tr -d ';') frontenddomain=$(grep server_name /etc/nginx/sites-available/frontend.conf | grep -v 301 | head -1 | tr -d " \t" | sed 's/.*server_name//' | tr -d ';') meshdomain=$(grep server_name /etc/nginx/sites-available/meshcentral.conf | grep -v 301 | head -1 | tr -d " \t" | sed 's/.*server_name//' | tr -d ';') diff --git a/update.sh b/update.sh index 87dd39f5..c91eee80 100644 --- a/update.sh +++ b/update.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -SCRIPT_VERSION="137" +SCRIPT_VERSION="138" SCRIPT_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/update.sh' LATEST_SETTINGS_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/api/tacticalrmm/tacticalrmm/settings.py' YELLOW='\033[1;33m' @@ -120,13 +120,6 @@ if ! [[ $CHECK_NATS_WEBSOCKET ]]; then ' $rmmconf)" | sudo tee $rmmconf > /dev/null fi -if ! sudo nginx -t > /dev/null 2>&1; then - sudo nginx -t - echo -ne "\n" - echo -ne "${RED}You have syntax errors in your nginx configs. See errors above. Please fix them and re-run this script.${NC}\n" - echo -ne "${RED}Aborting...${NC}\n" - exit 1 -fi for i in nginx nats-api nats rmm daphne celery celerybeat do @@ -165,11 +158,26 @@ EOF )" echo "${uwsgini}" > /rmm/api/tacticalrmm/app.ini + +if [ ! -f /etc/apt/sources.list.d/nginx.list ]; then +osname=$(lsb_release -si); osname=${osname^} +osname=$(echo "$osname" | tr '[A-Z]' '[a-z]') +codename=$(lsb_release -sc) +nginxrepo="$(cat << EOF +deb https://nginx.org/packages/$osname/ $codename nginx +deb-src https://nginx.org/packages/$osname/ $codename nginx +EOF +)" +echo "${nginxrepo}" | sudo tee /etc/apt/sources.list.d/nginx.list > /dev/null +sudo apt update +sudo apt install -y nginx +fi + nginxdefaultconf='/etc/nginx/nginx.conf' -CHECK_NGINX_WORKER_CONN=$(grep "worker_connections 2048" $nginxdefaultconf) +CHECK_NGINX_WORKER_CONN=$(grep "worker_connections 4096" $nginxdefaultconf) if ! [[ $CHECK_NGINX_WORKER_CONN ]]; then - printf >&2 "${GREEN}Changing nginx worker connections to 2048${NC}\n" - sudo sed -i 's/worker_connections.*/worker_connections 2048;/g' $nginxdefaultconf + printf >&2 "${GREEN}Changing nginx worker connections to 4096${NC}\n" + sudo sed -i 's/worker_connections.*/worker_connections 4096;/g' $nginxdefaultconf fi CHECK_NGINX_NOLIMIT=$(grep "worker_rlimit_nofile 1000000" $nginxdefaultconf) @@ -180,8 +188,23 @@ sudo sed -i '1s/^/worker_rlimit_nofile 1000000;\ /' $nginxdefaultconf fi +backend_conf='/etc/nginx/sites-available/rmm.conf' +CHECK_NGINX_REUSEPORT=$(grep reuseport $backend_conf) +if ! [[ $CHECK_NGINX_REUSEPORT ]]; then +printf >&2 "${GREEN}Setting nginx reuseport${NC}\n" +sudo sed -i 's/listen 443 ssl;/listen 443 ssl reuseport;/g' $backend_conf +fi + sudo sed -i 's/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 64;/g' $nginxdefaultconf +if ! sudo nginx -t > /dev/null 2>&1; then + sudo nginx -t + echo -ne "\n" + echo -ne "${RED}You have syntax errors in your nginx configs. See errors above. Please fix them and re-run this script.${NC}\n" + echo -ne "${RED}Aborting...${NC}\n" + exit 1 +fi + HAS_PY310=$(python3.10 --version | grep ${PYTHON_VER}) if ! [[ $HAS_PY310 ]]; then printf >&2 "${GREEN}Updating to ${PYTHON_VER}${NC}\n"