diff --git a/roles/httpd/defaults/main.yml b/roles/httpd/defaults/main.yml index 845d7abeb..9aadcea3f 100644 --- a/roles/httpd/defaults/main.yml +++ b/roles/httpd/defaults/main.yml @@ -1,6 +1,15 @@ -# Make this False to disable http://box/common/services/power_off.php button: -apache_allow_sudo: True +# default_language: en +# language_priority: en es fr -# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 +# apache_high_php_limits: False # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -apache_high_php_limits: False +# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84 +# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php//apache2/php.ini + +# Make this False to disable http://box/common/services/power_off.php button: +# apache_allow_sudo: True + +# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml +# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 80b505a66..705ec13e1 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -23,18 +23,12 @@ tags: - download -# 2019-05-30: Irrelevant (never invoked) -#- name: Install php{{ php_version }}-sqlite (raspbian-8 or debian-8) -# package: -# name: "php{{ php_version }}-sqlite" -# when: is_raspbian_8 or is_debian_8 -# #when: is_debian and ansible_distribution_major_version == "8" - # 2019-05-30: It's interesting that http://box.lan/admin and everything seems # to work even without php{{ php_version }}-sqlite3 as confirmed on Ubuntu # 16.04 (SEE PR #1697). And likely all others? @tim-moody writes "I think # we decided that because sqlite3 and php are part of the base install the # connector should be too." +# # We might *try* deprecating this here as we transition beyond {raspbian-9, # debian-9, ubuntu-18} in coming months to verify that roles/osm-vector-maps # is the only role that needs it? @@ -74,9 +68,9 @@ - { src: 'proxy_ajp.conf.j2', dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf' } #- { src: 'php.ini.j2', dest: '/etc/php.ini', mode: '0644' } # @jvonau suggests removing this in https://github.com/iiab/iiab/issues/1147 -# For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147 +# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 # WARNING: Enabling this might cause excess use of RAM/disk or other resources! -- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress and/or Moodle intensively +- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress/Nextcloud/Moodle intensively lineinfile: path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini" regexp: "{{ item.regexp }}" @@ -85,7 +79,7 @@ with_items: - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } - - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M' } + - { regexp: '^memory_limit', line: 'memory_limit = 256M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } diff --git a/roles/moodle/defaults/main.yml b/roles/moodle/defaults/main.yml index 803c7de5a..b8f0f5c33 100644 --- a/roles/moodle/defaults/main.yml +++ b/roles/moodle/defaults/main.yml @@ -1,12 +1,12 @@ +# If using Moodle intensively, consider setting apache_high_php_limits in: +# /etc/iiab/local_vars.yml + # moodle_install: False # moodle_enabled: False # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# If using Moodle intensively, consider setting apache_high_php_limits in: -# /etc/iiab/local_vars.yml - moodle_version: 37 #moodle_repo_url: "https://github.com/moodle/moodle.git" moodle_repo_url: "git://git.moodle.org/moodle.git" diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index acb294e04..3c96c3ea6 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -1,14 +1,45 @@ # Nextcloud +Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own [Internet-in-a-Box](http://internet-in-a-box.org). + This Ansible playbook was derived from an earlier ownCloud playbook thanks to [Josh Dennis](https://github.com/floydianslips) in 2016/2017. -Login to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using: +### Install It + +(1) Set these 2 variable in [/etc/iiab/local_vars.yml](http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F) prior to installing Internet-in-a-Box: + + nextcloud_install: True + nextcloud_enabled: True + +(2) If you want to access Nextcloud from IPv4 addresses across the public Internet, then also set: + + nextcloud_allow_public_ips: True + +To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` after it's created by template [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2) + +(3) Strongly consider also setting `apache_high_php_limits: True` in the 3-BASE-SERVER section of /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP. Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware! So after install is complete, verify and evaluate these 5 settings in /etc/php/[ACTUAL PHP VERSION]/apache2/php.ini: + +- upload_max_filesize +- post_max_size +- memory_limit (Nextcloud recommends 512+ MB) +- max_execution_time +- max_input_time + +Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found in [/opt/iiab/iiab/roles/httpd/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84) + +### Using It + +Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using: Username: Admin Password: changeme +### Future Directions + Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below? -- https://github.com/nextcloud/nextcloudpi -- https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ - https://ownyourbits.com/nextcloudpi/ +- https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ +- https://github.com/nextcloud/nextcloudpi + +Please [contact us](http://internet-in-a-box.org/pages/contributing.html) if you can help! diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 4ee862f2b..b84d88bbd 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -1,6 +1,14 @@ +# If using Nextcloud intensively, consider setting apache_high_php_limits in: +# /etc/iiab/local_vars.yml + # nextcloud_install: False # nextcloud_enabled: False +# nextcloud_allow_public_ips: False + +# Configuration tips for IPv4 access controls and tuning RAM/resources: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md + # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/nextcloud/tasks/enable_or_disable.yml b/roles/nextcloud/tasks/enable_or_disable.yml index bd829222d..ff753abf9 100644 --- a/roles/nextcloud/tasks/enable_or_disable.yml +++ b/roles/nextcloud/tasks/enable_or_disable.yml @@ -100,8 +100,8 @@ # become_user: "{{ apache_user }}" # when: nextcloud_enabled and returned_count == "0" -# 2019-09-04: THE NEXT 5 LINES ARE INEFFECTIVE AND LIKELY USELESS -- name: Remove overwrite.cli.url line (Rewrite URL) from /opt/nextcloud/config/config.php +# 2019-09-04: NEXT 5 LINES APPEAR INEFFECTIVE DURING 1ST INSTALL? (possibly "overwrite.cli.url" appears later, when Nextcloud's web install completes using http://box/nextcloud ?) +- name: Try to remove overwrite.cli.url line (Rewrite URL) from /opt/nextcloud/config/config.php lineinfile: regexp: "overwrite.cli.url" state: absent diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2 index a2bd40edc..dcba0ae0c 100644 --- a/roles/nextcloud/templates/nextcloud.conf.j2 +++ b/roles/nextcloud/templates/nextcloud.conf.j2 @@ -1,45 +1,64 @@ +# Ansible template that becomes /etc/apache2/sites-available/nextcloud.conf + Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud - Options -Indexes + # 2019-09-04 commenting out towards future removal + #Options -Indexes + + Options +FollowSymlinks AllowOverride All # Apache 2.4 # http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html - Require host localhost + + # 2019-09-04 commenting out towards future removal + #Require host localhost + +{% if nextcloud_allow_public_ips %} # PERMIT ACCESS FROM ALL IPv4 ADDRESSES: Require all granted - # WANT BASIC SECURITY BASED ON IPv4 ADDRESSES? THEN USE THIS LINE INSTEAD: - #Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10 - # AVOID THIS LINE WHICH CAUSES PROBLEMS IN SCHOOLS WITH 192.168.1.x etc: + # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY: + #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10 +{% else %} + # PERMIT ACCESS FROM ALL IPv4 ADDRESSES: + #Require all granted + # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY: + Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10 +{% endif %} +{# Reminder that {{ lan_ip }}/{{ lan_netmask }} is 172.18.96.1/255.255.224.0 #} + # AVOID THIS LINE AS IT OVERLY RESTRICTS SCHOOLS W/ 192.168.1.x, 10.x.y.z: #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0 - - # Apache 2.2 - Order Deny,Allow - Deny from all - Allow from 127.0.0.1 - Allow from ::1 - - - ErrorDocument 404 /core/templates/404.php - - - php_value upload_max_filesize 512M - php_value post_max_size 512M - php_value memory_limit 512M - php_value mbstring.func_overload 0 - - - SetEnv htaccessWorking true - - - ModPagespeed Off - - - RewriteEngine on - RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last] - RewriteRule ^\.well-known/carddav /remote.php/carddav/ [R] - RewriteRule ^\.well-known/caldav /remote.php/caldav/ [R] + + # 2019-09-04 commenting out towards future removal + # + ## Apache 2.2 + #Order Deny,Allow + #Deny from all + #Allow from 127.0.0.1 + #Allow from ::1 + # + # + #ErrorDocument 404 /core/templates/404.php + # + # 2019-09-04 commenting out towards future removal + # + #php_value upload_max_filesize 512M + #php_value post_max_size 512M + #php_value memory_limit 512M + #php_value mbstring.func_overload 0 + # + # + #SetEnv htaccessWorking true + # + # + #ModPagespeed Off + # + # + #RewriteEngine on + #RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization},last] + #RewriteRule ^\.well-known/carddav /remote.php/carddav/ [R] + #RewriteRule ^\.well-known/caldav /remote.php/caldav/ [R] diff --git a/roles/wordpress/defaults/main.yml b/roles/wordpress/defaults/main.yml index 0f2681b6e..e4b3288a2 100644 --- a/roles/wordpress/defaults/main.yml +++ b/roles/wordpress/defaults/main.yml @@ -1,12 +1,12 @@ +# If using WordPress intensively, consider setting apache_high_php_limits in: +# /etc/iiab/local_vars.yml + # wordpress_install: False # wordpress_enabled: False # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! -# If using WordPress intensively, consider setting apache_high_php_limits in: -# /etc/iiab/local_vars.yml - wordpress_download_base_url: https://wordpress.org wordpress_src: latest.tar.gz diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 4a11785b7..76c4a3e17 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -220,12 +220,17 @@ exFAT_enabled: True # 3-BASE-SERVER +# See also Apache vars {default_language, language_priority} @ top of this file +# +# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 +apache_high_php_limits: False +# WARNING: Enabling this might cause excess use of RAM/disk or other resources! +# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84 +# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php//apache2/php.ini +# # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True -# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -apache_high_php_limits: False -# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # MySQL MANDATORY - THESE 2 VARS HAVE NO EFFECT - SEE roles/0-init/tasks/main.yml & roles/mysql/tasks/main.yml mysql_install: True @@ -344,8 +349,13 @@ nodered_enabled: False nodered_port: 1880 nodered_web_path: nodered +# Store your docs, calendar, contacts & photos on your local server not cloud! +# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER nextcloud_install: False nextcloud_enabled: False +nextcloud_allow_public_ips: False +# Configuration tips for IPv4 access controls and tuning RAM/resources: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml index 45101b7ed..b6e5629b3 100644 --- a/vars/local_vars_big.yml +++ b/vars/local_vars_big.yml @@ -125,12 +125,17 @@ pi_swap_file_size: 1024 # 3-BASE-SERVER +# See also Apache vars {default_language, language_priority} @ top of this file +# +# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 +apache_high_php_limits: False +# WARNING: Enabling this might cause excess use of RAM/disk or other resources! +# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84 +# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php//apache2/php.ini +# # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True -# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -apache_high_php_limits: False -# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # roles/mysql runs here (mandatory) @@ -220,8 +225,16 @@ mosquitto_enabled: True nodered_install: True nodered_enabled: True +# Store your docs, calendar, contacts & photos on your local server not cloud! +# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER nextcloud_install: True nextcloud_enabled: True +nextcloud_allow_public_ips: False +# Configuration tips for IPv4 access controls and tuning RAM/resources: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md + +# To further refine Nextcloud access controls based on IPv4 addresses, see: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2 # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index c5b5d42c5..2634e2b19 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -125,12 +125,17 @@ pi_swap_file_size: 1024 # 3-BASE-SERVER +# See also Apache vars {default_language, language_priority} @ top of this file +# +# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 +apache_high_php_limits: False +# WARNING: Enabling this might cause excess use of RAM/disk or other resources! +# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84 +# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php//apache2/php.ini +# # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True -# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -apache_high_php_limits: False -# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # roles/mysql runs here (mandatory) @@ -220,8 +225,13 @@ mosquitto_enabled: False nodered_install: False nodered_enabled: False +# Store your docs, calendar, contacts & photos on your local server not cloud! +# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER nextcloud_install: True nextcloud_enabled: True +nextcloud_allow_public_ips: False +# Configuration tips for IPv4 access controls and tuning RAM/resources: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml index d92dab28c..ae1f82091 100644 --- a/vars/local_vars_min.yml +++ b/vars/local_vars_min.yml @@ -125,12 +125,17 @@ pi_swap_file_size: 1024 # 3-BASE-SERVER +# See also Apache vars {default_language, language_priority} @ top of this file +# +# For schools that use WordPress/Nextcloud/Moodle intensively: iiab/iiab#1147 +apache_high_php_limits: False +# WARNING: Enabling this might cause excess use of RAM/disk or other resources! +# SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS... +# https://github.com/iiab/iiab/blob/master/roles/httpd/tasks/main.yml#L80-L84 +# ...ARE SUITABLE FOR YOUR HARDWARE IN /etc/php//apache2/php.ini +# # Make this False to disable http://box/common/services/power_off.php button: apache_allow_sudo: True -# For schools that use WordPress and/or Moodle intensively, see iiab/iiab #1147 -# WARNING: Enabling this might cause excess use of RAM/disk or other resources! -apache_high_php_limits: False -# SEE ALSO VARIABLES NEAR TOP OF THIS FILE: default_language, language_priority # roles/mysql runs here (mandatory) @@ -220,8 +225,13 @@ mosquitto_enabled: False nodered_install: False nodered_enabled: False +# Store your docs, calendar, contacts & photos on your local server not cloud! +# If using WordPress intensively, set apache_high_php_limits in 3-BASE-SERVER nextcloud_install: False nextcloud_enabled: False +nextcloud_allow_public_ips: False +# Configuration tips for IPv4 access controls and tuning RAM/resources: +# https://github.com/iiab/iiab/blob/master/roles/nextcloud/README.md # A full-featured PBX (for rural telephony, etc) based on Asterisk and FreePBX. # Works on Ubuntu 18.04, Debian 9. Experimental on Rasp/RPi 3. Uses Node.js 10.x