--- /dev/null
+#!/bin/bash
+
+echo "THIS SCRIPT IS NOT CONSIDERED OFFICIALLY SUPPORTED!"
+echo "Only our Ubuntu LTS scripts are considered supported. This is community"
+echo "maintained and provided for convenience. It may not be up-to-date or may"
+echo "have unresolved issues. Use with caution."
+echo ""
+
+echo "This installs a new BookStack instance on a fresh AlmaLinux OS 10 system."
+echo "This script does not ensure system security."
+echo ""
+
+# Generate a path for a log file to output into for debugging
+LOGPATH=$(realpath "bookstack_install_$(date +%s).log")
+
+# Get the current user running the script
+SCRIPT_USER="${SUDO_USER:-$USER}"
+
+# Get the current machine IP address
+CURRENT_IP=$(ip addr | grep 'state UP' -A4 | grep 'inet ' | awk '{print $2}' | cut -f1 -d'/')
+
+# Generate a password for the database
+DB_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13)"
+
+# The directory to install BookStack into
+BOOKSTACK_DIR="/var/www/bookstack"
+
+# Get the domain from the arguments (Requested later if not set)
+DOMAIN=$1
+
+# Echo out an error message to the command line and exit the program
+# Also logs the message to the log file
+function error_out() {
+ echo "ERROR: $1" | tee -a "$LOGPATH" 1>&2
+ exit 1
+}
+
+# Echo out an information message to both the command line and log file
+function info_msg() {
+ echo "$1" | tee -a "$LOGPATH"
+}
+
+# Run some checks before installation to help prevent messing up an existing
+# web-server setup.
+function run_pre_install_checks() {
+ # Check we're running as root and exit if not
+ if [[ $EUID -gt 0 ]]
+ then
+ error_out "This script must be ran with root/sudo privileges"
+ fi
+
+ # Check if Apache appears to be installed and exit if so
+ if [ -d "/etc/nginx/conf.d" ]
+ then
+ error_out "This script is intended for a fresh server install, existing apache config found, aborting install"
+ fi
+
+ # Check if MySQL/MariaDB appears to be installed and exit if so
+ if [ -d "/var/lib/mysql" ]
+ then
+ error_out "This script is intended for a fresh server install, existing MySQL data found, aborting install"
+ fi
+}
+
+# Fetch domain to use from first provided parameter,
+# Otherwise request the user to input their domain
+function run_prompt_for_domain_if_required() {
+ if [ -z "$DOMAIN" ]
+ then
+ info_msg ""
+ info_msg "Enter the domain (or IP if not using a domain) you want to host BookStack on and press [ENTER]."
+ info_msg "Examples: my-site.com or docs.my-site.com or ${CURRENT_IP}"
+ read -r DOMAIN
+ fi
+
+ # Error out if no domain was provided
+ if [ -z "$DOMAIN" ]
+ then
+ error_out "A domain must be provided to run this script"
+ fi
+}
+
+# Install core system packages
+function run_package_installs() {
+ dnf install -y git nginx mariadb-server php php-cli \
+ php-bcmath php-fpm php-mbstring php-ldap php-xml php-gd php-mysqlnd php-pecl-zip
+}
+
+# Set up database
+function run_database_setup() {
+ # Ensure database service is enabled and started
+ systemctl enable --now mariadb.service
+ sleep 3
+
+ # Create the required user database, user and permissions in the database
+ mysql -u root --execute="CREATE DATABASE bookstack;"
+ mysql -u root --execute="CREATE USER 'bookstack'@'localhost' IDENTIFIED BY '$DB_PASS';"
+ mysql -u root --execute="GRANT ALL ON bookstack.* TO 'bookstack'@'localhost';FLUSH PRIVILEGES;"
+}
+
+# Download BookStack
+function run_bookstack_download() {
+ cd /var/www || exit
+ git clone https://source.bookstackapp.com/bookstack.git --branch release --single-branch bookstack
+}
+
+# Install BookStack composer dependencies
+function run_download_bookstack_vendor_files() {
+ cd "$BOOKSTACK_DIR" || exit
+ php bookstack-system-cli download-vendor
+}
+
+# Copy and update BookStack environment variables
+function run_update_bookstack_env() {
+ cd "$BOOKSTACK_DIR" || exit
+ cp .env.example .env
+ sed -i.bak "s@APP_URL=.*\$@APP_URL=http://$DOMAIN@" .env
+ sed -i.bak 's/DB_DATABASE=.*$/DB_DATABASE=bookstack/' .env
+ sed -i.bak 's/DB_USERNAME=.*$/DB_USERNAME=bookstack/' .env
+ sed -i.bak "s/DB_PASSWORD=.*\$/DB_PASSWORD=$DB_PASS/" .env
+ # Generate the application key
+ php artisan key:generate --no-interaction --force
+}
+
+# Run the BookStack database migrations for the first time
+function run_bookstack_database_migrations() {
+ cd "$BOOKSTACK_DIR" || exit
+ php artisan migrate --no-interaction --force
+}
+
+# Set file and folder permissions
+# Sets current user as owner user and www-data as owner group then
+# provides group write access only to required directories.
+# Hides the `.env` file so it's not visible to other users on the system.
+function run_set_application_file_permissions() {
+ cd "$BOOKSTACK_DIR" || exit
+ chown -R "$SCRIPT_USER":apache ./
+ chmod -R 755 ./
+ chmod -R 775 bootstrap/cache public/uploads storage
+ chmod 740 .env
+
+ # Tell git to ignore permission changes
+ git config core.fileMode false
+}
+
+# Setup nginx with the needed config
+function run_configure_nginx() {
+ cat >/etc/nginx/conf.d/bookstack.conf <<EOL
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name ${DOMAIN};
+
+ root /var/www/bookstack/public;
+ index index.php index.html;
+
+ location / {
+ try_files \$uri \$uri/ /index.php?\$query_string;
+ }
+
+ location ~ \.php$ {
+ include fastcgi.conf;
+ fastcgi_pass php-fpm;
+ }
+}
+
+EOL
+
+ systemctl enable --now nginx.service
+ # Restart nginx to load new config
+ systemctl restart nginx
+ # Ensure php-fpm service has started
+ systemctl enable --now php-fpm.service
+}
+
+# Allow HTTP via the firewall, and configure SELinux so that the files
+# are properly tagged as web content, and read-writable where needed.
+function run_configure_firewall_and_selinux() {
+ # Configure firewall
+ firewall-cmd --permanent --zone=public --add-service=http
+ firewall-cmd --reload
+
+ # Configure SELinux
+ # Set the httpd_sys_content_t type on all bookstack files
+ semanage fcontext -a -t httpd_sys_content_t '/var/www/bookstack(/.*)?'
+ # Set the httpd_sys_rw_content_t type on all directories that will need need read-write access
+ semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/bookstack/storage(/.*)?'
+ semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/bookstack/bootstrap/cache(/.*)?'
+ semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/bookstack/public/uploads(/.*)?'
+ # Apply the changes
+ restorecon -R /var/www/bookstack
+}
+
+info_msg "This script logs full output to $LOGPATH which may help upon issues."
+sleep 1
+
+run_pre_install_checks
+run_prompt_for_domain_if_required
+info_msg ""
+info_msg "Installing using the domain or IP \"$DOMAIN\""
+info_msg ""
+sleep 1
+
+info_msg "[1/9] Installing required system packages... (This may take several minutes)"
+run_package_installs >> "$LOGPATH" 2>&1
+
+info_msg "[2/9] Preparing MySQL database..."
+run_database_setup >> "$LOGPATH" 2>&1
+
+info_msg "[3/9] Downloading BookStack to ${BOOKSTACK_DIR}..."
+run_bookstack_download >> "$LOGPATH" 2>&1
+
+info_msg "[4/9] Downloading PHP dependency files..."
+run_download_bookstack_vendor_files >> "$LOGPATH" 2>&1
+
+info_msg "[5/9] Creating and populating BookStack .env file..."
+run_update_bookstack_env >> "$LOGPATH" 2>&1
+
+info_msg "[6/9] Running initial BookStack database migrations..."
+run_bookstack_database_migrations >> "$LOGPATH" 2>&1
+
+info_msg "[7/9] Setting BookStack file & folder permissions..."
+run_set_application_file_permissions >> "$LOGPATH" 2>&1
+
+info_msg "[8/9] Configuring required firewall and SELinux rules..."
+run_configure_firewall_and_selinux >> "$LOGPATH" 2>&1
+
+info_msg "[9/9] Configuring nginx server..."
+run_configure_nginx >> "$LOGPATH" 2>&1
+
+info_msg "----------------------------------------------------------------"
+info_msg "Setup finished, your BookStack instance should now be installed!"
+info_msg "- Default login email: admin@admin.com"
+info_msg "- Default login password: password"
+info_msg "- Access URL: http://$CURRENT_IP/ or http://$DOMAIN/"
+info_msg "- BookStack install path: $BOOKSTACK_DIR"
+info_msg "- Install script log: $LOGPATH"
+info_msg "---------------------------------------------------------------"
projects / devops / commitdiff