#!/bin/bash
clear
# MAJ
#---------------------------------------------------#
pkg refresh --full ; sleep 2 ; pkg update ; sleep 5
# APACHE
#---------------------------------------------------#
pkg install pkg:/ooce/server/apache-24 ; sleep 5
# MARIADB 11.4
#---------------------------------------------------#
pkg install pkg:/ooce/database/mariadb-114 ; sleep 5
svcadm enable svc:/ooce/database/mariadb114:default ; sleep 10
mariadb-secure-installation ; sleep 5
svcadm restart svc:/ooce/database/mariadb114:default ; sleep 5
mysqladmin -uroot create glpidb ; sleep 1 ; mysql -uroot -e"GRANT ALL ON glpidb.* TO adminglpi@localhost IDENTIFIED BY 'EtAvpk62G,efoky40968'" ; sleep 1
# PHP 8.3
#---------------------------------------------------#
pkg install pkg:/ooce/application/php-83 ; sleep 5
sed -i 's/;zend_extension=opcache/zend_extension=opcache/' /etc/opt/ooce/php-8.3/php.ini ; sleep 2
sed -i 's/session.cookie_httponly =/session.cookie_httponly = 1/' /etc/opt/ooce/php-8.3/php.ini ; sleep 2
usermod -G webservd php ; sleep 2
svcadm disable svc:/application/php83:default ; sleep 5 ; svcadm enable svc:/application/php83:default ; sleep 5
# GLPI
#---------------------------------------------------#
# Download GLPI 10.0.17 version and install it
pkg install wget ; sleep 5
cd /tmp ; sleep 2 ; wget https://github.com/glpi-project/glpi/releases/download/10.0.17/glpi-10.0.17.tgz ; sleep 2 ; tar -xvzf glpi* ; sleep 2 ; mkdir -p /var/www/glpi ; sleep 2 ; cp -r glpi/* /var/www/glpi ; sleep 5
chown -R webservd:webservd /var/www/glpi ; sleep 2 ; chmod -R 775 /var/www/glpi ; sleep 2
# APACHE CONFIGURATION
#---------------------------------------------------#
mkdir -p /opt/ooce/apache-2.4/logs/ ; sleep 2 ; chown webservd:webservd /opt/ooce/apache-2.4/logs/ ; sleep 2 ; chmod 775 /opt/ooce/apache-2.4/logs/ ; sleep 2
cat << EOF > /etc/opt/ooce/apache-2.4/extra/glpi.conf
DocumentRoot "/var/www/glpi"
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm
SetHandler "proxy:unix:/var/opt/ooce/php/run/www-8.3.sock|fcgi://localhost/"
ErrorLog "/opt/ooce/apache-2.4/logs/glpi-error_log"
CustomLog "/opt/ooce/apache-2.4/logs/glpi-access_log" common
EOF
sleep 2
echo 'Include /etc/opt/ooce/apache-2.4/extra/glpi.conf' >> /etc/opt/ooce/apache-2.4/httpd.conf ; sleep 2
sed -i 's/#LoadModule proxy_module libexec\/mod_proxy.so/LoadModule proxy_module libexec\/mod_proxy.so/' /etc/opt/ooce/apache-2.4/httpd.conf ; sleep 2
sed -i 's/#LoadModule proxy_fcgi_module libexec\/mod_proxy_fcgi.so/LoadModule proxy_fcgi_module libexec\/mod_proxy_fcgi.so/' /etc/opt/ooce/apache-2.4/httpd.conf ; sleep 2
svcadm enable svc:/network/http:apache24 ; sleep 5
# IPF
#---------------------------------------------------#
echo "pass in log quick proto tcp from any to any port = 80 keep state" >> /etc/ipf/ipf.conf ; sleep 2
ipf -Fa -f /etc/ipf/ipf.conf ; sleep 5
# SECURISER GLPI
#---------------------------------------------------#
cat >> /var/www/glpi/inc/downstream.php << EOF
EOF
sleep 2
mkdir /etc/glpi ; sleep 2
cat >> /etc/glpi/local_define.php << EOF
EOF
sleep 2
# cp -r /var/www/glpi/config/* /etc/glpi/ ; sleep 2
mkdir /var/lib/glpi /var/log/glpi ; sleep 2 ; cp -r /var/www/glpi/files/* /var/lib/glpi/ ; sleep 2
rm -r /var/www/glpi/files /var/www/glpi/config ; sleep 2
find /var/www/glpi -type f -exec chmod 664 {} \;
sleep 2
find /var/www/glpi -type d -exec chmod 775 {} \;
sleep 2
cat << EOF > /etc/opt/ooce/apache-2.4/extra/glpi.conf
DocumentRoot "/var/www/glpi/public"
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^.*$ index.php [QSA,L]
SetHandler "proxy:unix:/var/opt/ooce/php/run/www-8.3.sock|fcgi://localhost/"
ErrorLog "/opt/ooce/apache-2.4/logs/glpi-error_log"
CustomLog "/opt/ooce/apache-2.4/logs/glpi-access_log" common
EOF
sleep 2
sed -i 's/#LoadModule rewrite_module libexec\/mod_rewrite.so/LoadModule rewrite_module libexec\/mod_rewrite.so/' /etc/opt/ooce/apache-2.4/httpd.conf ; sleep 2
cd /var/www/glpi ; sleep 2
php ./bin/console db:install --db-host=127.0.0.1 --db-name="glpidb" --db-user="adminglpi" --db-password="EtAvpk62G,efoky40968" --no-telemetry --force --no-interaction ; sleep 5
rm /var/www/glpi/install/install.php ; sleep 2
svcadm restart apache24 ; sleep 5
chown -R webservd:webservd /var/log/glpi ; sleep 2 ; chmod -R 775 /var/log/glpi ; sleep 2
chown -R webservd:webservd /var/lib/glpi ; sleep 2 ; chmod -R 775 /var/lib/glpi ; sleep 2
# PASSAGE EN HTTPS OU PAS
#---------------------------------------------------#
clear
echo "|-----------------------------------------"
echo "| INSTALLATION TERMINEE."
echo
echo "| GLPI est déployé en HTTP."
echo "| Se connecter via un navigateur web : http://IP-SERVEUR"
echo
read -p "| Voulez-vous passer en HTTPS ? (O/N) " sslconfirm
echo
case $sslconfirm in
O|o)
pkg list -q pkg:/library/security/openssl || (pkg install pkg:/library/security/openssl ; sleep 5)
mkdir /etc/opt/ooce/apache-2.4/ssl ; sleep 2
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/opt/ooce/apache-2.4/ssl/glpi.key -out /etc/opt/ooce/apache-2.4/ssl/glpi.crt ; sleep 2
chown root:webservd /etc/opt/ooce/apache-2.4/ssl/glpi.key ; sleep 2
chmod 640 /etc/opt/ooce/apache-2.4/ssl/glpi.key ; sleep 2
cat << EOF > /etc/opt/ooce/apache-2.4/extra/glpi.conf
# -------------------------------------------------------------------
# Fichier unique : glpi.conf
# Gère GLPI sur HTTP (80) et HTTPS (443) sans besoin de httpd-ssl.conf
# -------------------------------------------------------------------
# --- Écouter sur le port 80 (déjà fait par httpd.conf, mais si besoin) ---
# Listen 80
# --- Écouter sur le port 443 ---
Listen 443
# -------------------------------------------------------------------
# Configuration SSL globale
# -------------------------------------------------------------------
SSLSessionCache "shmcb:/var/opt/ooce/apache-2.4/run/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
# -------------------------------------------------------------------
# VirtualHost pour GLPI en HTTP (port 80)
# -------------------------------------------------------------------
#ServerName mon-serveur.example.com
DocumentRoot "/var/www/glpi/public"
# --- Option : redirection directe vers HTTPS ---
RewriteEngine On
# Si vous ne voulez pas rediriger *tout* en HTTPS, vous pouvez commenter ces lignes :
RewriteRule ^(.*)$ https://mon-serveur.example.com\$1 [R=301,L]
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^.*$ index.php [QSA,L]
SetHandler "proxy:unix:/var/opt/ooce/php/run/www-8.3.sock|fcgi://localhost/"
ErrorLog "/opt/ooce/apache-2.4/logs/glpi-http-error_log"
CustomLog "/opt/ooce/apache-2.4/logs/glpi-http-access_log" common
# -------------------------------------------------------------------
# VirtualHost pour GLPI en HTTPS (port 443)
# -------------------------------------------------------------------
#ServerName mon-serveur.example.com
DocumentRoot "/var/www/glpi/public"
# --- Active le SSL ---
SSLEngine on
# --- Vos certificats ---
SSLCertificateFile "/etc/opt/ooce/apache-2.4/ssl/glpi.crt"
SSLCertificateKeyFile "/etc/opt/ooce/apache-2.4/ssl/glpi.key"
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^.*$ index.php [QSA,L]
SetHandler "proxy:unix:/var/opt/ooce/php/run/www-8.3.sock|fcgi://localhost/"
ErrorLog "/opt/ooce/apache-2.4/logs/glpi-ssl-error_log"
CustomLog "/opt/ooce/apache-2.4/logs/glpi-ssl-access_log" common
EOF
sleep 2
sed -i 's/#LoadModule ssl_module libexec\/mod_ssl.so/LoadModule ssl_module libexec\/mod_ssl.so/' /etc/opt/ooce/apache-2.4/httpd.conf ; sleep 2
#sed -i 's/#Include \/etc\/opt\/ooce\/apache-2.4\/extra\/httpd-ssl.conf/Include \/etc\/opt\/ooce\/apache-2.4\/extra\/httpd-ssl.conf/' /etc/opt/ooce/apache-2.4/httpd.conf ; sleep 2
sed -i 's/#LoadModule socache_shmcb_module libexec\/mod_socache_shmcb.so/LoadModule socache_shmcb_module libexec\/mod_socache_shmcb.so/' /etc/opt/ooce/apache-2.4/httpd.conf ; sleep 2
sed -i 's/;session.cookie_secure =/session.cookie_secure = 1/' /etc/opt/ooce/php-8.3/php.ini ; sleep 2
svcadm disable svc:/application/php83:default ; sleep 5 ; svcadm enable svc:/application/php83:default ; sleep 5
svcadm restart apache24 ; sleep 5
#echo "pass in log quick proto tcp from any to any port = 443 keep state" >> /etc/ipf/ipf.conf ; sleep 2
#ipf -Fa -f /etc/ipf/ipf.conf ; sleep 5
echo
echo "Un certificat SSL autosigné a été ajouté au vhost" ; sleep 1
echo
;;
esac
exit 0