diff --git a/bin/ncp-diag b/bin/ncp-diag index 8241ed57..dc89c8fa 100644 --- a/bin/ncp-diag +++ b/bin/ncp-diag @@ -1,6 +1,5 @@ #!/bin/bash - -# NextCloudPi diagnostics report +# NextcloudPi diagnostics report # # Copyleft 2017 by Ignacio Nunez Hernanz # GPL licensed (see end of file) * Use at your own risk! @@ -10,13 +9,13 @@ # # More at https://ownyourbits.com # - +# shellcheck disable=SC1091 source /usr/local/etc/library.sh # Distro, NCP version and tag -echo "NextCloudPi version|$( cat /usr/local/etc/ncp-version )" -[[ -f /usr/local/etc/ncp-baseimage ]] && echo "NextCloudPi image|$( cat /usr/local/etc/ncp-baseimage )" -echo "OS|$(cat /etc/issue | sed 's| \\n \\l||'). $(uname -r) ($(uname -m))" +echo "NextcloudPi version|$( cat /usr/local/etc/ncp-version )" +[[ -f /usr/local/etc/ncp-baseimage ]] && echo "NextcloudPi image|$( cat /usr/local/etc/ncp-baseimage )" +echo "OS|$(sed 's| \\n \\l||' /etc/issue). $(uname -r) ($(uname -m))" # Data DATADIR="$( grep datadirectory /var/www/nextcloud/config/config.php | @@ -31,7 +30,7 @@ echo "USB devices|$USBDEVS" echo "datadir|$DATADIR$DIRINFO" [[ "$DIRINFO" == "" ]] && { echo "data in SD|$( [[ $( stat -fc%d / ) == $( stat -fc%d "$DATADIR" ) ]] && echo yes || echo no )" - echo "data filesystem|$( stat -fc%T $DATADIR )" + echo "data filesystem|$( stat -fc%T "$DATADIR" )" echo "data disk usage|$( df -h "$DATADIR" | tail -1 | awk '{ print $3"/"$2 }')" } echo "rootfs usage|$( df -h / | tail -1 | awk '{ print $3"/"$2 }')" @@ -66,63 +65,76 @@ echo "Internet check|$( ping -W 2 -w 1 -q github.com &>/dev/null && echo ok || e function is_port_open() { - local port_url tmp_file token ipv4_portcheck_args ipv6_portcheck_args - tmp_file=$(mktemp) - trap 'rm -rf ${tmp_file}' EXIT ERR SIGINT SIGQUIT SIGABRT SIGTERM SIGHUP - - local port="${1?}" - local publicIPv4="${2}" - local publicIPv6="${3}" - - readonly port_url="https://portchecker.co" - - if [[ -z "$publicIPv4" ]] && [[ -z "$publicIPv6" ]] + # The URL leads to an application I've deployed for NCP on https://fly.io using a Docker container I made. + # The image for the container is available on Docker Hub (zendai/checkport:sanic) if you wish to deploy one yourself. + # The code for the Sanic server and Docker image is available at: https://github.com/ZendaiOwl/Build/tree/master/Docker/Python/Sanic/checkport + # I only have a free tier with limited outbound data per month, 100GB p/month. + # If we go over 100GB outbound data in a month, I will start being charged for the data going over that limit. + # I used a low level Python socket library & fortunately each request only consumes aprox. ~ 60-74 bytes p/second. + # Meaning 100GB should be plenty, it should be enough to handle a little less + # than 450 request p/second a month, unless my calculations are wrong. + # Thank you :pray: from Victor-ray, S. https://github.com/ZendaiOwl + local -r PORTURL="https://checkport.zendai.net.eu.org/check" + local TYPE="${1?}" IPType + # Checks both port 80 & 443 for IPv4/IPv6 and returns the result or [N/A] [N/A] + if ! [[ "$TYPE" =~ ^(0|4|6)$ ]] then - echo -n "Error - IPv4 & IPv6: [N/A] Couldn't get public IP." + echo "Invalid type: $TYPE" 1>&2 return 1 - fi - - token=$(wget -T2 -t1 -qO- --keep-session-cookies --save-cookies "${tmp_file}" "${port_url}" | grep -oP "_csrf\" value=\"\K.*\"" ) - readonly ipv4_portcheck_args=(-T2 -t1 -qO- --load-cookies "${tmp_file}" "${port_url}/check" --post-data "target_ip=${publicIPv4}&port=${port}&_csrf=${token::-1}") - readonly ipv6_portcheck_args=(-T2 -t1 -qO- --load-cookies "${tmp_file}" "${port_url}/check" --post-data "target_ip=${publicIPv6}&port=${port}&_csrf=${token::-1}") - - [[ -n "${token}" ]] || { - echo -n "Error - Couldn't obtain a token for port check" - return 1 - } - - local ipv4_port_access=False - local ipv6_port_access=False - [[ -n "$publicIPv4" ]] && \ - grep -q 'open' <(wget "${ipv4_portcheck_args[@]}") && \ - ipv4_port_access=True - [[ -n "$publicIPv6" ]] && \ - grep -q 'open' <(wget "${ipv6_portcheck_args[@]}") && \ - ipv6_port_access=True - - local result="" - if [[ "${ipv4_port_access}" == True ]] || [[ "${ipv6_port_access}" == True ]] + elif [[ "$TYPE" == 0 ]] then - result="open (" + # Public IPv4/6 is not available + echo -e "[N/A]\n[N/A]" else - result="closed" + IPType="--ipv6" + [[ "$TYPE" -eq 6 ]] || IPType="--ipv4" + curl --silent --max-time 4 "$IPType" "$PORTURL" | jq -r '."80",."443"' fi - - [[ "${ipv4_port_access}" == True ]] && result="${result}ipv4)" - - [[ "${ipv6_port_access}" == True ]] && result="${result/)/ \& }ipv6)" - - echo -n "$result" - } +publicIPv4=$(curl --silent --max-time 4 --ipv4 "https://ipv4.icanhazip.com" 2>/dev/null) || unset publicIPv4 +echo "Public IPv4|${publicIPv4:-"not found"}" +publicIPv6=$(curl --silent --max-time 4 --ipv6 "https://ipv6.icanhazip.com" 2>/dev/null) || unset publicIPv6 +echo "Public IPv6|${publicIPv6:-"not found"}" -publicIPv4=$(curl -s -m4 -4 "https://icanhazip.com" 2>/dev/null) || unset publicIPv4 -echo "public IPv4|${publicIPv4:-"not found"}" -publicIPv6=$(curl -s -m4 -6 "https://icanhazip.com" 2>/dev/null) || unset publicIPv6 -echo "public IPv6|${publicIPv6:-"not found"}" +# Reads each line as an array index element to input into IPv4PORTS array +if [[ -n "$publicIPv4" ]] +then + mapfile -t IPv4PORTS < <(is_port_open 4) +else + mapfile -t IPv4PORTS < <(is_port_open 0) +fi -echo "Port check 80|$( is_port_open 80 "$publicIPv4" "$publicIPv6" )" -echo "Port check 443|$( is_port_open 443 "$publicIPv4" "$publicIPv6" )" +# Reads each line as an array index element to input into IPv6PORTS array +if [[ -n "$publicIPv6" ]] +then + mapfile -t IPv6PORTS < <(is_port_open 6) +else + mapfile -t IPv6PORTS < <(is_port_open 0) +fi + +# Checks if Port 80 is open on IPv4 or IPv6 +if [[ "${IPv4PORTS[0]}" == "open" ]] || [[ "${IPv6PORTS[0]}" == "open" ]] +then + PORT80="open" +elif [[ "${IPv4PORTS[0]}" == "[N/A]" ]] && [[ "${IPv6PORTS[0]}" == "[N/A]" ]] +then + PORT80="[N/A]" +else + PORT80="closed" +fi +# Checks if Port 443 is open on IPv4 or IPv6 +if [[ "${IPv4PORTS[1]}" == "open" ]] || [[ "${IPv6PORTS[1]}" == "open" ]] +then + PORT443="open" +elif [[ "${IPv4PORTS[1]}" == "[N/A]" ]] && [[ "${IPv6PORTS[1]}" == "[N/A]" ]] +then + PORT443="[N/A]" +else + PORT443="closed" +fi + +echo "Port 80|$PORT80" +echo "Port 443|$PORT443" # LAN IFACE=$( ip r | grep "default via" | awk '{ print $5 }' | head -1 ) @@ -130,14 +142,14 @@ GW=$( ip r | grep "default via" | awk '{ print $3 }' | head -1 ) IP="$(get_ip)" echo "IP|$IP" -echo "gateway|$GW" +echo "Gateway|$GW" echo "Interface|$IFACE" # Certificates CERTS="$( grep "SSLCertificateFile */etc/letsencrypt/live/" /etc/apache2/sites-available/nextcloud.conf \ | sed 's|.*SSLCertificateFile */etc/letsencrypt/live/||;s|/fullchain.pem||' )" [[ "$CERTS" == "" ]] && CERTS=none -echo "certificates|$CERTS" +echo "Certificates|$CERTS" RESOLV="$( ping -c1 -w1 "$CERTS" 2>/dev/null | head -1 | grep -oP '\d{1,3}(.\d{1,3}){3}' )" echo "NAT loopback|$( [[ "$RESOLV" == "$IP" ]] && echo yes || echo no )" diff --git a/bin/ncp-report b/bin/ncp-report index 7ca5af9c..c2738903 100755 --- a/bin/ncp-report +++ b/bin/ncp-report @@ -38,8 +38,8 @@ echo "<--! Paste this in GitHub report -->" ## -open_summary "NextCloudPi diagnostics" -bash /usr/local/bin/ncp-diag | sed -r 's=(IP|certificates|gateway).*=\1|***REMOVED SENSITIVE VALUE***=g' | column -t -s'|' +open_summary "NextcloudPi diagnostics" +bash /usr/local/bin/ncp-diag | sed -r 's=(IP|Certificates|Gateway|Public IPv4|Public IPv6).*=\1|***REMOVED SENSITIVE VALUE***=g' | column -t -s'|' close_summary ## diff --git a/bin/ncp-suggestions b/bin/ncp-suggestions index 39f2ceda..bc314867 100644 --- a/bin/ncp-suggestions +++ b/bin/ncp-suggestions @@ -23,10 +23,10 @@ is_active_app dnsmasq && \ grep -q "NAT loopback|no" <<<"$OUT" && \ echo -e "\nYou should enable dnsmasq to use your domain inside home" -grep -q "certificates|none" <<<"$OUT" && \ +grep -q "Certificates|none" <<<"$OUT" && \ echo -e "\nYou should run Lets Encrypt for trusted encrypted access" -grep -q "port check .*|closed" <<<"$OUT" && \ +grep -q "Port .*|closed" <<<"$OUT" && \ echo -e "\nYou should open your ports for Lets Encrypt and external access" grep -q "USB devices|none" <<<"$OUT" || { diff --git a/ncp-web/wizard/index.php b/ncp-web/wizard/index.php index 87d6fcc0..2cf673f1 100644 --- a/ncp-web/wizard/index.php +++ b/ncp-web/wizard/index.php @@ -1,6 +1,6 @@ GPL licensed (see end of file) * Use at your own risk! @@ -27,7 +27,7 @@ - NextCloudPi Wizard + NextcloudPi Wizard @@ -57,7 +57,7 @@ HTML
-

Welcome to NextCloudPi

+

Welcome to NextcloudPi

This wizard will help you configure your personal cloud.

@@ -81,7 +81,7 @@ HTML

- If you want to prepare the USB drive to be used with NextCloudPi hit Format USB. Skip if already formated as ext4 or BTRFS. + If you want to prepare the USB drive to be used with NextcloudPi hit Format USB. Skip if already formated as ext4 or BTRFS.
Attention! This will format your USB drive as BTRFS and will destroy any current data.

@@ -111,7 +111,7 @@ HTML

Port forwarding

To access from the outside, your need to forward ports 80 and 443 to your RPi IP address
- You can have NextCloudPi try to do this automatically for you
+ You can have NextcloudPi try to do this automatically for you
To do it manually yourself, you must access your router interface, usually at http://192.168.1.1

@@ -200,7 +200,7 @@ HTML
-

NextCloudPi is ready!

+

NextcloudPi is ready!

@@ -208,7 +208,7 @@ HTML
-
go back to NextCloudPi web panel +
go back to NextcloudPi web panel