From cd8ffbee1c2680e0e88d219bade390cfa73b57fd Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 20 Oct 2017 15:02:20 +0200 Subject: [PATCH] use ynh_add_nginx_config and ynh_add_fpm_config --- conf/nginx.conf | 15 ++++++--------- conf/php-fpm.conf | 12 ++++++------ scripts/install | 44 +++++++++++++++----------------------------- scripts/upgrade | 45 +++++++++++++++------------------------------ 4 files changed, 42 insertions(+), 74 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index e611ce7..985eb61 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,5 +1,5 @@ -location {PATH}/ { - alias {DESTDIR}/web/public/; +location __PATH__/ { + alias __FINALPATH__/web/public/; index index.php; if ($scheme = http) { @@ -8,21 +8,21 @@ location {PATH}/ { # The seemingly weird syntax is due to a long-standing bug in nginx, # see: https://trac.nginx.org/nginx/ticket/97 - try_files $uri {PATH}/{PATH}/index.php$is_args$args; + try_files $uri __PATH__/__PATH__/index.php$is_args$args; # Another alternative to the weird try_files is to use a rewrite, like this : # #  if (-f $request_filename) { # break; # } - #  rewrite (.*) {LOCATION}/index.php$request_uri; + #  rewrite (.*) __PATH__/index.php$request_uri; # # But remember that if-is-evil : # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#check-if-file-exists - location ~ ^{PATH}/index\.php(/|$) { + location ~ ^__PATH__/index\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; @@ -37,6 +37,3 @@ location {PATH}/ { # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; } - -# append trailing slash in case of a subpath -location = {LOCATION} { return 302 {PATH}/; } diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 49fb4a9..43613e6 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,6 +1,6 @@ -[{POOLNAME}] +[__NAMETOCHANGE__] ; The address on which to accept FastCGI requests. -listen = /var/run/php5-fpm-{POOLNAME}.sock +listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock ; Set permissions for unix socket, if one is used. listen.owner = www-data @@ -8,8 +8,8 @@ listen.group = www-data listen.mode = 0600 ; Unix user/group of processes. -user = {USER} -group = {GROUP} +user = __NAMETOCHANGE__ +group = __NAMETOCHANGE__ ; Choose how the process manager will control the number of child processes. pm = dynamic @@ -47,7 +47,7 @@ request_terminate_timeout = 1d request_slowlog_timeout = 5s ; The log file for slow requests. -slowlog = /var/log/nginx/{POOLNAME}.slow.log +slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log ; Set open file descriptor rlimit. rlimit_files = 4096 @@ -56,7 +56,7 @@ rlimit_files = 4096 rlimit_core = 0 ; Chdir to this directory at the start. -chdir = {DESTDIR} +chdir = __FINALPATH__ ; Redirect worker stdout and stderr into main error log. catch_workers_output = yes diff --git a/scripts/install b/scripts/install index a9d51a0..bfac8f2 100644 --- a/scripts/install +++ b/scripts/install @@ -38,12 +38,10 @@ ynh_webpath_register "$app" "$domain" "$path" LOGDIR=/var/log/$app # Check destination directory -DESTDIR="/var/www/${app}" -[[ -d "$DESTDIR" ]] && ynh_die \ -"The destination directory '${DESTDIR}' already exists.\ - You should safely delete it before installing this app." +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" -mkdir -p "$DESTDIR" +mkdir -p "$final_path" # Check whether Baïkal or Radicale is installed baikal_install=$(agendav_app_check_installation "baikal") @@ -63,7 +61,7 @@ fi # Install dependencies ynh_install_app_dependencies php5-cli -ynh_setup_source "$DESTDIR" +ynh_setup_source "$final_path" # Generate random password and encryption key dbpass=$(ynh_string_random) @@ -72,7 +70,7 @@ ynh_app_setting_set "$app" encryptkey "$encryptkey" ynh_app_setting_set "$app" mysqlpwd "$dbpass" # Copy and set AgenDAV configuration -conf_path="${DESTDIR}/web/config/settings.php" +conf_path="${final_path}/web/config/settings.php" cp ../conf/settings.php "$conf_path" sed -i "s/{DBUSER}/${dbuser}/g" "$conf_path" sed -i "s/{DBPASS}/${dbpass}/g" "$conf_path" @@ -89,20 +87,20 @@ caldav_url="https://${caldav_domain}${caldav_path%/}" sed -i "s@{CALDAV_BASEURL}@${caldav_url}${caldav_baseurl}@g" "$conf_path" sed -i "s@{CALDAV_DOMAIN}@${caldav_domain}@g" "$conf_path" -ynh_system_user_create "$app" "$DESTDIR" +ynh_system_user_create "$app" "$final_path" # Protect source code against modifications -find "${DESTDIR}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; -find "${DESTDIR}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; +find "${final_path}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; +find "${final_path}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; # Only agendav user should write here -chown -hR $app: "${DESTDIR}/web/var/cache/"{profiler,twig} -chmod -R 750 "${DESTDIR}/web/var/cache/"{profiler,twig} +chown -hR $app: "${final_path}/web/var/cache/"{profiler,twig} +chmod -R 750 "${final_path}/web/var/cache/"{profiler,twig} # The agendav user should read here, but does not need to write # Other users should not be able to read as it stores passwords. -find "${DESTDIR}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; -find "${DESTDIR}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; +find "${final_path}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; +find "${final_path}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; # Create log directory install -m 750 -o $app -g adm -d "$LOGDIR" @@ -112,27 +110,15 @@ ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" # Run database migrations ( - cd $DESTDIR + cd $final_path php agendavcli migrations:migrate --no-interaction ) # Copy and set nginx configuration -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf -sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf -sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf -sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf -# comment redirection in case of an installation at root -[[ -n "$path" ]] || sed -i '$s/^/#/' ../conf/nginx.conf -cp ../conf/nginx.conf "$nginx_conf" +ynh_add_nginx_config # Copy and set php-fpm configuration -phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" -sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf -sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf -sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf -sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf -cp ../conf/php-fpm.conf "$phpfpm_conf" +ynh_add_fpm_config if [ "$is_public" -eq 0 ] then # Remove the public access diff --git a/scripts/upgrade b/scripts/upgrade index d454aec..6205fbf 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -37,12 +37,10 @@ fi LOGDIR=/var/log/$app # Check destination directory -DESTDIR="/var/www/$app" -[[ ! -d $DESTDIR ]] && ynh_die \ -"The destination directory '$DESTDIR' does not exist.\ - The app is not correctly installed, you should remove it first." +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" -mkdir -p "$DESTDIR" +mkdir -p "$final_path" # Check whether Baïkal or Radicale is installed baikal_install=$(agendav_app_check_installation "baikal") @@ -62,10 +60,10 @@ fi # Install dependencies ynh_install_app_dependencies php5-cli -ynh_setup_source "$DESTDIR" +ynh_setup_source "$final_path" # Copy and set AgenDAV configuration -conf_path="${DESTDIR}/web/config/settings.php" +conf_path="${final_path}/web/config/settings.php" cp ../conf/settings.php "$conf_path" sed -i "s/{DBUSER}/${dbuser}/g" "$conf_path" sed -i "s/{DBPASS}/${dbpass}/g" "$conf_path" @@ -82,49 +80,36 @@ caldav_url="https://${caldav_domain}${caldav_path%/}" sed -i "s@{CALDAV_BASEURL}@${caldav_url}${caldav_baseurl}@g" "$conf_path" sed -i "s@{CALDAV_DOMAIN}@${caldav_domain}@g" "$conf_path" -ynh_system_user_create "$app" "$DESTDIR" +ynh_system_user_create "$app" "$final_path" # Protect source code against modifications -find "${DESTDIR}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; -find "${DESTDIR}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; +find "${final_path}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; +find "${final_path}" -type d -exec chown root:root {} \; -exec chmod 755 {} \; # Only agendav user should write here -chown -hR $app: "${DESTDIR}/web/var/cache/"{profiler,twig} -chmod -R 750 "${DESTDIR}/web/var/cache/"{profiler,twig} +chown -hR $app: "${final_path}/web/var/cache/"{profiler,twig} +chmod -R 750 "${final_path}/web/var/cache/"{profiler,twig} # The agendav user should read here, but does not need to write # Other users should not be able to read as it stores passwords. -find "${DESTDIR}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; -find "${DESTDIR}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; +find "${final_path}/web/config" -type f -exec chown root:$app {} \; -exec chmod 640 {} \; +find "${final_path}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 {} \; # Create log directory install -m 750 -o $app -g adm -d "$LOGDIR" # Run database migrations ( - cd $DESTDIR + cd $final_path php agendavcli migrations:migrate --no-interaction ) # Copy and set nginx configuration -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf -sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf -sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf -sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf -# comment redirection in case of an installation at root -[[ -n "$path" ]] || sed -i '$s/^/#/' ../conf/nginx.conf -cp ../conf/nginx.conf "$nginx_conf" +ynh_add_nginx_config # Copy and set php-fpm configuration -phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" -sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf -sed -i "s@{DESTDIR}@${DESTDIR}/@g" ../conf/php-fpm.conf -sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf -sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf -cp ../conf/php-fpm.conf "$phpfpm_conf" - +ynh_add_fpm_config if [ $is_public -eq 0 ] then # Remove the public access