diff --git a/README.md b/README.md index 6c8dd9e..399eef8 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ Cachet for YunoHost ------------------------ +[![Install Cachet with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cachet) + +[![Integration level](https://dash.yunohost.org/integration/cachet.svg)](https://ci-apps.yunohost.org/jenkins/job/cachet%20%28Community%29/lastBuild/consoleFull) + This is a [Cachet](https://cachethq.io/) package for YunoHost. ![](https://github.com/CachetHQ/Assets/raw/master/images/logo/Cachet.png) @@ -11,10 +15,6 @@ This is a [Cachet](https://cachethq.io/) package for YunoHost. [Cachet](https://cachethq.io/) is a free, open source status page for your API, service or company. Built with all of the features that you'd expect from a status page, Cachet comes with a powerful API, a metric system, multiple user support, two factor authentication for added security and is easy to get setup. A powerful, self-hosted alternative to StatusPage.io and Status.io. - -[![Install Cachet with -YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cachet) - ![](https://github.com/CachetHQ/Assets/raw/master/screenshots/main-interface.png) ## Features diff --git a/check_process b/check_process index e1d4439..51e5798 100644 --- a/check_process +++ b/check_process @@ -1,6 +1,7 @@ ;; Test complet ; Manifest domain="domain.tld" (DOMAIN) + path="/path" (PATH) admin="john" (USER) admin_password="secret" language="en" @@ -10,8 +11,8 @@ setup_sub_dir=0 setup_root=1 setup_nourl=0 - setup_private=0 - setup_public=0 + setup_private=1 + setup_public=1 upgrade=1 backup_restore=1 multi_instance=1 @@ -22,9 +23,9 @@ Level 1=auto Level 2=auto Level 3=auto -# LDAP integration not possible yet: https://github.com/CachetHQ/Cachet/issues/2108 +# https://github.com/YunoHost-Apps/cachet_ynh/issues/1 Level 4=na -# TODO +# https://github.com/YunoHost-Apps/cachet_ynh/issues/2 Level 5=1 Level 6=auto Level 7=auto diff --git a/conf/nginx.conf b/conf/nginx.conf index 0273283..dbd8d17 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,27 +1,47 @@ -location __PATH__ { - root __FINALPATH__/public/; +location ^~ __PATH__ { + alias __FINALPATH__/public/; if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } add_header Strict-Transport-Security max-age=15768000; - index index.php; - try_files $uri /index.php$is_args$args; - # show YunoHost panel access - include conf.d/yunohost_panel.conf.inc; - location ~ [^/]\.php$ { + location __PATH__ { + rewrite ^ __PATH__index.php$request_uri; + } + + location ~ [^/]\.php { include fastcgi_params; fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param REMOTE_USER $remote_user; fastcgi_index index.php; fastcgi_keep_conn on; add_header Strict-Transport-Security max-age=15768000; } + + # Adding the cache control header for js and css files + location ~* \.(?:css|js)$ { + add_header Cache-Control "public, max-age=7200"; + # Add headers to serve security related headers + add_header Strict-Transport-Security "max-age=15768000;"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + # Optional: Don't log access to assets + access_log off; + } + + location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { + # Optional: Don't log access to other assets + access_log off; + } + + # show YunoHost panel access + include conf.d/yunohost_panel.conf.inc; } - - - diff --git a/manifest.json b/manifest.json index 528b9a0..9dca1f6 100644 --- a/manifest.json +++ b/manifest.json @@ -35,14 +35,14 @@ }, { "name": "path", - "type": "path", + "type": "path", "ask": { - "en": "Choose a path for Cachet", - "fr": "Choisissez un chemin pour Cachet" + "en": "Choose a path; only / is allowed at the moment.", + "fr": "Choisissez un chemin, seul / est autorisé pour le moment." }, - "example": "/cachet", - "default": "/cachet" - }, + "example": "/", + "default": "/" + }, { "name": "admin", "type": "user", diff --git a/scripts/_common.sh b/scripts/_common.sh index 144b941..63f2cc1 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ # ============================================================================= # Package dependencies -pkg_dependencies="php-mbstring php-tokenizer php-gd php-simplexml mcrypt php-xml" +pkg_dependencies="php5-gd php5-mcrypt" # ============================================================================= # COMMON CACHET FUNCTIONS @@ -58,3 +58,16 @@ exec_as() { sudo -u "$USER" "$@" fi } + + +# ============= FUTURE YUNOHOST HELPER ============= +# Delete a file checksum from the app settings +# +# $app should be defined when calling this helper +# +# usage: ynh_remove_file_checksum file +# | arg: file - The file for which the checksum will be deleted +ynh_delete_file_checksum () { + local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' + ynh_app_setting_delete $app $checksum_setting_name +} diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..96f9fa5 --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,115 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +old_domain=$YNH_APP_OLD_DOMAIN +old_path=$YNH_APP_OLD_PATH + +new_domain=$YNH_APP_NEW_DOMAIN +new_path=$YNH_APP_NEW_PATH + +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# LOAD SETTINGS +#================================================= + +db_name=$(ynh_app_setting_get "$app" db_name) +db_pwd=$(ynh_app_setting_get "$app" mysqlpwd) +db_user="$db_name" +final_path=$(ynh_app_setting_get "$app" final_path) + +#================================================= +# CHECK PATHS SYNTAX +#================================================= + +test -n "$old_path" || old_path="/" +test -n "$new_path" || new_path="/" +new_path=$(ynh_normalize_url_path $new_path) +old_path=$(ynh_normalize_url_path $old_path) + +#================================================= +# CHECK WHICH PARTS SHOULD BE CHANGED +#================================================= + +change_domain=0 +if [ "$old_domain" != "$new_domain" ] +then + change_domain=1 +fi + +change_path=0 +if [ "$old_path" != "$new_path" ] +then + change_path=1 +fi + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# MODIFY URL IN NGINX CONF FILE +#================================================= + +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +# Change the path in the nginx config file +if [ $change_path -eq 1 ] +then + echo "The only supported path is /!" + # Still make the changes to enable CI tests... + + # Make a backup of the original nginx config file if modified + ynh_backup_if_checksum_is_different "$nginx_conf_path" + if [ "$new_path" = "/" ] && [ "$old_path" != "/" ] ; then + ynh_replace_string "location\( \(=\|~\|~\*\|\^~\)\)\? $old_path" "location\1 /" "$nginx_conf_path" + ynh_replace_string "rewrite ^ $old_path" "rewrite ^ " "$nginx_conf_path" + elif [ "$new_path" != "/" ] && [ "$old_path" = "/" ] ; then + ynh_replace_string "location\( \(=\|~\|~\*\|\^~\)\)\? /" "location\1 $new_path" "$nginx_conf_path" + ynh_replace_string "rewrite ^ /" "rewrite ^ $new_path/" "$nginx_conf_path" + else + ynh_replace_string "location\( \(=\|~\|~\*\|\^~\)\)\? $old_path" "location\1 $new_path" "$nginx_conf_path" + ynh_replace_string "rewrite ^ $old_path" "rewrite ^ $new_path" "$nginx_conf_path" + fi + # Calculate and store the nginx config file checksum + ynh_store_file_checksum "$nginx_conf_path" +fi + +# Change the domain for nginx +if [ $change_domain -eq 1 ] +then + # Delete file checksum for the old conf file location + ynh_delete_file_checksum "$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf" +fi + +#================================================= +# SPECIFIC MODIFICATIONS +#================================================= + +# Replace domain in Cachet configuration files +ynh_replace_string "$old_domain" "$new_domain" "$final_path/.env" +ynh_replace_string "$old_domain" "$new_domain" "$final_path/bootstrap/cachet/production.php" + +# Replace domain in Cachet database settings +ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_user" <<< "UPDATE settings SET value = 'https://$new_domain' WHERE name = 'app_domain'" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx \ No newline at end of file diff --git a/scripts/install b/scripts/install index 0ba7371..75644ee 100644 --- a/scripts/install +++ b/scripts/install @@ -21,7 +21,7 @@ ynh_abort_if_errors #================================================= domain=$YNH_APP_ARG_DOMAIN -path_url="/" +path_url=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN admin_password=$YNH_APP_ARG_ADMIN_PASSWORD is_public=$YNH_APP_ARG_IS_PUBLIC @@ -121,8 +121,9 @@ ynh_replace_string "MAIL_HOST=mailtrap.io" "MAIL_HOST=" "$env_conf" ynh_replace_string "MAIL_PORT=2525" "MAIL_PORT=25" "$env_conf" ynh_replace_string "MAIL_USERNAME=null" "MAIL_USERNAME=null" "$env_conf" ynh_replace_string "MAIL_PASSWORD=null" "MAIL_PASSWORD=null" "$env_conf" -ynh_replace_string "MAIL_ADDRESS=null" "MAIL_ADDRESS=cachet@$domain" "$env_conf" -ynh_replace_string "MAIL_NAME=null" "MAIL_NAME=Cachet" "$env_conf" +admin_mail="$(ynh_user_get_info $admin mail)" +ynh_replace_string "MAIL_ADDRESS=null" "MAIL_ADDRESS=$admin_mail" "$env_conf" +ynh_replace_string "MAIL_NAME=null" "MAIL_NAME=$admin" "$env_conf" # Disable reporting to CachetHQ servers echo "CACHET_BEACON=false" >> "$env_conf" @@ -166,8 +167,7 @@ password_hash="$(cd $final_path ; php artisan tinker -q --no-ansi <<< "echo H password_pash="${password_hash::-1}" # Remove last character ynh_replace_string "__PASSWORD_HASH__" "$password_pash" "$sql_conf" -mail="$(ynh_user_get_info $admin mail)" -ynh_replace_string "__EMAIL__" "$mail" "$sql_conf" +ynh_replace_string "__EMAIL__" "$admin_mail" "$sql_conf" ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \ < "$sql_conf"