diff --git a/check_process b/check_process index 787ad0e..770173b 100644 --- a/check_process +++ b/check_process @@ -1,10 +1,10 @@ ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - admin="john" (USER) - admin_password="secret" + domain="domain.tld" + is_public=1 language="en" - is_public=1 (PUBLIC|public=1|private=0) + admin="john" + admin_password="secret" ; Checks pkg_linter=1 setup_sub_dir=0 @@ -16,11 +16,8 @@ upgrade=1 from_commit=7497ea8b6915b725358db0d4a1210f999961cfee backup_restore=1 multi_instance=1 - incorrect_path=0 port_already_use=0 change_url=1 -;;; Levels - Level 5=auto ;;; Options Email= Notification=none diff --git a/conf/nginx.conf b/conf/nginx.conf index 976e546..833fc99 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -4,27 +4,23 @@ location __PATH__/ { # Path to source alias __FINALPATH__/public/ ; - # Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - more_set_headers "Strict-Transport-Security: max-age=15768000"; index index.php; + location __PATH__ { try_files $uri __PATH__/index.php; } location ~ \.php$ { - include fastcgi_params; - fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_index index.php; - fastcgi_keep_conn on; - more_set_headers "Strict-Transport-Security: max-age=15768000"; + include fastcgi_params; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_index index.php; + fastcgi_keep_conn on; + more_set_headers "Strict-Transport-Security: max-age=15768000"; } # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; -} \ No newline at end of file +} diff --git a/doc/.gitkeep b/doc/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..374be92 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1 @@ +[Cachet](https://cachethq.io/) is a free, open source status page for your API, service or company. Built with all of the features that you'd expect from a status page, Cachet comes with a powerful API, a metric system, multiple user support, two factor authentication for added security and is easy to get setup. A powerful, self-hosted alternative to StatusPage.io and Status.io. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..c763754 --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,8 @@ +## Configuration + +Totally configurable through the Cachet application dashboard. + +## Limitations + +- Must necessarily be installed on domain root (see upstream issue [here](https://github.com/CachetHQ/Cachet/issues/1696)) +- Can't integrate with YunoHost SSO as LDAP support is not implemented yet (see upstream issue [here](https://github.com/CachetHQ/Cachet/issues/2108)) diff --git a/doc/screenshots/.gitkeep b/doc/screenshots/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/doc/screenshots/main-interface.png b/doc/screenshots/main-interface.png new file mode 100644 index 0000000..4b6940a Binary files /dev/null and b/doc/screenshots/main-interface.png differ diff --git a/manifest.json b/manifest.json index 41472fd..3527abf 100644 --- a/manifest.json +++ b/manifest.json @@ -6,59 +6,38 @@ "en": "Open source status page system", "fr": "Système de page de statut open source" }, - "version": "2.4.0~ynh3", + "version": "2.4.0~ynh4", "url": "https://cachethq.io/", + "upstream": { + "license": "BSD-3-Clause", + "website": "https://cachethq.io", + "demo": "https://demo.cachethq.io", + "admindoc": "https://docs.cachethq.io", + "code": "https://github.com/CachetHQ/Cachet" + }, "license": "BSD-3-Clause", "maintainer": { "name": "JimboJoe", "email": "jimmy@monin.net" }, "requirements": { - "yunohost": ">= 3.8.1" + "yunohost": ">= 4.3.0" }, "multi_instance": true, "services": [ "nginx", - "php7.0-fpm", + "php7.3-fpm", "mysql" ], "arguments": { "install" : [ { "name": "domain", - "type": "domain", - "ask": { - "en": "Choose a domain for Cachet", - "fr": "Choisissez un domaine pour Cachet" - }, - "example": "domain.org" - }, - { - "name": "admin", - "type": "user", - "ask": { - "en": "Choose the only allowed admin user", - "fr": "Choisissez l'unique utilisateur autorisé" - }, - "example": "johndoe" - }, - { - "name": "admin_password", - "type": "password", - "optional": true, - "ask": { - "en": "Set the password for admin user", - "fr": "Définissez le mot de passe pour l'utilisateur" - }, - "example": "supersecretpassword" + "type": "domain" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public application?", - "fr": "Est-ce une application publique ?" - }, "default": true }, { @@ -70,7 +49,21 @@ }, "choices": ["fr", "en"], "default": "en" - } + }, + { + "name": "admin", + "type": "user" + }, + { + "name": "admin_password", + "type": "password", + "optional": true, + "ask": { + "en": "Set the password for admin user", + "fr": "Définissez le mot de passe pour l'utilisateur" + }, + "example": "supersecretpassword" + } ] } } diff --git a/scripts/backup b/scripts/backup index 995929f..50516c7 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -25,6 +26,7 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # DECLARE DATA AND CONF FILES TO BACKUP @@ -47,7 +49,7 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" # BACKUP THE PHP-FPM CONFIGURATION #================================================= -ynh_backup --src_path="/etc/php/$YNH_PHP_VERSION/fpm/pool.d/$app.conf" +ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE diff --git a/scripts/change_url b/scripts/change_url index d5d5dd7..d9488e9 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -17,7 +17,7 @@ old_domain=$YNH_APP_OLD_DOMAIN old_path=$YNH_APP_OLD_PATH new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH +new_path="/" app=$YNH_APP_INSTANCE_NAME @@ -28,12 +28,14 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +# Add settings here as needed by your application db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=12 @@ -43,7 +45,7 @@ ynh_clean_setup () { # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - # restore it if the upgrade fails + # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script @@ -77,9 +79,6 @@ nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf # Change the path in the NGINX config file if [ $change_path -eq 1 ] then - ynh_print_warn --message="The only supported path is /!" - # Still make the changes to enable CI tests... - # Make a backup of the original NGINX config file if modified ynh_backup_if_checksum_is_different --file="$nginx_conf_path" # Set global variables for NGINX helper @@ -102,6 +101,8 @@ fi #================================================= # SPECIFIC MODIFICATIONS #================================================= +# ... +#================================================= ynh_script_progression --message="Updating Cachet configuration..." --weight=1 # Replace domain in Cachet configuration files diff --git a/scripts/install b/scripts/install index bab2e5a..d8dafbc 100644 --- a/scripts/install +++ b/scripts/install @@ -14,7 +14,6 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script @@ -26,17 +25,16 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url="/" -admin=$YNH_APP_ARG_ADMIN -admin_password=$YNH_APP_ARG_ADMIN_PASSWORD is_public=$YNH_APP_ARG_IS_PUBLIC language=$YNH_APP_ARG_LANGUAGE +admin=$YNH_APP_ARG_ADMIN +admin_password=$YNH_APP_ARG_ADMIN_PASSWORD app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= - ynh_script_progression --message="Validating installation parameters..." --weight=1 final_path=/var/www/$app @@ -52,14 +50,19 @@ ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=admin_password --value=$admin_password -ynh_app_setting_set --app=$app --key=is_public --value=$is_public -ynh_app_setting_set --app=$app --key=language --value=$language #================================================= # STANDARD MODIFICATIONS #================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=2 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # CREATE A MYSQL DATABASE @@ -88,20 +91,12 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=2 - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Configuring PHP-FPM..." --weight=8 -# Create a dedicated php-fpm config +# Create a dedicated PHP-FPM config ynh_add_fpm_config --package="$extra_php_dependencies" #================================================= @@ -174,8 +169,6 @@ ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" -- chown $app: $final_path/bootstrap/cachet/production.php ynh_store_file_checksum --file="$production_conf" -#================================================= -# GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= @@ -184,16 +177,19 @@ ynh_store_file_checksum --file="$production_conf" chown -R root: $final_path chown -R $app: "${final_path}/.env" "${final_path}/storage/" "${final_path}/bootstrap/" +#================================================= +# GENERIC FINALIZATION #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." --weight=2 +ynh_script_progression --message="Configuring permissions..." --weight=2 # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" fi #================================================= diff --git a/scripts/remove b/scripts/remove index b3c858d..af368d7 100644 --- a/scripts/remove +++ b/scripts/remove @@ -32,14 +32,6 @@ ynh_script_progression --message="Removing the MySQL database..." --weight=2 # Remove a database if it exists, along with the associated user ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=4 - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - #================================================= # REMOVE APP MAIN DIR #================================================= @@ -53,7 +45,7 @@ ynh_secure_remove --file="$final_path" #================================================= ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 -# Remove the dedicated nginx config +# Remove the dedicated NGINX config ynh_remove_nginx_config #================================================= @@ -64,6 +56,14 @@ ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=1 # Remove the dedicated PHP-FPM config ynh_remove_fpm_config +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_script_progression --message="Removing dependencies..." --weight=4 + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index 13e1968..b562c03 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -14,7 +15,6 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - #### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script @@ -32,14 +32,13 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= ynh_script_progression --message="Validating restoration parameters..." --weight=1 -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " @@ -48,9 +47,18 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -58,26 +66,13 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# RESTORE USER RIGHTS -#================================================= - -# Restore permissions on app files chown -R root: $final_path chown -R $app: "${final_path}/.env" "${final_path}/storage/" "${final_path}/bootstrap/" #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=6 +ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=6 # Restore the file first, so it can have a backup if different ynh_restore_file --origin_path="/etc/php/$YNH_PHP_VERSION/fpm/pool.d/$app.conf" @@ -101,8 +96,9 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./ #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." +ynh_systemd_action --service_name=php$phpversion-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 67ab5bc..df6e82c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -18,18 +18,34 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -admin=$(ynh_app_setting_get --app=$app --key=admin) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) language=$(ynh_app_setting_get --app=$app --key=language) +admin=$(ynh_app_setting_get --app=$app --key=admin) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# STANDARD UPGRADE STEPS #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -56,43 +72,20 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=4 +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors + ynh_app_setting_delete --app=$app --key=is_public +fi #================================================= -# CHECK THE PATH +# CREATE DEDICATED USER #================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 -# Normalize the URL path syntax -path_url=$(ynh_normalize_url_path --path_url=$path_url) - -#================================================= -# STANDARD UPGRADE STEPS -#================================================= -# PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1 - -# Recreate a dedicated PHP-FPM config -ynh_add_fpm_config --package="$extra_php_dependencies" - -#================================================= -# SET MAINTENANCE MODE ON -#================================================= - -# We need to have the required version of PHP, hence PHP-FPM block is executed beforehand -exec_artisan "down" +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -127,22 +120,26 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - ynh_add_nginx_config #================================================= -# CREATE DEDICATED USER +# PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 +ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1 -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app +# Recreate a dedicated PHP-FPM config +ynh_add_fpm_config --package="$extra_php_dependencies" + +#================================================= +# SET MAINTENANCE MODE ON +#================================================= + +# We need to have the required version of PHP, hence PHP-FPM block is executed beforehand +exec_artisan "down" #================================================= # SPECIFIC UPGRADE -#================================================= - -ynh_script_progression --message="Upgrading Cachet configuration and dependencies..." --weight=20 - #================================================= # INSTALL AND INITIALIZE COMPOSER #================================================= +ynh_script_progression --message="Upgrading Cachet configuration and dependencies..." --weight=20 ynh_install_composer --install_args="--optimize-autoloader" @@ -153,8 +150,6 @@ ynh_install_composer --install_args="--optimize-autoloader" exec_artisan "app:update" ynh_secure_remove --file=bootstrap/cache/* -#================================================= -# GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= @@ -163,24 +158,14 @@ ynh_secure_remove --file=bootstrap/cache/* chown -R root: $final_path chown -R $app: "${final_path}/.env" "${final_path}/storage/" "${final_path}/bootstrap/" -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1 - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # unprotected_uris allows SSO credentials to be passed anyway - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - #================================================= # SET MAINTENANCE MODE OFF #================================================= exec_artisan "up" +#================================================= +# GENERIC FINALIZATION #================================================= # RELOAD NGINX #=================================================