YunoHost-Apps/cops_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/cops_ynh.git synced 2024-09-03 18:25:57 +02:00
Code Issues Activity Actions

Fix

Browse source
This commit is contained in:
ericgaspar 2021-08-04 12:23:13 +02:00
parent ac499026a7
commit 94dc69d894
No known key found for this signature in database
GPG key ID: 574F281483054D44
17 changed files with 940 additions and 626 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
check_process
View file

@ -1,18 +1,16 @@
;; master ;; Test complet
auto_remove=1
# Commentaire ignoré
; Manifest ; Manifest
domain="$DOMAIN" (DOMAIN) domain="domain.tld"
path="/path" (PATH) path="/path"
admin="john"
language="fr" language="fr"
is_public=1
password="pass"
runninguser="www-data" runninguser="www-data"
calibre="/home/yunohost.app/owncloud/johndoe/" calibre="/home/yunohost.app/owncloud/johndoe/"
is_public="Yes" (PUBLIC|public=Yes|private=No)
basicauthcreate="Yes" basicauthcreate="Yes"
basicauthname="Gutenberg" basicauthname="Gutenberg"
basicauthpass="hiyjgvhfgvhgbjh" basicauthpass="hiyjgvhfgvhgbjh"
# password="$PASSWORD" (PASSWORD)
# port="666" (PORT)
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=1 setup_sub_dir=1
@ -21,12 +19,15 @@
setup_private=1 setup_private=1
setup_public=1 setup_public=1
upgrade=1 upgrade=1
upgrade=1 from_commit=CommitHash
backup_restore=1 backup_restore=1
multi_instance=1 multi_instance=1
wrong_user=0 port_already_use=0
wrong_path=1 change_url=1
incorrect_path=1 ;;; Options
corrupt_source=0 Email=
fail_download_source=0 Notification=none
port_already_use=0 (XXXX) ;;; Upgrade options
final_path_already_use=0 ; commit=CommitHash
name=Name and date of the commit.
manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&

7
conf/app.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://github.com/seblucas/cops/releases/download/1.1.3/cops-1.1.3.zip
SOURCE_SUM=68c9efb340ab30989cd89a19a173c45872d33ed85dd02674f8af08b7748cbc77
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

26
conf/config_local.php
View file

@ -2,12 +2,19 @@
if (!isset($config)) if (!isset($config))
$config = array(); $config = array();
/*
***************************************************
* Please read config_default.php for all possible
* configuration items
***************************************************
*/
/* /*
* The directory containing calibre's metadata.db file, with sub-directories * The directory containing calibre's metadata.db file, with sub-directories
* containing all the formats. * containing all the formats.
* BEWARE : it has to end with a / * BEWARE : it has to end with a /
*/ */
$config['calibre_directory'] = 'CALIBRETOCHANGE/'; $config['calibre_directory'] = '__DOMAIN____PATH__';
/* /*
* Catalog's title * Catalog's title
@ -22,13 +29,18 @@
*/ */
$config['cops_use_url_rewriting'] = "0"; $config['cops_use_url_rewriting'] = "0";
$config['cops_recentbooks_limit'] = '10'; /*
* Set language code to force a language (see lang/ directory for available languages).
* When empty it will auto detect the language.
*/
$config['cops_language'] = '__LANGUAGE__';
$config['default_timezone'] = "TIMEZONETOCHANGE"; /*
* Default timezone
$config['cops_template'] = 'default'; * Check following link for other timezones :
* http://www.php.net/manual/en/timezones.php
$config['cops_style'] = 'iphone'; */
$config['default_timezone'] = '__TIMEZONE__';

22
conf/nginx.conf
View file

@ -1,27 +1,33 @@
location PATHTOCHANGE { #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
alias ALIASTOCHANGE; location __PATH__/ {
# auth_basic "Reason for being private";
# auth_basic_user_file /path/to/htpasswd;
# Path to source
alias __FINALPATH__/ ;
# Force usage of https
if ($scheme = http) { if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent; rewrite ^ https://$server_name$request_uri? permanent;
} }
client_max_body_size 10G; ### Example PHP configuration (remove it if not used)
index index.php; index index.php;
# Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
#client_max_body_size 50M;
try_files $uri $uri/ index.php; try_files $uri $uri/ index.php;
location ~ [^/]\.php(/|$) { location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm-NAMETOCHANGE.sock; fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php; fastcgi_index index.php;
include fastcgi_params; include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user; fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_FILENAME $request_filename;
} }
### End of PHP configuration part
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc; include conf.d/yunohost_panel.conf.inc;
} }

321
conf/php-fpm.conf
View file

@ -1,10 +1,11 @@
; Start a new pool named 'www'. ; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the ; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here) ; pool name ('www' here)
[NAMETOCHANGE] [__NAMETOCHANGE__]
; Per pool prefix ; Per pool prefix
; It only applies on the following directives: ; It only applies on the following directives:
; - 'access.log'
; - 'slowlog' ; - 'slowlog'
; - 'listen' (unixsocket) ; - 'listen' (unixsocket)
; - 'chroot' ; - 'chroot'
@ -16,21 +17,43 @@
; Default Value: none ; Default Value: none
;prefix = /path/to/pools/$pool ;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = __USER__
group = __USER__
; The address on which to accept FastCGI requests. ; The address on which to accept FastCGI requests.
; Valid syntaxes are: ; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port; ; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; specific port; ; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket. ; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory. ; Note: This value is mandatory.
listen = /var/run/php5-fpm-NAMETOCHANGE.sock listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock
; Set listen(2) backlog. A value of '-1' means unlimited. ; Set listen(2) backlog.
; Default Value: 128 (-1 on FreeBSD and OpenBSD) ; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = -1 ;listen.backlog = 511
; List of ipv4 addresses of FastCGI clients which are allowed to connect. ; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = www-data
listen.group = www-data
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be ; must be separated by a comma. If this value is left blank, connections will be
@ -38,26 +61,26 @@ listen = /var/run/php5-fpm-NAMETOCHANGE.sock
; Default Value: any ; Default Value: any
;listen.allowed_clients = 127.0.0.1 ;listen.allowed_clients = 127.0.0.1
; Set permissions for unix socket, if one is used. In Linux, read/write ; Specify the nice(2) priority to apply to the pool processes (only if set)
; permissions must be set in order to allow connections from a web server. Many ; The value can vary from -19 (highest priority) to 20 (lower priority)
; BSD-derived systems allow connections regardless of permissions. ; Note: - It will only work if the FPM master process is launched as root
; Default Values: user and group are set as the running user ; - The pool processes will inherit the master process priority
; mode is set to 0666 ; unless it specified otherwise
listen.owner = www-data ; Default Value: no set
listen.group = www-data ; process.priority = -19
listen.mode = 0600
; Unix user/group of processes ; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
; Note: The user is mandatory. If the group is not set, the default user's group ; or group is differrent than the master process user. It allows to create process
; will be used. ; core dump and ptrace the process for the pool user.
user = USERTOCHANGE ; Default Value: no
group = USERTOCHANGE ; process.dumpable = yes
; Choose how the process manager will control the number of child processes. ; Choose how the process manager will control the number of child processes.
; Possible Values: ; Possible Values:
; static - a fixed number (pm.max_children) of child processes; ; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the ; dynamic - the number of child processes are set dynamically based on the
; following directives: ; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can ; pm.max_children - the maximum number of children that can
; be alive at the same time. ; be alive at the same time.
; pm.start_servers - the number of children created on startup. ; pm.start_servers - the number of children created on startup.
@ -69,73 +92,150 @@ group = USERTOCHANGE
; state (waiting to process). If the number ; state (waiting to process). If the number
; of 'idle' processes is greater than this ; of 'idle' processes is greater than this
; number then some children will be killed. ; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory. ; Note: This value is mandatory.
pm = dynamic pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the ; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes to be created when pm is set to 'dynamic'. ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be ; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. ; CGI. The below defaults are based on a server without much resources. Don't
; Note: Used when pm is set to either 'static' or 'dynamic' ; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory. ; Note: This value is mandatory.
pm.max_children = 6 pm.max_children = 5
; The number of child processes created on startup. ; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic' ; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 3 pm.start_servers = 2
; The desired minimum number of idle server processes. ; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic' ; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 3 pm.min_spare_servers = 1
; The desired maximum number of idle server processes. ; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic' ; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 5 pm.max_spare_servers = 3
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning. ; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For ; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0 ; Default Value: 0
pm.max_requests = 500 ;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be ; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. By default, the status page shows the following ; recognized as a status page. It shows the following informations:
; information:
; accepted conn - the number of request accepted by the pool;
; pool - the name of the pool; ; pool - the name of the pool;
; process manager - static or dynamic; ; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes; ; idle processes - the number of idle processes;
; active processes - the number of active processes; ; active processes - the number of active processes;
; total processes - the number of idle + active processes. ; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached, ; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for ; when pm tries to start more children (works only for
; pm 'dynamic') ; pm 'dynamic' and 'ondemand');
; The values of 'idle processes', 'active processes' and 'total processes' are ; Value are updated in real time.
; updated each second. The value of 'accepted conn' is updated in real time.
; Example output: ; Example output:
; accepted conn: 12073
; pool: www ; pool: www
; process manager: static ; process manager: static
; idle processes: 35 ; start time: 01/Jul/2011:17:53:49 +0200
; active processes: 65 ; start since: 62636
; total processes: 100 ; accepted conn: 190460
; max children reached: 1 ; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either ; By default the status page output is formatted as text/plain. Passing either
; 'html' or 'json' as a query string will return the corresponding output ; 'html', 'xml' or 'json' in the query string will return the corresponding
; syntax. Example: ; output syntax. Example:
; http://www.foo.bar/status ; http://www.foo.bar/status
; http://www.foo.bar/status?json ; http://www.foo.bar/status?json
; http://www.foo.bar/status?html ; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: /usr/share/php/7.0/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be ; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it ; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file. ; may conflict with a real PHP file.
; Default Value: not set ; Default Value: not set
pm.status_path = /fpm-status ;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no ; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside ; URI will be recognized as a ping page. This could be used to test from outside
@ -147,39 +247,102 @@ pm.status_path = /fpm-status
; anything, but it may not be a good idea to use the .php extension or it ; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file. ; may conflict with a real PHP file.
; Default Value: not set ; Default Value: not set
ping.path = /ping ;ping.path = /ping
; This directive may be used to customize the response of a ping request. The ; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code. ; response is formatted as text/plain with a 200 response code.
; Default Value: pong ; Default Value: pong
;ping.response = pong ;ping.response = pong
; The timeout for serving a single request after which the worker process will ; The access log file
; be killed. This option should be used when the 'max_execution_time' ini option ; Default: not set
; does not stop script execution for some reason. A value of '0' means 'off'. ;access.log = log/$pool.access.log
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0 ; The access log format.
request_terminate_timeout = 120s ; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be ; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0 ; Default Value: 0
request_slowlog_timeout = 5s ;request_slowlog_timeout = 0
; The log file for slow requests ; The timeout for serving a single request after which the worker process will
; Default Value: not set ; be killed. This option should be used when the 'max_execution_time' ini option
; Note: slowlog is mandatory if request_slowlog_timeout is set ; does not stop script execution for some reason. A value of '0' means 'off'.
slowlog = /var/log/nginx/NAMETOCHANGE.slow.log ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_terminate_timeout = 1d
; Set open file descriptor rlimit. ; Set open file descriptor rlimit.
; Default Value: system defined value ; Default Value: system defined value
rlimit_files = 4096 ;rlimit_files = 1024
; Set max core size rlimit. ; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value ; Default Value: system defined value
rlimit_core = 0 ;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an ; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used. ; absolute path. When this value is not set, chroot is not used.
@ -195,14 +358,31 @@ rlimit_core = 0
; Chdir to this directory at the start. ; Chdir to this directory at the start.
; Note: relative path can be used. ; Note: relative path can be used.
; Default Value: current directory or / when chroot ; Default Value: current directory or / when chroot
chdir = FOLDERTOCHANGE chdir = __FINALPATH__
; Redirect worker stdout and stderr into main error log. If not set, stdout and ; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs. ; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page ; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms). ; process time (several ms).
; Default Value: no ; Default Value: no
catch_workers_output = yes ;catch_workers_output = yes
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment. ; the current environment.
@ -238,6 +418,13 @@ catch_workers_output = yes
;php_admin_flag[log_errors] = on ;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M ;php_admin_value[memory_limit] = 32M
php_value[upload_max_filesize] = 10G ; Common values to change to increase file upload limit
php_value[post_max_size] = 10G ; php_admin_value[upload_max_filesize] = 50M
php_value[mail.add_x_header] = Off ; php_admin_value[post_max_size] = 50M
; php_admin_flag[mail.add_x_header] = Off
; Other common parameters
; php_admin_value[max_execution_time] = 600
; php_admin_value[max_input_time] = 300
; php_admin_value[memory_limit] = 256M
; php_admin_flag[short_open_tag] = On

2
conf/robots.txt
View file

@ -1,2 +0,0 @@
User-agent: *
Disallow: /

22
manifest.json
View file

@ -7,7 +7,7 @@
"fr": "Calibre OPDS (et HTML) PHP Serveur" "fr": "Calibre OPDS (et HTML) PHP Serveur"
}, },
"url": "https://github.com/YunoHost-Apps/cops_ynh", "url": "https://github.com/YunoHost-Apps/cops_ynh",
"license": "free", "license": "GPL-2.0",
"maintainer": { "maintainer": {
"name": "polytan02", "name": "polytan02",
"email": "polytan02@mcgva.org" "email": "polytan02@mcgva.org"
@ -15,29 +15,21 @@
"multi_instance": true, "multi_instance": true,
"services": [ "services": [
"nginx", "nginx",
"php5-fpm" "php7.3-fpm"
], ],
"requirements": { "requirements": {
"yunohost": ">= 2.4.0" "yunohost": ">= 4.2.0"
}, },
"arguments": { "arguments": {
"install" : [ "install" : [
{ {
"name": "domain", "name": "domain",
"type": "domain", "type": "domain",
"ask": {
"en": "Choose a domain for COPS library",
"fr": "Choisissez un domaine pour votre bibliotheque COPS"
},
"example": "domain.tld" "example": "domain.tld"
}, },
{ {
"name": "path", "name": "path",
"type": "path", "type": "path",
"ask": {
"en": "Choose a path to access your COPS library",
"fr": "Choisissez un chemin pour acceder a votre bibliotheque COPS"
},
"example": "/cops", "example": "/cops",
"default": "/cops" "default": "/cops"
}, },
@ -52,12 +44,8 @@
}, },
{ {
"name": "is_public", "name": "is_public",
"ask": { "type": "boolean",
"en": "Is it a public website ?", "default": true
"fr": "Est-ce un site publique ?"
},
"choices": ["Yes", "No"],
"default": "Yes"
}, },
{ {
"name": "basicauthcreate", "name": "basicauthcreate",

97
scripts/.fonctions
View file

@ -1,97 +0,0 @@
#!/bin/bash
EXIT_PROPERLY () { # Provoque l'arrêt du script en cas d'erreur. Et nettoye les résidus.
exit_code=$?
if [ "$exit_code" -eq 0 ]; then
exit 0 # Quitte sans erreur si le script se termine correctement.
fi
trap '' EXIT
set +eu
echo -e "\e[91m \e[1m" # Shell in light red bold
echo -e "!!\n $app install's script has encountered an error. Installation was cancelled.\n!!" >&2
if type -t CLEAN_SETUP > /dev/null; then # Vérifie l'existance de la fonction avant de l'exécuter.
CLEAN_SETUP # Appel la fonction de nettoyage spécifique du script install.
fi
# Compense le bug de ssowat qui ne supprime pas l'entrée de l'app en cas d'erreur d'installation.
sudo sed -i "\@\"$domain$path/\":@d" /etc/ssowat/conf.json
ynh_die
}
TRAP_ON () { # Activate signal capture
set -eu # Exit if a command fail, and if a variable is used unset.
trap EXIT_PROPERLY EXIT # Capturing exit signals on shell script
}
# We check variables are not empty
CHECK_VAR () { # Vérifie que la variable n'est pas vide.
# $1 = Variable à vérifier
# $2 = Texte à afficher en cas d'erreur
test -n "$1" || (echo "$2" >&2 && false)
}
# Check the path value and correct it (adds / at begining and removes it at the end)
CHECK_PATH () { # Vérifie la présence du / en début de path. Et son absence à la fin.
if [ "${path:0:1}" != "/" ]; then # Si le premier caractère n'est pas un /
path="/$path" # Ajoute un / en début de path
fi
if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # Si le dernier caractère est un / et que ce n'est pas l$
path="${path:0:${#path}-1}" # Supprime le dernier caractère
fi
}
# Check domain and path availibility
CHECK_DOMAINPATH () { # Vérifie la disponibilité du path et du domaine.
sudo yunohost app checkurl $domain$path -a $app
}
# Check destination folder is not used already
CHECK_FINALPATH () { # Vérifie que le dossier de destination n'est pas déjà utilisé.
final_path=/var/www/$app
if [ -e "$final_path" ]
then
echo "This path already contains a folder" >&2
false
fi
}
# We check that calibre path is correct
CHECK_CALIBRE () { # Vérifie la présence du / en début de path. Et son absence à la fin.
if [ "${calibre:0:1}" != "/" ]; then # Si le premier caractère n'est pas un /
calibre="/$calibre" # Ajoute un / en début de path
fi
if [ "${calibre:${#calibre}-1}" == "/" ] && [ ${#calibre} -gt 1 ]; then # Si le dernier caractère est un / $
calibre="${calibre:0:${#calibre}-1}" # Supprime le dernier caractère
fi
}
SECURE_REMOVE () { # Suppression de dossier avec vérification des variables
chaine="$1" # L'argument doit être donné entre quotes simple '', pour éviter d'interpréter les variables.
no_var=0
while (echo "$chaine" | grep -q '\$') # Boucle tant qu'il y a des $ dans la chaine
do
no_var=1
global_var=$(echo "$chaine" | cut -d '$' -f 2) # Isole la première variable trouvée.
only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)') # Isole complètement la variable en ajoutant le $ au début et en gardant uniquement le nom de la variable. Se débarrasse surtout du / et d'un éventuel chemin derrière.
real_var=$(eval "echo ${only_var}") # `eval "echo ${var}` permet d'interpréter une variable contenue dans une variable.
if test -z "$real_var" || [ "$real_var" = "/" ]; then
echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2
return 1
fi
chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@") # remplace la variable par sa valeur dans la chaine.
done
if [ "$no_var" -eq 1 ]
then
if [ -e "$chaine" ]; then
echo "Delete directory $chaine"
sudo rm -r "$chaine"
fi
return 0
else
echo "No detected variable." >&2
return 1
fi
}

22
scripts/_common.sh Normal file
View file

@ -0,0 +1,22 @@
#!/bin/bash
#=================================================
# COMMON VARIABLES
#=================================================
YNH_PHP_VERSION="7.3"
# dependencies used by the app
extra_php_dependencies="php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-sqlite3 php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-intl"
#=================================================
# PERSONAL HELPERS
#=================================================
#=================================================
# EXPERIMENTAL HELPERS
#=================================================
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================

92
scripts/backup
View file

@ -1,22 +1,84 @@
#!/bin/bash #!/bin/bash
set -eu
app=$YNH_APP_INSTANCE_NAME
# Source YunoHost helpers #=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
final_path=$(ynh_app_setting_get $app final_path) #=================================================
finalnginxconf=$(ynh_app_setting_get $app finalnginxconf) # MANAGE SCRIPT FAILURE
finalphpconf=$(ynh_app_setting_get $app finalphpconf) #=================================================
# Backup sources & data ynh_clean_setup () {
# Note: the last argument is where to save this path, see the restore script. ### Remove this function if there's nothing to clean before calling the remove script.
ynh_backup "$final_path" "sources" true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
# Copy NGINX configuration #=================================================
ynh_backup "$finalnginxconf" "nginx.conf" # LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
### PHP (remove if not used) ### app=$YNH_APP_INSTANCE_NAME
# If a dedicated php-fpm process is used:
# # Copy PHP-FPM pool configuration final_path=$(ynh_app_setting_get --app=$app --key=final_path)
ynh_backup "$finalphpconf" "php-fpm.conf" domain=$(ynh_app_setting_get --app=$app --key=domain)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
ynh_print_info --message="Declaring files to be backed up..."
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$final_path"
# #=================================================
# # BACKUP THE DATA DIR
# #=================================================
# ynh_backup --src_path="$datadir" --is_big
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP THE PHP-FPM CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP LOGROTATE
#=================================================
ynh_backup --src_path="/etc/logrotate.d/$app"
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

259
scripts/install
View file

@ -1,162 +1,165 @@
#!/bin/bash #!/bin/bash
#set -eu
# Charge les fonctions génériques habituellement utilisées dans le script #=================================================
source .fonctions # GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Active trap pour arrêter le script si une erreur est détectée. source _common.sh
TRAP_ON
# Source app helpers
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# Retrieve arguments #=================================================
app=$YNH_APP_INSTANCE_NAME # MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path=$YNH_APP_ARG_PATH path_url=$YNH_APP_ARG_PATH
admin=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
calibre=$YNH_APP_ARG_CALIBRE language=$YNH_APP_ARG_LANGUAGE
password=$YNH_APP_ARG_PASSWORD
email=$(ynh_user_get_info --username=$admin --key=mail)
timezone="$(cat /etc/timezone)"
# No basic auth if app is private app=$YNH_APP_INSTANCE_NAME
if [ "$is_public" = "Yes" ];
then
basicauthcreate=$YNH_APP_ARG_BASICAUTHCREATE
basicauthname=$YNH_APP_ARG_BASICAUTHNAME
basicauthpass=$YNH_APP_ARG_BASICAUTHPASS
else
basicauthcreate="No"
fi
# We check variables are not empty #=================================================
CHECK_VAR "$app" "app name not set" # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
# Check the path value and correct it (adds / at begining and removes it at the end) ynh_script_progression --message="Validating installation parameters..." --time --weight=1
CHECK_PATH;
# Check domain and path availibility
CHECK_DOMAINPATH
# Check destination folder is not used already
CHECK_FINALPATH
# We check that calibre path is correct
CHECK_CALIBRE;
final_path=/var/www/$app final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Define variables and Save app settings # Register (book) web path
ynh_app_setting_set "$app" domain "$domain" ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
ynh_app_setting_set "$app" is_public "$is_public"
ynh_app_setting_set "$app" final_path "$final_path"
ynh_app_setting_set "$app" calibre "$calibre"
ynh_app_setting_set "$app" basicauthcreate "$basicauthcreate"
finalnginxconf="/etc/nginx/conf.d/${domain}.d/${app}.conf" #=================================================
ynh_app_setting_set "$app" finalnginxconf "$finalnginxconf" # STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --time --weight=1
finalphpconf="/etc/php5/fpm/pool.d/${app}.conf" ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set "$app" finalphpconf "$finalphpconf" ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=language --value=$language
# Install dependencies using Helpers #=================================================
ynh_package_install_from_equivs ../conf/cops-deps.control \ # STANDARD MODIFICATIONS
|| ynh_die "Unable to install dependencies" #=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding an available port..." --time --weight=1
# Find an available port
port=$(ynh_find_port --port=8095)
ynh_app_setting_set --app=$app --key=port --value=$port
# Creation of folder #=================================================
sudo mkdir -p $final_path # CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --time --weight=1
# We download the sources and check the md5sum # Create a system user
cops_file=`sudo cat ../sources/source_file`; ynh_system_user_create --username=$app --home_dir="$final_path"
sudo wget -nv -i ../sources/source_url -O $cops_file
sudo md5sum -c ../sources/source_md5 --status || (echo "Corrupt source" >&2 && false)
sudo unzip ${cops_file} -d $final_path
# Site adjustments #=================================================
sed -i "s@CALIBRETOCHANGE@$calibre@g" ../conf/config_local.php # DOWNLOAD, CHECK AND UNPACK SOURCE
timezone=`sudo cat /etc/timezone`; #=================================================
sed -i "s@TIMEZONETOCHANGE@$timezone@g" ../conf/config_local.php ynh_script_progression --message="Setting up source files..." --time --weight=1
sudo cp ../conf/config_local.php $final_path ynh_app_setting_set --app=$app --key=final_path --value=$final_path
sudo cp ../conf/robots.txt $final_path # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
# Create cops user and join nextcloud/owncloud/www-data groups chmod 750 "$final_path"
runninguser="${app}-ynh" chmod -R o-rwx "$final_path"
# 1. Create the user chown -R $app:www-data "$final_path"
# Create a system account for COPS if it doesn't already exists
if ! ynh_system_user_exists "$runninguser" ;
then
echo "The user $runninguser does not exist, we can create it"
sudo useradd -c "$runninguser system account" \
-d $final_path --system --user-group $runninguser \
|| ynh_die "Unable to create $runninguser system account"
else
echo "The user $runninguser exists, no need to create it"
fi
ynh_app_setting_set "$app" runninguser "$runninguser" #=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1
# 2. Add cops-ynh to groups www-data and nextcloud/owncloud if they exist # Create a dedicated NGINX config
sudo usermod -a -G www-data $runninguser ynh_add_nginx_config
for filesharing in "nextcloud" "owncloud"; do
app_id=$(sudo yunohost app list --installed -f "$filesharing" \
--output-as json | grep -Po '"id":[ ]?"\K.*?(?=")' | head -1)
[[ -z "$app_id" ]] || {
sudo usermod -a -G $filesharing $runninguser
}
done
# Set permissions #=================================================
sudo chmod ug+rw -R $final_path # PHP-FPM CONFIGURATION
sudo chown -hR $runninguser:$runninguser $final_path #=================================================
ynh_script_progression --message="Configuring PHP-FPM..." --time --weight=1
# Add basic auth if requested # Create a dedicated PHP-FPM config
if [ "$basicauthcreate" = "Yes" ]; ynh_add_fpm_config
then
ynh_app_setting_set "$app" basicauthname "$basicauthname"
ynh_app_setting_set "$app" basicauthpass "$basicauthpass"
# Generation of the htpasswd file according https://www.nginx.com/resources/wiki/community/faq/ #=================================================
SALT="$(openssl rand -base64 3)" # CREATE DATA DIRECTORY
(SHA1=$(printf "$basicauthpass$SALT" | #=================================================
openssl dgst -binary -sha1 | xxd -ps | ynh_script_progression --message="Creating a data directory..." --time --weight=1
sed 's#$#'"`echo -n $SALT | xxd -ps`"'#' |
xxd -r -ps |
base64);printf "$basicauthname:{SSHA}$SHA1\n" >> ../sources/htpasswd)
sudo cp ../sources/htpasswd $final_path
sudo chmod 440 $final_path/htpasswd
sudo chown www-data:www-data $final_path/htpasswd
# Modif nginx datadir=/home/yunohost.app/$app
sed -i "s|^.*\bauth_basic\b.*$| auth_basic \"Private Library\";|" ../conf/nginx.conf; ynh_app_setting_set --app=$app --key=datadir --value=$datadir
sed -i "s|^.*\bauth_basic_user_file\b.*$| auth_basic_user_file $final_path/htpasswd;|" ../conf/nginx.conf;
else
echo "No basic auth";
fi
# Modify Nginx configuration file and copy it to Nginx conf.d directory mkdir -p $datadir
sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf
sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf
sed -i "s@NAMETOCHANGE@$app@g" ../conf/nginx.conf
sudo cp ../conf/nginx.conf $finalnginxconf
# Modify php-fpm configuration file and copy it to php-fpm pool.d directory chmod 750 "$datadir"
sed -i "s@NAMETOCHANGE@$app@g" ../conf/php-fpm.conf chmod -R o-rwx "$datadir"
sed -i "s@FOLDERTOCHANGE@$final_path@g" ../conf/php-fpm.conf chown -R $app:www-data "$datadir"
sed -i "s@USERTOCHANGE@$runninguser@g" ../conf/php-fpm.conf
sudo cp ../conf/php-fpm.conf $finalphpconf #=================================================
sudo chown root: $finalphpconf # ADD A CONFIGURATION
sudo chmod 644 $finalphpconf #=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_add_config --template="../conf/config_local.php" --destination="$final_path/config_local.php"
chmod 400 "$final_path/config_local.php"
chown $app "$final_path/config_local.php"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=1
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --time --weight=1
# Make app public if necessary # Make app public if necessary
is_public=$(ynh_app_setting_get $app is_public) if [ $is_public -eq 1 ]
if [ "$is_public" = "Yes" ];
then then
ynh_app_setting_set $app skipped_uris "/" # Everyone can access the app.
else # The "main" permission is automatically created before the install script.
ynh_app_setting_set $app protected_uris "/" ynh_permission_update --permission="main" --add="visitors"
fi fi
# Reload Nginx and regenerate SSOwat conf #=================================================
sudo service php5-fpm reload # RELOAD NGINX
sudo service nginx reload #=================================================
sudo yunohost app ssowatconf ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --time --last

123
scripts/remove
View file

@ -1,80 +1,69 @@
#!/bin/bash #!/bin/bash
set -u
# Charge les fonctions génériques habituellement utilisées dans le script #=================================================
SECURE_REMOVE () { # Suppression de dossier avec vérification des variables # GENERIC START
chaine="$1" # L'argument doit être donné entre quotes simple '', pour éviter d'interpréter les variables. #=================================================
no_var=0 # IMPORT GENERIC HELPERS
while (echo "$chaine" | grep -q '\$') # Boucle tant qu'il y a des $ dans la chaine #=================================================
do
no_var=1
global_var=$(echo "$chaine" | cut -d '$' -f 2) # Isole la première variable trouvée.
only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)') # Isole complètement la variable en ajoutant le $ au début et en gardant uniquement le nom de la variable. Se débarrasse$
real_var=$(eval "echo ${only_var}") # `eval "echo ${var}` permet d'interpréter une variable contenue dans une variable.
if test -z "$real_var" || [ "$real_var" = "/" ]; then
echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2
return 1
fi
chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@") # remplace la variable par sa valeur dans la chaine.
done
if [ "$no_var" -eq 1 ]
then
if [ -e "$chaine" ]; then
echo "Delete directory $chaine"
sudo rm -r "$chaine"
fi
return 0
else
echo "No detected variable." >&2
return 1
fi
}
REMOVE_SYS_USER () { # Supprime l'utilisateur système dédié à l'app source _common.sh
if ynh_system_user_exists "$1" # Test l'existence de l'utilisateur
then
sudo userdel $1
fi
}
# Active trap pour arrêter le script si une erreur est détectée.
# Source app helpers
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# We retrieve app parameters #=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --time --weight=1
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get $app final_path) domain=$(ynh_app_setting_get --app=$app --key=domain)
finalnginxconf=$(ynh_app_setting_get $app finalnginxconf) port=$(ynh_app_setting_get --app=$app --key=port)
finalphpconf=$(ynh_app_setting_get $app finalphpconf) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
runninguser=$app-ynh
# Suppression du dossier de la webapp #=================================================
SECURE_REMOVE '$final_path' # REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --time --weight=1
# Suppression de la config nginx de la webapp # Remove the app directory securely
if [ -e "$finalnginxconf" ]; then # Delete nginx config ynh_secure_remove --file="$final_path"
echo "Delete nginx config"
sudo rm $finalnginxconf
fi
if [ -e "$finalphpconf" ]; then # Delete nginx config #=================================================
echo "Delete php-fpm config" # REMOVE NGINX CONFIGURATION
sudo rm $finalphpconf #=================================================
fi ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1
# Remove app dependencies # Remove the dedicated NGINX config
if ynh_package_is_installed "cops-deps"; then ynh_remove_nginx_config
ynh_package_autoremove "cops-deps"
fi
# Remove the user account~ #=================================================
#id "$runninguser" >/dev/null 2>&1 \ # REMOVE PHP-FPM CONFIGURATION
#&& sudo deluser --quiet "$runninguser" >/dev/null #=================================================
REMOVE_SYS_USER "$runninguser" ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1
# We reload the services # Remove the dedicated PHP-FPM config
sudo service php5-fpm reload ynh_remove_fpm_config
sudo service nginx reload
sudo yunohost app ssowatconf #=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1
# Delete a system user
ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --time --last

177
scripts/restore
View file

@ -1,89 +1,116 @@
#!/bin/bash #!/bin/bash
set -eu
app=$YNH_APP_INSTANCE_NAME
# Source YunoHost helpers #=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# Retrieve old app settings #=================================================
final_path=$(ynh_app_setting_get $app final_path) # MANAGE SCRIPT FAILURE
is_public=$(ynh_app_setting_get $app is_public) #=================================================
finalnginxconf=$(ynh_app_setting_get $app finalnginxconf)
finalphpconf=$(ynh_app_setting_get $app finalphpconf)
runninguser=$(ynh_app_setting_get $app runninguser)
basicauthcreate=$(ynh_app_setting_get $app basicauthcreate)
# We install dependencies ynh_clean_setup () {
sudo apt-get update -y #### Remove this function if there's nothing to clean before calling the remove script.
sudo apt-get install php5-gd php5-sqlite php5-json php5-intl -y true
# Install dependencies using Helpers
#ynh_package_install_from_equivs ../conf/cops-deps.control \
#|| ynh_die "Unable to install dependencies"
# Restore sources & data
sudo mkdir -p $final_path
sudo cp -a ./sources/* $final_path/
# Create cops user and join nextcloud/owncloud/www-data groups
runninguser="${app}-ynh"
# 1. Create the user
# Create a system account for COPS if it doesn't already exists
if ! ynh_system_user_exists "$runninguser" ;
then
echo "The user $runninguser does not exist, we can create it"
sudo useradd -c "$runninguser system account" \
-d $final_path --system --user-group $runninguser \
|| ynh_die "Unable to create $runninguser system account"
else
echo "The user $runninguser exists, no need to create it"
fi
ynh_app_setting_set "$app" runninguser "$runninguser"
# 2. Add cops-ynh to groups www-data and nextcloud/owncloud if they exist
sudo usermod -a -G www-data $runninguser
for filesharing in "nextcloud" "owncloud"; do
app_id=$(sudo yunohost app list --installed -f "$filesharing" \
--output-as json | grep -Po '"id":[ ]?"\K.*?(?=")' | head -1)
[[ -z "$app_id" ]] || {
sudo usermod -a -G $filesharing $runninguser
} }
done # Exit if an error occurs during the execution of the script
ynh_abort_if_errors
# Restore permissions to app files #=================================================
# you may need to make some file and/or directory writeable by www-data (nginx user) # LOAD SETTINGS
sudo chown -R $runninguser:$runninguser $final_path #=================================================
ynh_script_progression --message="Loading installation settings..." --time --weight=1
if [ "$basicauthcreate" = "Yes" ]; app=$YNH_APP_INSTANCE_NAME
then
sudo chmod 440 $final_path/htpasswd
sudo chown www-data:www-data $final_path/htpasswd
else
echo "Nothing to do"
fi
# Restore NGINX configuration domain=$(ynh_app_setting_get --app=$app --key=domain)
sudo cp -a ./nginx.conf $finalnginxconf path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
### PHP (remove if not used) ### #=================================================
# If a dedicated php-fpm process is used: # CHECK IF THE APP CAN BE RESTORED
# # Copy PHP-FPM pool configuration and reload the service #=================================================
sudo cp -a ./php-fpm.conf $finalphpconf ynh_script_progression --message="Validating restoration parameters..." --time --weight=1
### PHP end ###
# Make app public if necessary ynh_webpath_available --domain=$domain --path_url=$path_url \
is_public=$(ynh_app_setting_get $app is_public) || ynh_die --message="Path not available: ${domain}${path_url}"
if [ "$is_public" = "Yes" ]; test ! -d $final_path \
then || ynh_die --message="There is already a directory: $final_path "
ynh_app_setting_set $app skipped_uris "/"
else
ynh_app_setting_set $app protected_uris "/"
fi
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the NGINX configuration..." --time --weight=1
# Restart webserver ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
sudo service nginx reload
sudo service php5-fpm reload
sudo yunohost app ssowatconf
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..." --time --weight=1
ynh_restore_file --origin_path="$final_path"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# RESTORE THE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Restoring the data directory..." --time --weight=1
ynh_restore_file --origin_path="$datadir" --not_mandatory
mkdir -p $datadir
chmod 750 "$datadir"
chmod -R o-rwx "$datadir"
chown -R $app:www-data "$datadir"
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the PHP-FPM configuration..." --time --weight=1
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..." --time --weight=1
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --time --weight=1
ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --time --last

326
scripts/upgrade
View file

@ -1,127 +1,239 @@
#!/bin/bash #!/bin/bash
set -eu
# We retrieve app parameters #=================================================
app=$YNH_APP_INSTANCE_NAME # GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Source app helpers source _common.sh
source .fonctions
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# We check variables are not empty #=================================================
CHECK_VAR "$app" "app name not set" # LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --time --weight=1
path=$(ynh_app_setting_get $app path) app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
final_path=$(ynh_app_setting_get $app final_path)
finalnginxconf=$(ynh_app_setting_get $app finalnginxconf)
finalphpconf=$(ynh_app_setting_get $app finalphpconf)
calibre=$(ynh_app_setting_get $app calibre)
basicauthcreate=$(ynh_app_setting_get $app basicauthcreate)
# We check that calibre path is correct domain=$(ynh_app_setting_get --app=$app --key=domain)
CHECK_CALIBRE path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
language=$(ynh_app_setting_get --app=$app --key=language)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
# Install dependencies using Helpers #=================================================
ynh_package_install_from_equivs ../conf/cops-deps.control \ # CHECK VERSION
|| ynh_die "Unable to install dependencies" #=================================================
# Removal of old folder and restart from fresh ### This helper will compare the version of the currently installed app and the version of the upstream package.
SECURE_REMOVE '$final_path' ### $upgrade_type can have 2 different values
sudo mkdir -p $final_path ### - UPGRADE_APP if the upstream app version has changed
### - UPGRADE_PACKAGE if only the YunoHost package has changed
### ynh_check_app_version_changed will stop the upgrade if the app is up to date.
### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do.
upgrade_type=$(ynh_check_app_version_changed)
# We download the sources and check the md5sum #=================================================
cops_file=`sudo cat ../sources/source_file`; # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
sudo wget -nv -i ../sources/source_url -O $cops_file #=================================================
sudo md5sum -c ../sources/source_md5 --status || (echo "Corrupt source" >&2 && false) ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1
sudo unzip ${cops_file} -d $final_path
# Site adjustments # Backup the current version of the app
sed -i "s@CALIBRETOCHANGE@$calibre@g" ../conf/config_local.php ynh_backup_before_upgrade
timezone=`sudo cat /etc/timezone`; ynh_clean_setup () {
sed -i "s@TIMEZONETOCHANGE@$timezone@g" ../conf/config_local.php # Restore it if the upgrade fails
ynh_restore_upgradebackup
sudo cp ../conf/config_local.php $final_path
sudo cp ../conf/robots.txt $final_path
# Create cops user and join nextcloud/owncloud/www-data groups
runninguser="${app}-ynh"
# 1. Create the user
# Create a system account for COPS if it doesn't already exists
if ! ynh_system_user_exists "$runninguser" ;
then
echo "The user $runninguser does not exist, we can create it"
sudo useradd -c "$runninguser system account" \
-d $final_path --system --user-group $runninguser \
|| ynh_die "Unable to create $runninguser system account"
else
echo "The user $runninguser exists, no need to create it"
fi
ynh_app_setting_set "$app" runninguser "$runninguser"
# 2. Add cops-ynh to groups www-data and nextcloud/owncloud if they exist
sudo usermod -a -G www-data $runninguser
for filesharing in "nextcloud" "owncloud"; do
app_id=$(sudo yunohost app list --installed -f "$filesharing" \
--output-as json | grep -Po '"id":[ ]?"\K.*?(?=")' | head -1)
[[ -z "$app_id" ]] || {
sudo usermod -a -G $filesharing $runninguser
} }
done # Exit if an error occurs during the execution of the script
ynh_abort_if_errors
# Set permissions #=================================================
sudo chmod ug+rw -R $final_path # STANDARD UPGRADE STEPS
sudo chown -hR $runninguser:$runninguser $final_path #=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --time --weight=1
# Add basic auth if requested ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
if [ "$basicauthcreate" = "Yes" ];
then
basicauthname=$(ynh_app_setting_get $app basicauthname)
basicauthpass=$(ynh_app_setting_get $app basicauthpass)
# Generation of the htpasswd file according https://www.nginx.com/resources/wiki/community/faq/ #=================================================
SALT="$(openssl rand -base64 3)" # ENSURE DOWNWARD COMPATIBILITY
(SHA1=$(printf "$basicauthpass$SALT" | #=================================================
openssl dgst -binary -sha1 | xxd -ps | ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
sed 's#$#'"`echo -n $SALT | xxd -ps`"'#' |
xxd -r -ps |
base64);printf "$basicauthname:{SSHA}$SHA1\n" >> ../sources/htpasswd)
sudo cp ../sources/htpasswd $final_path
sudo chmod 440 $final_path/htpasswd
sudo chown www-data:www-data $final_path/htpasswd
# Modif nginx #
sed -i "s|^.*\bauth_basic\b.*$| auth_basic \"Private Library\";|" ../conf/nginx.conf; # N.B. : the followings setting migrations snippets are provided as *EXAMPLES*
sed -i "s|^.*\bauth_basic_user_file\b.*$| auth_basic_user_file $final_path/htpasswd;|" ../conf/nginx.conf; # of what you may want to do in some cases (e.g. a setting was not defined on
else # some legacy installs and you therefore want to initiaze stuff during upgrade)
echo "No basic auth"; #
# If db_name doesn't exist, create it
#if [ -z "$db_name" ]; then
# db_name=$(ynh_sanitize_dbid --db_name=$app)
# ynh_app_setting_set --app=$app --key=db_name --value=$db_name
#fi
# If final_path doesn't exist, create it
#if [ -z "$final_path" ]; then
# final_path=/var/www/$app
# ynh_app_setting_set --app=$app --key=final_path --value=$final_path
#fi
### If nobody installed your app before 4.1,
### then you may safely remove these lines
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi fi
# Modify Nginx configuration file and copy it to Nginx conf.d directory if ! ynh_permission_exists --permission="admin"; then
sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf # Create the required permissions
sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
sed -i "s@NAMETOCHANGE@$app@g" ../conf/nginx.conf
sudo cp ../conf/nginx.conf $finalnginxconf
# Modify php-fpm configuration file and copy it to php-fpm pool.d directory
sed -i "s@NAMETOCHANGE@$app@g" ../conf/php-fpm.conf
sed -i "s@FOLDERTOCHANGE@$final_path@g" ../conf/php-fpm.conf
sed -i "s@USERTOCHANGE@$runninguser@g" ../conf/php-fpm.conf
sudo cp ../conf/php-fpm.conf $finalphpconf
sudo chown root: $finalphpconf
sudo chmod 644 $finalphpconf
# Make app public if necessary
is_public=$(ynh_app_setting_get $app is_public)
if [ "$is_public" = "Yes" ];
then
ynh_app_setting_set $app skipped_uris "/"
else
ynh_app_setting_set $app protected_uris "/"
fi fi
# Reload Nginx and regenerate SSOwat conf # Create a permission if needed
sudo service php5-fpm reload if ! ynh_permission_exists --permission="api"; then
sudo service nginx reload ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
sudo yunohost app ssowatconf fi
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..." --time --weight=1
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
fi
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --time --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --time --weight=1
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --time --weight=1
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# ...
#=================================================
#=================================================
# UPDATE A CONFIG FILE
#=================================================
ynh_script_progression --message="Updating a configuration file..." --time --weight=1
### Same as during install
###
### The file will automatically be backed-up if it's found to be manually modified (because
### ynh_add_config keeps track of the file's checksum)
ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file"
# FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config
chmod 400 "$final_path/some_config_file"
chown $app:$app "$final_path/some_config_file"
### For more complex cases where you want to replace stuff using regexes,
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
### When doing so, you also need to manually call ynh_store_file_checksum
###
### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file"
### ynh_store_file_checksum --file="$final_path/some_config_file"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Upgrading systemd configuration..." --time --weight=1
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --time --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# UPGRADE FAIL2BAN
#=================================================
ynh_script_progression --message="Reconfiguring Fail2Ban..." --time --weight=1
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --time --last

1
sources/source_file
View file

@ -1 +0,0 @@
cops-1.0.1.zip

1
sources/source_md5
View file

@ -1 +0,0 @@
a688dfd66d31674637106f8430ca1103 cops-1.0.1.zip

1
sources/source_url
View file

@ -1 +0,0 @@
https://github.com/seblucas/cops/releases/download/1.0.1/cops-1.0.1.zip