mirror of
https://github.com/YunoHost-Apps/cryptpad_ynh.git
synced 2024-09-03 18:26:14 +02:00
commit
bc01a4026c
12 changed files with 295 additions and 47 deletions
|
@ -6,6 +6,7 @@ It shall NOT be edited by hand.
|
|||
# CryptPad for YunoHost
|
||||
|
||||
[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Working status](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
|
||||
|
||||
[![Install CryptPad with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad)
|
||||
|
||||
*[Lire ce readme en français.](./README_fr.md)*
|
||||
|
@ -17,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
|
|||
|
||||
CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored.
|
||||
|
||||
**Shipped version:** 4.12.0~ynh2
|
||||
**Shipped version:** 5.2.1~ynh1
|
||||
|
||||
**Demo:** https://cryptpad.fr/
|
||||
|
||||
|
|
23
README_fr.md
23
README_fr.md
|
@ -5,25 +5,26 @@ It shall NOT be edited by hand.
|
|||
|
||||
# CryptPad pour YunoHost
|
||||
|
||||
[![Niveau d'intégration](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
|
||||
[![Niveau d’intégration](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
|
||||
|
||||
[![Installer CryptPad avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad)
|
||||
|
||||
*[Read this readme in english.](./README.md)*
|
||||
|
||||
> *Ce package vous permet d'installer CryptPad rapidement et simplement sur un serveur YunoHost.
|
||||
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
|
||||
> *Ce package vous permet d’installer CryptPad rapidement et simplement sur un serveur YunoHost.
|
||||
Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l’installer et en profiter.*
|
||||
|
||||
## Vue d'ensemble
|
||||
## Vue d’ensemble
|
||||
|
||||
CryptPad est une suite de collaboration chiffrée de bout en bout et open source. Il est conçu pour permettre la collaboration, en synchronisant les modifications apportées aux documents en temps réel. Étant donné que toutes les données sont chiffrées, le service et ses administrateurs n'ont aucun moyen de voir le contenu modifié et stocké.
|
||||
|
||||
**Version incluse :** 4.12.0~ynh2
|
||||
**Version incluse :** 5.2.1~ynh1
|
||||
|
||||
**Démo :** https://cryptpad.fr/
|
||||
|
||||
## Captures d'écran
|
||||
## Captures d’écran
|
||||
|
||||
![Capture d'écran de CryptPad](./doc/screenshots/screenshot.png)
|
||||
![Capture d’écran de CryptPad](./doc/screenshots/screenshot.png)
|
||||
|
||||
## Avertissements / informations importantes
|
||||
|
||||
|
@ -43,9 +44,9 @@ adminKeys: [
|
|||
|
||||
## Documentations et ressources
|
||||
|
||||
* Site officiel de l'app : <https://cryptpad.fr/>
|
||||
* Documentation officielle de l'admin : <https://docs.cryptpad.fr/en/>
|
||||
* Dépôt de code officiel de l'app : <https://github.com/xwiki-labs/cryptpad>
|
||||
* Site officiel de l’app : <https://cryptpad.fr/>
|
||||
* Documentation officielle de l’admin : <https://docs.cryptpad.fr/en/>
|
||||
* Dépôt de code officiel de l’app : <https://github.com/xwiki-labs/cryptpad>
|
||||
* Documentation YunoHost pour cette app : <https://yunohost.org/app_cryptpad>
|
||||
* Signaler un bug : <https://github.com/YunoHost-Apps/cryptpad_ynh/issues>
|
||||
|
||||
|
@ -61,4 +62,4 @@ ou
|
|||
sudo yunohost app upgrade cryptpad -u https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug
|
||||
```
|
||||
|
||||
**Plus d'infos sur le packaging d'applications :** <https://yunohost.org/packaging_apps>
|
||||
**Plus d’infos sur le packaging d’applications :** <https://yunohost.org/packaging_apps>
|
|
@ -13,6 +13,8 @@
|
|||
upgrade=1
|
||||
#4.10.0
|
||||
upgrade=1 from_commit=2a54cd03f90c93b07150a64644ffc7f208110a18
|
||||
#4.12.0
|
||||
upgrade=1 from_commit=1e36039893dc35533b320257ca7f93ef1d07a164
|
||||
backup_restore=1
|
||||
multi_instance=0
|
||||
port_already_use=0
|
||||
|
@ -23,3 +25,6 @@ Notification=none
|
|||
;;; Upgrade options
|
||||
; commit=2a54cd03f90c93b07150a64644ffc7f208110a18
|
||||
name=update to 4.10.0
|
||||
;;; Upgrade options
|
||||
; commit=1e36039893dc35533b320257ca7f93ef1d07a164
|
||||
name=update to 4.12.0
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/4.11.0.tar.gz
|
||||
SOURCE_SUM=e529b484c297f73227f991971189c51f64da1ab53fc78334d1fb08e320d4385e
|
||||
SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/5.2.1.tar.gz
|
||||
SOURCE_SUM=945abe5bae0da25a4e2ef8e02730aaa5bb5e5a0b8bfd7a23a09ec38422d7c47f
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
|
|
|
@ -72,7 +72,7 @@ module.exports = {
|
|||
*
|
||||
* CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS.
|
||||
*/
|
||||
// httpSafeOrigin: "https://some-other-domain.xyz",
|
||||
httpSafeOrigin: "https://__SANDBOXDOMAIN__",
|
||||
|
||||
/* httpAddress specifies the address on which the nodejs server
|
||||
* should be accessible. By default it will listen on 127.0.0.1
|
||||
|
@ -324,5 +324,5 @@ module.exports = {
|
|||
* such as Docker.
|
||||
*
|
||||
*/
|
||||
installMethod: 'unspecified',
|
||||
installMethod: 'yunohost',
|
||||
};
|
103
conf/nginx.conf
103
conf/nginx.conf
|
@ -1,19 +1,94 @@
|
|||
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
|
||||
location __PATH__/ {
|
||||
|
||||
proxy_pass http://127.0.0.1:__PORT__;
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
set $main_domain "__DOMAIN__";
|
||||
set $sandbox_domain "__SANDBOXDOMAIN__";
|
||||
set $allowed_origins "https://${sandbox_domain}";
|
||||
set $api_domain "__DOMAIN__";
|
||||
set $files_domain "__DOMAIN__";
|
||||
ssl_ecdh_curve secp384r1;
|
||||
more_set_headers "Strict-Transport-Security: 'max-age=31536000; includeSubDomains' always";
|
||||
more_set_headers "X-XSS-Protection: '1; mode=block'";
|
||||
more_set_headers "X-Content-Type-Options: nosniff";
|
||||
more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'";
|
||||
more_set_headers "Cross-Origin-Resource-Policy: cross-origin";
|
||||
more_set_headers "Cross-Origin-Embedder-Policy: require-corp";
|
||||
root /var/www/cryptpad;
|
||||
index index.html;
|
||||
error_page 404 /customize.dist/404.html;
|
||||
if ($uri ~ ^(\/|.*\/|.*\.html)$) {
|
||||
set $cacheControl no-cache;
|
||||
}
|
||||
if ($args ~ ver=) {
|
||||
set $cacheControl max-age=31536000;
|
||||
}
|
||||
more_set_headers "Cache-Control: $cacheControl";
|
||||
set $styleSrc "'unsafe-inline' 'self' https://${main_domain}";
|
||||
set $connectSrc "'self' blob: https://${main_domain} https://${sandbox_domain} wss://${main_domain}";
|
||||
set $fontSrc "'self' data: https://${main_domain}";
|
||||
set $imgSrc "'self' data: blob: https://${main_domain}";
|
||||
set $frameSrc "'self' https://${sandbox_domain} blob:";
|
||||
set $mediaSrc "blob:";
|
||||
set $childSrc "https://${main_domain}";
|
||||
set $workerSrc "'self'";
|
||||
set $scriptSrc "'self' resource: https://${main_domain}";
|
||||
set $frameAncestors "'self' https://${main_domain}";
|
||||
set $unsafe 0;
|
||||
if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; }
|
||||
if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; }
|
||||
if ($host != $sandbox_domain) { set $unsafe 0; }
|
||||
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
|
||||
if ($unsafe) {
|
||||
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
|
||||
}
|
||||
more_set_headers "Content-Security-Policy: default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors";
|
||||
location ^~ /cryptpad_websocket {
|
||||
proxy_pass http://localhost:3000;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $server_name;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
# Include SSOWAT user panel.
|
||||
include conf.d/yunohost_panel.conf.inc;
|
||||
more_clear_input_headers 'Accept-Encoding';
|
||||
proxy_set_header Connection upgrade;
|
||||
}
|
||||
location ^~ /customize.dist/ {
|
||||
# This is needed in order to prevent infinite recursion between /customize/ and the root
|
||||
}
|
||||
location ^~ /customize/ {
|
||||
rewrite ^/customize/(.*)$ $1 break;
|
||||
try_files /customize/$uri /customize.dist/$uri;
|
||||
}
|
||||
location ~ ^/api/.*$ {
|
||||
proxy_pass http://localhost:3000;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_hide_header Cross-Origin-Resource-Policy;
|
||||
more_set_headers "Cross-Origin-Resource-Policy: cross-origin";
|
||||
proxy_hide_header Cross-Origin-Embedder-Policy;
|
||||
more_set_headers "Cross-Origin-Embedder-Policy: require-corp";
|
||||
}
|
||||
location ^~ /blob/ {
|
||||
if ($request_method = 'OPTIONS') {
|
||||
more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'";
|
||||
more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'";
|
||||
more_set_headers "Access-Control-Allow-Headers: 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'";
|
||||
more_set_headers "Access-Control-Max-Age: 1728000";
|
||||
more_set_headers "Content-Type: 'application/octet-stream; charset=utf-8'";
|
||||
more_set_headers "Content-Length: 0";
|
||||
return 204;
|
||||
}
|
||||
more_set_headers "X-Content-Type-Options: nosniff";
|
||||
more_set_headers "Cache-Control: max-age=31536000'";
|
||||
more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'";
|
||||
more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'";
|
||||
more_set_headers "Access-Control-Allow-Headers: 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length'";
|
||||
more_set_headers "Access-Control-Expose-Headers: 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length'";
|
||||
try_files $uri =404;
|
||||
}
|
||||
location ^~ /block/ {
|
||||
more_set_headers "X-Content-Type-Options: nosniff";
|
||||
more_set_headers "Cache-Control: max-age=0";
|
||||
try_files $uri =404;
|
||||
}
|
||||
location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert|checkup)$ {
|
||||
rewrite ^(.*)$ $1/ redirect;
|
||||
}
|
||||
try_files /customize/www/$uri /customize/www/$uri/index.html /www/$uri /www/$uri/index.html /customize/$uri;
|
||||
|
|
|
@ -3,17 +3,18 @@
|
|||
"id": "cryptpad",
|
||||
"packaging_format": 1,
|
||||
"description": {
|
||||
"en": "Zero Knowledge realtime collaborative editor",
|
||||
"fr": "Éditeur chiffré collaboratif en temps réel"
|
||||
"en": "Zero Knowledge realtime collaborative office suite",
|
||||
"fr": "Suite bureautique chiffrée pour la collaboration en temps réel"
|
||||
},
|
||||
"version": "4.12.0~ynh2",
|
||||
"version": "5.2.1~ynh1",
|
||||
"url": "https://cryptpad.fr/",
|
||||
"upstream": {
|
||||
"license": "AGPL-3.0-only",
|
||||
"website": "https://cryptpad.fr/",
|
||||
"demo": "https://cryptpad.fr/",
|
||||
"admindoc": "https://docs.cryptpad.fr/en/",
|
||||
"code": "https://github.com/xwiki-labs/cryptpad"
|
||||
"code": "https://github.com/xwiki-labs/cryptpad",
|
||||
"cpe": "cpe:2.3:a:xwiki:cryptpad"
|
||||
},
|
||||
"license": "AGPL-3.0-only",
|
||||
"maintainer": {
|
||||
|
@ -22,7 +23,7 @@
|
|||
"url": "https://frju365.yunohost.support"
|
||||
},
|
||||
"requirements": {
|
||||
"yunohost": ">= 4.3.0"
|
||||
"yunohost": ">= 11.1.6"
|
||||
},
|
||||
"multi_instance": false,
|
||||
"services": [
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
# COMMON VARIABLES
|
||||
#=================================================
|
||||
|
||||
nodejs_version="14"
|
||||
nodejs_version="16.14.2"
|
||||
|
||||
#=================================================
|
||||
# PERSONAL HELPERS
|
||||
|
|
|
@ -66,6 +66,31 @@ ynh_app_setting_set --app=$app --key=port --value=$port
|
|||
porti=$(ynh_find_port --port=$(($port + 1)))
|
||||
ynh_app_setting_set --app=$app --key=porti --value=$porti
|
||||
|
||||
#=================================================
|
||||
# CREATE A SANDBOX DOMAIN
|
||||
#=================================================
|
||||
|
||||
# if the main domain for the app is a root domain, we create a correct sandbox subdomain
|
||||
if [[ $domain == *"."* ]]; then
|
||||
sandboxdomain=sandbox.$domain
|
||||
fi
|
||||
# if the main domain for the app is already a sub-domain, we create a correct sandbox domain
|
||||
if [[ $domain == *"."*"."* ]]; then
|
||||
sandboxdomain=sandbox-$domain
|
||||
fi
|
||||
# if the main domain for the app is a .local root domain, we create a correct sandbox subdomain
|
||||
if [[ $domain == *".local" ]]; then
|
||||
sandboxdomain=sandbox-$domain
|
||||
fi
|
||||
|
||||
ynh_script_progression --message="Setting up sandobx domain : $sandboxdomain" --weight=1
|
||||
|
||||
# We don't test that in CI
|
||||
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
|
||||
yunohost domain add $sandboxdomain
|
||||
yunohost domain config set $sandboxdomain -a "mail_in=0&mail_out=0"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# INSTALL DEPENDENCIES
|
||||
#=================================================
|
||||
|
@ -131,6 +156,8 @@ pushd "$final_path"
|
|||
ynh_exec_warn_less npm install --allow-root
|
||||
ynh_exec_warn_less npm install -g bower
|
||||
ynh_exec_warn_less bower install --allow-root
|
||||
ynh_exec_warn_less bower update --allow-root
|
||||
ynh_exec_warn_less npm run build
|
||||
popd
|
||||
|
||||
#=================================================
|
||||
|
@ -161,6 +188,30 @@ then
|
|||
ynh_permission_update --permission="main" --add="visitors"
|
||||
fi
|
||||
|
||||
# We authorize access to sandbox domain
|
||||
# We don't test that in CI
|
||||
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
|
||||
ynh_permission_url --permission="main" --add_url=$sandboxdomain --auth_header=true
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# APPLY FOLDER RIGHTS
|
||||
#=================================================
|
||||
chgrp -R www-data $final_path
|
||||
|
||||
#=================================================
|
||||
# COPY NGINX CONF IN SANDBOX DOMAIN
|
||||
#=================================================
|
||||
# We don't test that in CI
|
||||
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
|
||||
ynh_add_config --template="/etc/nginx/conf.d/$domain.d/cryptpad.conf" --destination="/etc/nginx/conf.d/$sandboxdomain.d/cryptpad.conf"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# RELOAD YUNOHOST-API to refresh web admin domains after domain creation (normal?)
|
||||
#=================================================
|
||||
ynh_systemd_action --service_name=yunohost-api --action=reload
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
|
@ -175,9 +226,14 @@ ynh_script_progression --message="Sending a readme for the admin..." --weight=1
|
|||
|
||||
message="CryptPad was successfully installed :)
|
||||
|
||||
Please open your $app domain: https://$domain$path_url
|
||||
READ CAREFULLY !!
|
||||
|
||||
Once CryptPad is installed, create an account via the Register button on the home page. To make this account an instance administrator:
|
||||
We have added a sandbox domain : $sandboxdomain for you but you still need to configure your DNS and generate the Let's Encrypt Certificates for it.
|
||||
You will need also to restart CryptPad service after this is done.
|
||||
|
||||
Then you can please open your $app domain: https://$domain$path_url
|
||||
Once CryptPad is installed, create an account via the Sign Up button on the home page which will take you to the Register page.
|
||||
To make this account an instance administrator:
|
||||
|
||||
1. Copy the public key found in User Menu (avatar at the top right) > Settings > Account > Public Signing Key
|
||||
2. Paste this key in /var/www/cryptpad/config/config.js in the following array (uncomment and replace the placeholder):
|
||||
|
|
|
@ -64,6 +64,42 @@ ynh_script_progression --message="Removing dependencies..." --weight=3
|
|||
|
||||
ynh_remove_nodejs
|
||||
|
||||
#=================================================
|
||||
# REMOVE SANDBOX DOMAIN
|
||||
#=================================================
|
||||
|
||||
# We don't test that in CI
|
||||
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
|
||||
|
||||
# if the main domain for the app is a root domain, we create a correct sandbox subdomain
|
||||
if [[ $domain == *"."* ]]; then
|
||||
sandboxdomain=sandbox.$domain
|
||||
fi
|
||||
# if the main domain for the app is already a sub-domain, we create a correct sandbox domain
|
||||
if [[ $domain == *"."*"."* ]]; then
|
||||
sandboxdomain=sandbox-$domain
|
||||
fi
|
||||
# if the main domain for the app is a .local root domain, we create a correct sandbox subdomain
|
||||
if [[ $domain == *".local" ]]; then
|
||||
sandboxdomain=sandbox-$domain
|
||||
fi
|
||||
|
||||
ynh_script_progression --message="Removing sandbox domain : $sandboxdomain" --weight=1
|
||||
|
||||
if yunohost domain list | grep -q $sandboxdomain
|
||||
then #if domain exist we remove it
|
||||
yunohost domain remove $sandboxdomain
|
||||
# we clean the nginx configuration we added
|
||||
ynh_secure_remove --file="/etc/nginx/conf.d/$sandboxdomain.d/"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
#=================================================
|
||||
# RELOAD YUNOHOST-API to refresh web admin domains after domain creation (bug core?)
|
||||
#=================================================
|
||||
#ynh_systemd_action --service_name=yunohost-api --action=reload
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
|
|
|
@ -68,6 +68,11 @@ chmod -R o-rwx "$final_path"
|
|||
chown -R $app:$app "$final_path"
|
||||
chmod 600 "$final_path/config/config.js"
|
||||
|
||||
#=================================================
|
||||
# APPLY FOLDER GROUP RIGHTS FOR WWW-DATA
|
||||
#=================================================
|
||||
chgrp -R www-data $final_path
|
||||
|
||||
#=================================================
|
||||
# REINSTALL DEPENDENCIES
|
||||
#=================================================
|
||||
|
|
|
@ -90,13 +90,42 @@ then
|
|||
ynh_script_progression --message="Upgrading source files..." --weight=1
|
||||
|
||||
# Download, check integrity, uncompress and patch the source from app.src
|
||||
ynh_setup_source --dest_dir="$final_path" --keep="$final_path/config/config.js"
|
||||
ynh_setup_source --dest_dir="$final_path" --keep="config/config.js customize/"
|
||||
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:$app "$final_path"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# APPLY FOLDER GROUP RIGHTS FOR WWW-DATA
|
||||
#=================================================
|
||||
chgrp -R www-data $final_path
|
||||
|
||||
#=================================================
|
||||
# CREATE A SANDBOX DOMAIN
|
||||
#=================================================
|
||||
# if the main domain for the app is a root domain, we create a correct sandbox subdomain
|
||||
if [[ $domain == *"."* ]]; then
|
||||
sandboxdomain=sandbox.$domain
|
||||
fi
|
||||
# if the main domain for the app is already a sub-domain, we create a correct sandbox domain
|
||||
if [[ $domain == *"."*"."* ]]; then
|
||||
sandboxdomain=sandbox-$domain
|
||||
fi
|
||||
# if the main domain for the app is a .local root domain, we create a correct sandbox subdomain
|
||||
if [[ $domain == *".local" ]]; then
|
||||
sandboxdomain=sandbox-$domain
|
||||
fi
|
||||
|
||||
ynh_script_progression --message="Setting up sandobx domain : $sandboxdomain" --weight=1
|
||||
|
||||
# We don't test that in CI
|
||||
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
|
||||
yunohost domain add $sandboxdomain
|
||||
yunohost domain config set $sandboxdomain -a "mail_in=0&mail_out=0"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
|
@ -122,6 +151,7 @@ pushd "$final_path"
|
|||
ynh_exec_warn_less npm install -g bower
|
||||
ynh_exec_warn_less bower update --allow-root
|
||||
ynh_exec_warn_less npm i
|
||||
ynh_exec_warn_less npm run build
|
||||
popd
|
||||
|
||||
#=================================================
|
||||
|
@ -142,6 +172,11 @@ ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
|||
|
||||
yunohost service add $app --description="Zero Knowledge realtime collaborative editor" --log="/var/log/$app/$app.log"
|
||||
|
||||
#=================================================
|
||||
# ADD UPGRADED CONFIG WITH SANDBOX
|
||||
#=================================================
|
||||
ynh_add_config --template="../conf/config.js" --destination="$final_path/config/config.js"
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
#=================================================
|
||||
|
@ -149,6 +184,20 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
|
|||
|
||||
ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="server available"
|
||||
|
||||
#=================================================
|
||||
# COPY NGINX CONF IN SANDBOX DOMAIN
|
||||
#=================================================
|
||||
# We don't test that in CI
|
||||
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
|
||||
ynh_add_config --template="/etc/nginx/conf.d/$domain.d/cryptpad.conf" --destination="/etc/nginx/conf.d/$sandboxdomain.d/cryptpad.conf"
|
||||
fi
|
||||
|
||||
# We authorize access to sandbox domain
|
||||
# We don't test that in CI
|
||||
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
|
||||
ynh_permission_url --permission="main" --add_url=$sandboxdomain --auth_header=true
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
|
@ -156,6 +205,25 @@ ynh_script_progression --message="Reloading NGINX web server..." --weight=1
|
|||
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
#=================================================
|
||||
# SEND A README FOR THE ADMIN
|
||||
#=================================================
|
||||
ynh_script_progression --message="Sending a readme for the admin..." --weight=1
|
||||
|
||||
message="CryptPad was successfully upgraded :)
|
||||
We have added a sandbox domain for you but you still need to configure your DNS and generate Let's Encrypt Certificates for it !!
|
||||
If not already done, then you can please open your $app domain: https://$domain$path_url
|
||||
Create an account via the Register button on the home page. To make this account an instance administrator:
|
||||
1. Copy the public key found in User Menu (avatar at the top right) > Settings > Account > Public Signing Key
|
||||
2. Paste this key in /var/www/cryptpad/config/config.js in the following array (uncomment and replace the placeholder):
|
||||
adminKeys: [
|
||||
"[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
|
||||
],
|
||||
If you are facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/cryptpad_ynh"
|
||||
|
||||
ynh_send_readme_to_admin "$message"
|
||||
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
|
Loading…
Reference in a new issue