mirror of
https://github.com/YunoHost-Apps/dokuwiki_ynh.git
synced 2024-09-03 18:26:20 +02:00
Apply example_ynh
This commit is contained in:
parent
70075bdeb1
commit
da54fe8875
11 changed files with 215 additions and 162 deletions
100
.github/workflows/updater.sh
vendored
Normal file
100
.github/workflows/updater.sh
vendored
Normal file
|
@ -0,0 +1,100 @@
|
|||
#!/bin/bash
|
||||
|
||||
#=================================================
|
||||
# PACKAGE UPDATING HELPER
|
||||
#=================================================
|
||||
|
||||
# This script is meant to be run by GitHub Actions
|
||||
# The YunoHost-Apps organisation offers a template Action to run this script periodically
|
||||
# Since each app is different, maintainers can adapt its contents so as to perform
|
||||
# automatic actions when a new upstream release is detected.
|
||||
|
||||
#=================================================
|
||||
# FETCHING LATEST RELEASE AND ITS ASSETS
|
||||
#=================================================
|
||||
|
||||
# Fetching information
|
||||
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
|
||||
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
|
||||
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
|
||||
version=$(curl --silent "https://api.github.com/repos/$repo/tags" | jq -r '.[] | select( .name | contains("release_stable_") ) | .name' | sort -V | tail -1 | cut -d "_" -f3-)
|
||||
assets="https://download.dokuwiki.org/src/dokuwiki/dokuwiki-$version.tgz"
|
||||
|
||||
# Later down the script, we assume the version has only digits and dots
|
||||
# Sometimes the release name starts with a "v", so let's filter it out.
|
||||
# You may need more tweaks here if the upstream repository has different naming conventions.
|
||||
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
|
||||
version=${version:1}
|
||||
fi
|
||||
|
||||
# Setting up the environment variables
|
||||
echo "Current version: $current_version"
|
||||
echo "Latest release from upstream: $version"
|
||||
echo "VERSION=$version" >> $GITHUB_ENV
|
||||
echo "REPO=$repo" >> $GITHUB_ENV
|
||||
# For the time being, let's assume the script will fail
|
||||
echo "PROCEED=false" >> $GITHUB_ENV
|
||||
|
||||
# Proceed only if the retrieved version is greater than the current one
|
||||
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
|
||||
echo "::warning ::No new version available"
|
||||
exit 0
|
||||
# Proceed only if a PR for this new version does not already exist
|
||||
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
|
||||
echo "::warning ::A branch already exists for this update"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# UPDATE SOURCE FILES
|
||||
#=================================================
|
||||
|
||||
# Let's download source tarball
|
||||
asset_url=$assets
|
||||
|
||||
echo "Handling asset at $asset_url"
|
||||
|
||||
src="app"
|
||||
|
||||
# Create the temporary directory
|
||||
tempdir="$(mktemp -d)"
|
||||
|
||||
# Download sources and calculate checksum
|
||||
filename=${asset_url##*/}
|
||||
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
|
||||
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
|
||||
|
||||
# Delete temporary directory
|
||||
rm -rf $tempdir
|
||||
|
||||
# Rewrite source file
|
||||
cat <<EOT > conf/$src.src
|
||||
SOURCE_URL=$asset_url
|
||||
SOURCE_SUM=$checksum
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
SOURCE_FILENAME=
|
||||
SOURCE_EXTRACT=true
|
||||
EOT
|
||||
echo "... conf/$src.src updated"
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC UPDATE STEPS
|
||||
#=================================================
|
||||
|
||||
# Any action on the app's source code can be done.
|
||||
# The GitHub Action workflow takes care of committing all changes after this script ends.
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
|
||||
# Replace new version in manifest
|
||||
echo "$(jq -s --indent 4 ".[] | .version = \"${version//-/.}~ynh1\"" manifest.json)" > manifest.json
|
||||
|
||||
# No need to update the README, yunohost-bot takes care of it
|
||||
|
||||
# The Action will proceed only if the PROCEED environment variable is set to true
|
||||
echo "PROCEED=true" >> $GITHUB_ENV
|
||||
exit 0
|
49
.github/workflows/updater.yml
vendored
Normal file
49
.github/workflows/updater.yml
vendored
Normal file
|
@ -0,0 +1,49 @@
|
|||
# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
|
||||
# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
|
||||
# This file should be enough by itself, but feel free to tune it to your needs.
|
||||
# It calls updater.sh, which is where you should put the app-specific update steps.
|
||||
name: Check for new upstream releases
|
||||
on:
|
||||
# Allow to manually trigger the workflow
|
||||
workflow_dispatch:
|
||||
# Run it every day at 6:00 UTC
|
||||
schedule:
|
||||
- cron: '0 6 * * *'
|
||||
jobs:
|
||||
updater:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Fetch the source code
|
||||
uses: actions/checkout@v2
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run the updater script
|
||||
id: run_updater
|
||||
run: |
|
||||
# Setting up Git user
|
||||
git config --global user.name 'yunohost-bot'
|
||||
git config --global user.email 'yunohost-bot@users.noreply.github.com'
|
||||
# Run the updater script
|
||||
/bin/bash .github/workflows/updater.sh
|
||||
- name: Commit changes
|
||||
id: commit
|
||||
if: ${{ env.PROCEED == 'true' }}
|
||||
run: |
|
||||
git commit -am "Upgrade to v$VERSION"
|
||||
- name: Create Pull Request
|
||||
id: cpr
|
||||
if: ${{ env.PROCEED == 'true' }}
|
||||
uses: peter-evans/create-pull-request@v3
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
commit-message: Update to version ${{ env.VERSION }}
|
||||
committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
|
||||
author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
|
||||
signoff: false
|
||||
base: testing
|
||||
branch: ci-auto-update-v${{ env.VERSION }}
|
||||
delete-branch: true
|
||||
title: 'Upgrade to version ${{ env.VERSION }}'
|
||||
body: |
|
||||
Upgrade to v${{ env.VERSION }}
|
||||
draft: false
|
|
@ -1,11 +1,10 @@
|
|||
;; Test complet
|
||||
auto_remove=1
|
||||
; Manifest
|
||||
domain="domain.tld"
|
||||
path="/path"
|
||||
admin="john"
|
||||
is_public=1
|
||||
language=en
|
||||
admin="john"
|
||||
; Checks
|
||||
pkg_linter=1
|
||||
setup_sub_dir=1
|
||||
|
@ -19,6 +18,7 @@
|
|||
upgrade=1 from_commit=f45c459b287c8f045c08e65cea412cfc2cae38f4
|
||||
backup_restore=1
|
||||
multi_instance=1
|
||||
port_already_use=0
|
||||
change_url=1
|
||||
actions=0
|
||||
config_panel=0
|
||||
|
|
|
@ -3,3 +3,5 @@ SOURCE_SUM=48ed2ae11fa4a0ae8338af9aedc837601b34e21c0be15d16e2d6228ca7a91f23
|
|||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
SOURCE_FILENAME=
|
||||
SOURCE_EXTRACT=true
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
location __PATH__/ {
|
||||
|
||||
# Path to source
|
||||
alias __FINALPATH__/ ;
|
||||
alias __FINALPATH__/;
|
||||
|
||||
index index.php doku.php;
|
||||
|
||||
|
|
|
@ -50,10 +50,6 @@
|
|||
"example": "/dokuwiki",
|
||||
"default": "/dokuwiki"
|
||||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"type": "user"
|
||||
},
|
||||
{
|
||||
"name": "is_public",
|
||||
"type": "boolean",
|
||||
|
@ -75,7 +71,11 @@
|
|||
"fr"
|
||||
],
|
||||
"default": "en"
|
||||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"type": "user"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
# IMPORT GENERIC HELPERS
|
||||
#=================================================
|
||||
|
||||
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
|
||||
source ../settings/scripts/_common.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
|
@ -13,6 +14,9 @@ source /usr/share/yunohost/helpers
|
|||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
ynh_clean_setup () {
|
||||
true
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
|
|
|
@ -13,6 +13,9 @@ source /usr/share/yunohost/helpers
|
|||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
ynh_clean_setup () {
|
||||
true
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
|
@ -22,9 +25,9 @@ ynh_abort_if_errors
|
|||
|
||||
domain=$YNH_APP_ARG_DOMAIN
|
||||
path_url=$YNH_APP_ARG_PATH
|
||||
admin_user=$YNH_APP_ARG_ADMIN
|
||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
||||
language=$YNH_APP_ARG_LANGUAGE
|
||||
admin=$YNH_APP_ARG_ADMIN
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
|
@ -48,6 +51,8 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain
|
|||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
||||
ynh_app_setting_set --app=$app --key=language --value=$language
|
||||
|
||||
#=================================================
|
||||
# STANDARD MODIFICATIONS
|
||||
#=================================================
|
||||
# INSTALL DEPENDENCIES
|
||||
#=================================================
|
||||
|
@ -63,8 +68,6 @@ ynh_script_progression --message="Configuring system user..." --weight=2
|
|||
# Create a system user
|
||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||
|
||||
#=================================================
|
||||
# STANDARD MODIFICATIONS
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
#=================================================
|
||||
|
@ -99,9 +102,9 @@ ynh_add_nginx_config
|
|||
#=================================================
|
||||
# SPECIFIC SETUP
|
||||
#=================================================
|
||||
# CUSTOMIZE DOKUWIKI
|
||||
# ADD A CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring DokuWiki..." --weight=2
|
||||
ynh_script_progression --message="Adding a configuration file..." --weight=2
|
||||
|
||||
# Loading order of configuration files
|
||||
#
|
||||
|
@ -137,6 +140,7 @@ ynh_add_config --template="../conf/acl.auth.php" --destination="$final_path/conf
|
|||
#=================================================
|
||||
# CREATE DEFAULT FILES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Creating default files..." --weight=1
|
||||
|
||||
# For securing DokuWiki installation, create default files that will be writable in the "conf" folder.
|
||||
# Other files will be read ony and owned by root.
|
||||
|
@ -158,61 +162,13 @@ cp --archive ../conf/plugins.local.php $final_path/conf
|
|||
cp --archive ../conf/plugins.local.php $final_path/conf/plugins.local.php.bak
|
||||
|
||||
#=================================================
|
||||
# STORE THE CHECKSUM OF THE CONFIG FILE
|
||||
#=================================================
|
||||
|
||||
# Calculate and store the config file checksum into the app settings
|
||||
#ynh_store_file_checksum --file="$final_path/conf/local.protected.php"
|
||||
### Files '$final_path/conf/local.php' and '$final_path/conf/acl.auth.php' can be modified by user, no need to store checksum as they cannot be overwritten safely by the upgrade script
|
||||
|
||||
# #=================================================
|
||||
# # GENERIC FINALIZATION
|
||||
# #=================================================
|
||||
# # SECURE FILES AND DIRECTORIES
|
||||
# #=================================================
|
||||
|
||||
# # Try to use "least privilege" to grant minimal access
|
||||
# # For details, see https://www.dokuwiki.org/install:permissions
|
||||
|
||||
# # Files owned by DokuWiki can just read
|
||||
# chown -R root: $final_path
|
||||
|
||||
# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner
|
||||
# chown $app:root $final_path/{conf,inc}
|
||||
|
||||
# # Make "DokuWiki" owner of configuration files that must be writable
|
||||
# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
|
||||
|
||||
# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
|
||||
# # See https://www.dokuwiki.org/devel:preload
|
||||
# chown $app:root $final_path/inc/preload.php
|
||||
|
||||
# # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
|
||||
# # There are only files in the folder and there are no sublevels. No need to use "find"
|
||||
# chmod -R a+r $final_path/{conf,inc}
|
||||
|
||||
# # Give write access to "data" and subfolders
|
||||
# chown -R $app:root $final_path/data
|
||||
# # Remove access to "other"
|
||||
# chmod -R o-rwx $final_path/data
|
||||
|
||||
# # Allow the web admin panel to run, aka "Extension Manager"
|
||||
# chown -R $app:root $final_path/lib/plugins
|
||||
# # Allow to install templates
|
||||
# chown -R $app:root $final_path/lib/tpl
|
||||
|
||||
# # Allow access to public assets like style sheets
|
||||
# find $final_path/lib -type f -print0 | xargs -0 chmod 0644
|
||||
# find $final_path/lib -type d -print0 | xargs -0 chmod 0755
|
||||
# # Using "find" instead of "chmod -R 755" so files does not become executable too
|
||||
# # chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD
|
||||
# # find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD
|
||||
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# SETUP FAIL2BAN
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring Fail2Ban..." --weight=7
|
||||
|
||||
# Create a dedicated Fail2Ban config
|
||||
ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: <HOST>,.*POST $path_url.*$" --max_retry=5
|
||||
|
||||
#=================================================
|
||||
|
@ -223,17 +179,19 @@ ynh_script_progression --message="Configuring permissions..." --weight=2
|
|||
# Make app public if necessary
|
||||
if [ $is_public -eq 1 ]
|
||||
then
|
||||
# Everyone can access the app.
|
||||
# The "main" permission is automatically created before the install script.
|
||||
ynh_permission_update --permission="main" --add="visitors"
|
||||
fi
|
||||
|
||||
# Create the "admin" permission and add the "admin_user" to it
|
||||
# Create the "admin" permission and add the "admin" to it
|
||||
# More users can be added to the group from the YunoHost webadmin
|
||||
ynh_permission_create --permission "admin" --allowed "$admin_user"
|
||||
ynh_permission_create --permission "admin" --allowed "$admin"
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reloading NGINX web server..."
|
||||
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
|
||||
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers
|
|||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Loading installation settings..."
|
||||
ynh_script_progression --message="Loading installation settings..." --weight=1
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
|
@ -24,7 +24,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|||
#=================================================
|
||||
# REMOVE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing app main directory..."
|
||||
ynh_script_progression --message="Removing app main directory..." --weight=1
|
||||
|
||||
# Remove the app directory securely
|
||||
ynh_secure_remove --file="$final_path"
|
||||
|
@ -32,7 +32,7 @@ ynh_secure_remove --file="$final_path"
|
|||
#=================================================
|
||||
# REMOVE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing NGINX web server configuration..."
|
||||
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
|
||||
|
||||
# Remove the dedicated NGINX config
|
||||
ynh_remove_nginx_config
|
||||
|
@ -50,7 +50,7 @@ ynh_remove_fpm_config
|
|||
#=================================================
|
||||
ynh_script_progression --message="Removing dependencies..." --weight=1
|
||||
|
||||
# Remove metapackage and its dependencies if no other package need them
|
||||
# Remove metapackage and its dependencies
|
||||
ynh_remove_app_dependencies
|
||||
|
||||
#=================================================
|
||||
|
@ -58,6 +58,7 @@ ynh_remove_app_dependencies
|
|||
#=================================================
|
||||
ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=7
|
||||
|
||||
# Remove the dedicated Fail2Ban config
|
||||
ynh_remove_fail2ban_config
|
||||
|
||||
#=================================================
|
||||
|
@ -65,7 +66,7 @@ ynh_remove_fail2ban_config
|
|||
#=================================================
|
||||
# REMOVE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing the dedicated system user..."
|
||||
ynh_script_progression --message="Removing the dedicated system user..." --weight=1
|
||||
|
||||
# Delete a system user
|
||||
ynh_system_user_delete --username=$app
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
# IMPORT GENERIC HELPERS
|
||||
#=================================================
|
||||
|
||||
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
|
||||
source ../settings/scripts/_common.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
|
@ -13,20 +14,22 @@ source /usr/share/yunohost/helpers
|
|||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
ynh_clean_setup () {
|
||||
true
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Loading settings..." --weight=2
|
||||
ynh_script_progression --message="Loading installation settings..." --weight=2
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
|
||||
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
|
||||
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
|
||||
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
|
||||
|
@ -52,7 +55,7 @@ ynh_system_user_create --username=$app --home_dir="$final_path"
|
|||
#=================================================
|
||||
# RESTORE THE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the app main directory..."
|
||||
ynh_script_progression --message="Restoring the app main directory..." --weight=1
|
||||
|
||||
ynh_restore_file --origin_path="$final_path"
|
||||
|
||||
|
@ -60,31 +63,6 @@ chmod 750 "$final_path"
|
|||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:www-data "$final_path"
|
||||
|
||||
# #=================================================
|
||||
# # RESTORE USER RIGHTS
|
||||
# #=================================================
|
||||
|
||||
# # Try to use "least privilege" to grant minimal access
|
||||
# # For details, see https://www.dokuwiki.org/install:permissions
|
||||
|
||||
# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner
|
||||
# chown $app:root $final_path/{conf,inc}
|
||||
|
||||
# # Make "DokuWiki" owner of configuration files that must be writable
|
||||
# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
|
||||
|
||||
# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
|
||||
# # See https://www.dokuwiki.org/devel:preload
|
||||
# chown $app:root $final_path/inc/preload.php
|
||||
|
||||
# # Give write access to "data" and subfolders
|
||||
# chown -R $app:root $final_path/data
|
||||
|
||||
# # Allow the web admin panel to run, aka "Extension Manager"
|
||||
# chown -R $app:root $final_path/lib/plugins
|
||||
# # Allow to install templates
|
||||
# chown -R $app:root $final_path/lib/tpl
|
||||
|
||||
#=================================================
|
||||
# RESTORE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
|
@ -107,7 +85,7 @@ ynh_install_app_dependencies $pkg_dependencies
|
|||
#=================================================
|
||||
# RESTORE THE PHP-FPM CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=5
|
||||
ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=5
|
||||
|
||||
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
|
||||
|
||||
|
@ -127,7 +105,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
|||
#=================================================
|
||||
# RELOAD NGINX AND PHP-FPM
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM.." --weight=2
|
||||
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=2
|
||||
|
||||
ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
|
|
@ -18,16 +18,16 @@ app=$YNH_APP_INSTANCE_NAME
|
|||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||
language=$(ynh_app_setting_get --app=$app --key=language)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
|
||||
language=$(ynh_app_setting_get --app=$app --key=language)
|
||||
|
||||
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
|
||||
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
|
||||
|
||||
#=================================================
|
||||
# CHECK VERSION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Checking version..." --weight=1
|
||||
|
||||
upgrade_type=$(ynh_check_app_version_changed)
|
||||
|
||||
|
@ -39,16 +39,18 @@ ynh_script_progression --message="Backing up the app before upgrading (may take
|
|||
# Backup the current version of the app
|
||||
ynh_backup_before_upgrade
|
||||
ynh_clean_setup () {
|
||||
# restore it if the upgrade fails
|
||||
# Restore it if the upgrade fails
|
||||
ynh_restore_upgradebackup
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# STANDARD UPGRADE STEPS
|
||||
#=================================================
|
||||
# ENSURE DOWNWARD COMPATIBILITY
|
||||
#=================================================
|
||||
ynh_script_progression --message="Ensuring downward compatibility..."
|
||||
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
|
||||
|
||||
# If final_path doesn't exist, create it
|
||||
if [ -z "$final_path" ]; then
|
||||
|
@ -183,11 +185,9 @@ fi
|
|||
#=================================================
|
||||
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
|
||||
|
||||
# Create a system user
|
||||
# Create a dedicated user (if not existing)
|
||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||
|
||||
#=================================================
|
||||
# STANDARD UPGRADE STEPS
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
#=================================================
|
||||
|
@ -204,14 +204,6 @@ chmod 750 "$final_path"
|
|||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:www-data "$final_path"
|
||||
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
|
||||
|
||||
# Create a dedicated NGINX config
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
# UPGRADE DEPENDENCIES
|
||||
#=================================================
|
||||
|
@ -227,9 +219,19 @@ ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1
|
|||
# Create a dedicated PHP-FPM config
|
||||
ynh_add_fpm_config --phpversion=$phpversion --usage=$fpm_usage --footprint=$fpm_footprint
|
||||
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
|
||||
|
||||
# Create a dedicated NGINX config
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC UPGRADE
|
||||
#=================================================
|
||||
# UPGRADE DOKUWIKI
|
||||
#=================================================
|
||||
|
||||
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
||||
then
|
||||
|
@ -324,61 +326,20 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil
|
|||
# Recalculate and store the checksum of the file for the next upgrade.
|
||||
ynh_store_file_checksum --file="$final_path/conf/local.protected.php"
|
||||
|
||||
# #=================================================
|
||||
# # GENERIC FINALIZATION
|
||||
# #=================================================
|
||||
# # SECURE FILES AND DIRECTORIES
|
||||
# #=================================================
|
||||
|
||||
# # Try to use "least privilege" to grant minimal access
|
||||
# # For details, see https://www.dokuwiki.org/install:permissions
|
||||
|
||||
# # Files owned by DokuWiki can just read
|
||||
# chown -R root: $final_path
|
||||
|
||||
# # DokuWiki needs to write inside these folders. Make "DokuWiki" owner
|
||||
# chown $app:root $final_path/{conf,inc}
|
||||
|
||||
# # Make "DokuWiki" owner of configuration files that must be writable
|
||||
# chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak}
|
||||
|
||||
# # Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport
|
||||
# # See https://www.dokuwiki.org/devel:preload
|
||||
# chown $app:root $final_path/inc/preload.php
|
||||
|
||||
# # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them
|
||||
# # There are only files in the folder and there are no sublevels. No need to use "find"
|
||||
# chmod -R a+r $final_path/{conf,inc}
|
||||
|
||||
# # Give write access to "data" and subfolders
|
||||
# chown -R $app:root $final_path/data
|
||||
# # Remove access to "other"
|
||||
# chmod -R o-rwx $final_path/data
|
||||
|
||||
# # Allow the web admin panel to run, aka "Extension Manager"
|
||||
# chown -R $app:root $final_path/lib/plugins
|
||||
# # Allow to install templates
|
||||
# chown -R $app:root $final_path/lib/tpl
|
||||
|
||||
# # Allow access to public assets like style sheets
|
||||
# find $final_path/lib -type f -print0 | xargs -0 chmod 0644
|
||||
# find $final_path/lib -type d -print0 | xargs -0 chmod 0755
|
||||
# # Using "find" instead of "chmod -R 755" so files does not become executable too
|
||||
# # chmod : -rwxr-xr-x 1 root root 241 May 3 08:36 index.html => BAD
|
||||
# # find : -rw-r--r-- 1 1001 1002 241 May 3 08:36 index.html => GOOD
|
||||
|
||||
#=================================================
|
||||
# SETUP FAIL2BAN
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# UPGRADE FAIL2BAN
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=7
|
||||
|
||||
# Create a dedicated Fail2Ban config
|
||||
ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-error.log" --failregex="^.*authentication failure. while reading response header from upstream, client: <HOST>,.*POST $path_url.*$" --max_retry=5
|
||||
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reloading NGINX web server..."
|
||||
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
|
||||
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
|
|
Loading…
Add table
Reference in a new issue