YunoHost-Apps/duniter_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/duniter_ynh.git synced 2024-09-03 18:26:35 +02:00
Code Issues Activity Actions

[enh] Change configuration to have HTTPS only

Browse source
This commit is contained in:
Cédric Moreau 2017-02-14 11:22:33 +01:00 committed by cgeek
parent bc48fbbcad
commit 821d2e2c8c
4 changed files with 46 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
conf/nginx.conf
View file

@ -4,7 +4,7 @@ location / {
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-NgninX-Porxy true; proxy_set_header X-NgninX-Porxy true;
proxy_pass http://localhost:9220; proxy_pass http://localhost:YNH_EXAMPLE_PORT;
proxy_redirect off; proxy_redirect off;
# Socket.io support # Socket.io support
@ -12,11 +12,28 @@ location / {
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
location ^~ /api/ { location ~ \.(js|css|woff|woff2|ttf) {
proxy_pass http://YNH_EXAMPLE_DOMAIN:YNH_EXAMPLE_PORT/; proxy_pass http://localhost:9220;
} access_by_lua_file /usr/share/ssowat/access.lua;
}
location /cesium {
proxy_pass http://localhost:9220;
access_by_lua_file /usr/share/ssowat/access.lua;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}
location /webui {
proxy_pass http://localhost:9220/;
access_by_lua_file /usr/share/ssowat/access.lua;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}
location ~ /webmin {
proxy_pass http://localhost:9220$uri;
access_by_lua_file /usr/share/ssowat/access.lua;
}
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
} }

6
manifest.json
View file

@ -35,7 +35,7 @@
"name": "path", "name": "path",
"type": "path", "type": "path",
"ask": { "ask": {
"en": "Path on which install the web admin (installable only on root path)", "en": "Path on which install the web admin (installable only on root path for now)",
"fr": "Chemin sur lequel ajouter ladministration web (installable uniquement à la racine)" "fr": "Chemin sur lequel ajouter ladministration web (installable uniquement à la racine)"
}, },
"example": "/", "example": "/",
@ -66,8 +66,8 @@
"en": "Port of synchronization", "en": "Port of synchronization",
"fr": "Port de synchronisation" "fr": "Port de synchronisation"
}, },
"example": "8999", "example": "10900",
"default": "8999" "default": "10900"
}, },
{ {
"name": "salt", "name": "salt",

14
scripts/functions.sh
View file

@ -10,6 +10,14 @@ wget -nc --quiet $url -P /tmp
deb="/tmp/duniter-server-$version-linux-$arch.deb" deb="/tmp/duniter-server-$version-linux-$arch.deb"
sudo dpkg -i $deb > /dev/null sudo dpkg -i $deb > /dev/null
sudo rm -f $deb sudo rm -f $deb
# Fix https://github.com/duniter/cesium/issues/330
sudo sed -i "s@443===@443==@g" /opt/duniter/sources/node_modules/duniter-ui/public/cesium/dist_js/cesium*
sudo sed -i "s@port === 443@port == 443@g" /opt/duniter/sources/node_modules/duniter-ui/public/cesium/dist_js/cesium*
# Force Cesium to use local instance
sudo sed -i "s@\"host\".*@\"host\": \"$domain\",@" /opt/duniter/sources/node_modules/duniter-ui/public/cesium/config.js
sudo sed -i "s@\"port\".*@\"port\": \"443\"@" /opt/duniter/sources/node_modules/duniter-ui/public/cesium/config.js
} }
CONFIG_SSOWAT_FOR_RESTRICTED_ACCESS () { CONFIG_SSOWAT_FOR_RESTRICTED_ACCESS () {
@ -17,10 +25,10 @@ CONFIG_SSOWAT_FOR_RESTRICTED_ACCESS () {
sudo yunohost app addaccess $app -u $admin sudo yunohost app addaccess $app -u $admin
# Allow only allowed users to access admin panel # Allow only allowed users to access admin panel
ynh_app_setting_set "$app" protected_uris "/" ynh_app_setting_set "$app" protected_uris "/webui","/webmin","/cesium"
# SSOwat Configuration # Duniter is public app, with only some parts restricted in nginx.conf
#ynh_app_setting_set "$app" unprotected_uris "/api/" sudo yunohost app setting $app unprotected_uris -v "/"
} }
CONFIG_NGINX_FOR_WEB_ADMIN () { CONFIG_NGINX_FOR_WEB_ADMIN () {

13
scripts/install
View file

@ -24,7 +24,7 @@ sudo yunohost app checkurl "${domain}${path}" -a "$app" \
# Check path is root # Check path is root
if [[ $path != '/' ]]; then if [[ $path != '/' ]]; then
ynh_die "Web admin can only be installed on root path for now" ynh_die "Duniter can only be installed on root path for now"
fi fi
# Check port availability # Check port availability
@ -52,18 +52,21 @@ if [[ $arch != "x64" && $arch != "armv7l" ]]; then
ynh_die "$arch is not supported." 2 ynh_die "$arch is not supported." 2
fi fi
# Open port on firewall
sudo yunohost firewall allow TCP $port > /dev/null 2>&1
# Store config on YunoHost instance # Store config on YunoHost instance
ynh_app_setting_set $app port $port ynh_app_setting_set $app port $port
ynh_app_setting_set $app arch $arch ynh_app_setting_set $app arch $arch
ynh_app_setting_set "$app" admin "$admin" ynh_app_setting_set "$app" admin "$admin"
# Open port on firewall
sudo yunohost firewall allow TCP $port > /dev/null 2>&1
INSTALL_DUNITER_DEBIAN_PACKAGE INSTALL_DUNITER_DEBIAN_PACKAGE
# Configure Duniter node # Configure Duniter node
sudo $app config --autoconf --remoteh $domain --port $port --remotep $port --salt $salt --passwd $password sudo $app config --ipv4 127.0.0.1 --port $port --remoteh $domain --remotep 443 --noupnp --salt $salt --passwd $password
# Reset Duniter node's existing data (blockchain, not conf)
sudo $app reset data > /dev/null
# Synchronize Duniter node # Synchronize Duniter node
echo "Synchronizing with $sync_node:$sync_port. It may take a while." echo "Synchronizing with $sync_node:$sync_port. It may take a while."