mirror of
https://github.com/YunoHost-Apps/duniter_ynh.git
synced 2024-09-03 18:26:35 +02:00
e862b9e7ed
\# Protect webadmin Modify 'main' permission group to protect the webadmin to the admin Create 'apis' permission publicly accessible to make BMA and WS2P APIs accessible to whole Internet and set --auth_header=false \# Nginx misconfiguration BMA is exposed on port 10901 The webadmin on port 9220 this explains why BMA was not accessible because it was redirected to the webadmin Was probably done to solve following problem with the CI \# Move BMA to /bma and webadmin to root path '/' Move the WebAdmin from '/webadmin' to '/' root path Move BMA from '/' to '/bma/' path In order to have passing access test on the root path with the CI BMA returns a 502 HTTP error since no synchronization have been performed therefore there is nothing to be displayed Cesium and Silkaj support connection to BMA endpoint with a path in \## TODOs in Duniter v1 There is no synchronization possible to duniter_ynh BMA api, since Duniter doesn’t support specifying a path to 'sync' command Can’t define a custom BMAS endpoint with /bma path in The endpoint doesn’t stay, it seems its overwritten by the fact that when specifying port 443, BMAS endpoint get created and overwrites this one ynh_exec_as duniter duniter config --addep "BMAS $domain 443 /bma" This is not as important as having a correct WS2P endpoint defined for inter-node connection Nice to have for BMA endpoint discovery \# Clean Nginx config Define once by moving WS, and SSOwat panel support to the common part Remove /modules path, not really used anymore Replace 127.0.0.1 by localhost
155 lines
5.3 KiB
Bash
155 lines
5.3 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# MANAGE SCRIPT FAILURE
|
|
#=================================================
|
|
|
|
ynh_clean_setup () {
|
|
ynh_clean_check_starting
|
|
}
|
|
# Exit if an error occurs during the execution of the script
|
|
ynh_abort_if_errors
|
|
|
|
#=================================================
|
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
#=================================================
|
|
|
|
domain=$YNH_APP_ARG_DOMAIN
|
|
path_url="/"
|
|
admin=$YNH_APP_ARG_ADMIN
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
architecture=$YNH_ARCH
|
|
|
|
#=================================================
|
|
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
|
#=================================================
|
|
ynh_script_progression --message="Validating installation parameters…"
|
|
|
|
# Register (book) web path
|
|
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
|
|
|
|
#=================================================
|
|
# STORE SETTINGS FROM MANIFEST
|
|
#=================================================
|
|
ynh_script_progression --message="Storing installation settings…"
|
|
|
|
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
|
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
|
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
|
|
|
#=================================================
|
|
# FIND AND OPEN A PORT
|
|
#=================================================
|
|
ynh_script_progression --message="Finding an available port…"
|
|
|
|
# Find an available port
|
|
port=$(ynh_find_port --port=10901)
|
|
ynh_app_setting_set --app=$app --key=port --value=$port
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring system user…"
|
|
|
|
# Create a system user
|
|
datadir=/home/yunohost.app/$app
|
|
ynh_system_user_create --username=$app --home_dir=$datadir --use_shell
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring NGINX web server…"
|
|
|
|
# Create a dedicated NGINX config
|
|
ynh_add_nginx_config
|
|
|
|
#=================================================
|
|
# SPECIFIC SETUP
|
|
#=================================================
|
|
# INSTALL DUNITER
|
|
#=================================================
|
|
ynh_script_progression --message="Installation of Debian package of Duniter…"
|
|
|
|
tempdir="$(mktemp -d)"
|
|
|
|
ynh_setup_source --dest_dir=$tempdir --source_id=$architecture
|
|
ynh_exec_warn_less dpkg -i $tempdir/duniter-server-v1.8.*-linux-*.deb
|
|
|
|
#=================================================
|
|
# CREATE DATA DIRECTORY
|
|
#=================================================
|
|
ynh_script_progression --message="Creating a data directory…"
|
|
|
|
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
|
|
|
|
mkdir -p $datadir
|
|
|
|
chmod 750 "$datadir"
|
|
chmod -R o-rwx "$datadir"
|
|
chown -R $app:www-data "$datadir"
|
|
|
|
#=================================================
|
|
# ADD A CONFIG FILE
|
|
#=================================================
|
|
ynh_script_progression --message="Adding a configuration file…"
|
|
|
|
ynh_exec_as duniter duniter config --bma --ipv4 127.0.0.1 --port $port --remoteh $domain --remotep 443 --noupnp
|
|
ynh_exec_as duniter duniter config --ws2p-host 127.0.0.1 --ws2p-port 20901 --ws2p-remote-host $domain --ws2p-remote-port 443 --ws2p-remote-path "/ws2p" --ws2p-noupnp
|
|
|
|
#=================================================
|
|
# SETUP SYSTEMD
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring a systemd service…"
|
|
|
|
# Create a dedicated systemd config
|
|
ynh_add_systemd_config
|
|
|
|
#=================================================
|
|
# INTEGRATE SERVICE IN YUNOHOST
|
|
#=================================================
|
|
ynh_script_progression --message="Integrating service in YunoHost…"
|
|
|
|
yunohost service add $app
|
|
|
|
#=================================================
|
|
# START SYSTEMD SERVICE
|
|
#=================================================
|
|
ynh_script_progression --message="Starting a systemd service…"
|
|
|
|
# Start a systemd service
|
|
ynh_systemd_action --service_name=$app --action="start" --log_path=systemd
|
|
|
|
#=================================================
|
|
# SETUP SSOWAT
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring permissions…"
|
|
|
|
# Change main group to protect sensitive sub-routes (client, API) to Duniter web admin interface, give access to choosen admin
|
|
ynh_permission_update --permission "main" --add "$admin" --remove "all_users"
|
|
ynh_permission_url --permission "main" --add_url "/webmin"
|
|
|
|
# Create apis permission group to public to allow BMA and WS2P APIs accessible to visitors
|
|
ynh_permission_create --permission "apis" --url "/bma" --additional_urls "/ws2p" --auth_header=false --allowed "visitors"
|
|
|
|
#=================================================
|
|
# RELOAD NGINX
|
|
#=================================================
|
|
ynh_script_progression --message="Reloading NGINX web server…"
|
|
|
|
ynh_systemd_action --service_name=nginx --action=reload
|
|
|
|
#=================================================
|
|
# END OF SCRIPT
|
|
#=================================================
|
|
|
|
ynh_script_progression --message="Installation of $app completed"
|