diff --git a/conf/nginx.conf b/conf/nginx.conf index bf97a0d..53cc3d9 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -19,6 +19,7 @@ location ^~ YNH_WWW_PATH { fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTP_PROXY ""; # Fix for https://httpoxy.org/ vulnerability fastcgi_index index.php; + fastcgi_read_timeout 600; } location ~* \.html$ { diff --git a/conf/nginx_root.conf b/conf/nginx_root.conf new file mode 100644 index 0000000..15ab619 --- /dev/null +++ b/conf/nginx_root.conf @@ -0,0 +1,60 @@ +root /var/www/YNH_WWW_APP; +location ^~ / { + try_files $uri $uri/ /index.php?$query_string; + index /index.php; + + location / { try_files $uri $uri/ /index.php?$query_string; } + location /api { try_files $uri $uri/ /api.php?$query_string; } + location /admin { try_files $uri $uri/ /admin.php?$query_string; } + + location /flarum { + deny all; + return 404; + } + + location ~* \.php$ { + fastcgi_split_path_info ^(.+.php)(/.+)$; + fastcgi_pass unix:/var/run/php5-fpm-YNH_WWW_APP.sock; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTP_PROXY ""; # Fix for https://httpoxy.org/ vulnerability + fastcgi_index index.php; + fastcgi_read_timeout 600; + } + + location ~* \.html$ { + expires -1; + } + + location ~* \.(css|js|gif|jpe?g|png)$ { + expires 1M; + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + gzip on; + gzip_http_version 1.1; + gzip_vary on; + gzip_comp_level 6; + gzip_proxied any; + gzip_types application/atom+xml + application/javascript + application/json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/svg+xml + image/x-icon + text/css + text/plain + text/xml; + gzip_buffers 16 8k; + gzip_disable "MSIE [1-6]\.(?!.*SV1)"; + + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; +} diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 2061166..7865008 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -159,7 +159,7 @@ ping.path = /ping ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_terminate_timeout = 120s +request_terminate_timeout = 600s ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. @@ -244,8 +244,8 @@ catch_workers_output = yes ;php_value[mail.add_x_header] = Off # Other common parameters -;php_value[max_execution_time] = 600 -;php_value[max_input_time] = 300 +php_value[max_execution_time] = 600 +php_value[max_input_time] = 600 ;php_value[memory_limit] = 256M ;php_value[short_open_tag] = On diff --git a/scripts/install b/scripts/install index 5cf6872..a014b05 100644 --- a/scripts/install +++ b/scripts/install @@ -33,65 +33,70 @@ ynh_app_setting_set "$app" is_public "$is_public" sudo yunohost app checkurl "${domain}${path}" -a "$app" \ || ynh_die "Path not available: ${domain}${path}" +tmp=/tmp/flaruminstall +sudo rm -rf $tmp +sudo mkdir -p $tmp +sudo chown -R www-data:www-data $tmp +sudo chmod -R 755 $tmp ### composer ### -# Install or update composer (https://getcomposer.org) -composerinstall=/tmp/composer-install -if [ -d "$composerinstall" ]; then - sudo rm -rf $composerinstall +if ! type "composer" > /dev/null; then + # Install composer (https://getcomposer.org) + EXPECTED_SIGNATURE=$(wget https://composer.github.io/installer.sig -O - -q) + sudo su - www-data -s /bin/bash -c "php -r \"copy('https://getcomposer.org/installer', '$tmp/composer-setup.php');\"" + ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', '$tmp/composer-setup.php');") + if [ "$EXPECTED_SIGNATURE" = "$ACTUAL_SIGNATURE" ] + then + sudo mkdir /var/www/.composer + sudo chown -R www-data:www-data /var/www/.composer + sudo chmod -R 755 /var/www/.composer + sudo su - www-data -s /bin/bash -c "php $tmp/composer-setup.php --install-dir=$tmp --filename=composer" + sudo mv $tmp/composer /usr/local/bin + sudo chown root:root /usr/local/bin/composer + RESULT=$? + else + >&2 echo 'ERROR: Invalid installer signature' + RESULT=1 + fi + if [ $RESULT != 0 ] + then + sudo rm -rf $final_path + exit $RESULT + fi fi -sudo mkdir $composerinstall -EXPECTED_SIGNATURE=$(wget https://composer.github.io/installer.sig -O - -q) -sudo php -r "copy('https://getcomposer.org/installer', '$composerinstall/composer-setup.php');" -ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', '$composerinstall/composer-setup.php');") -if [ "$EXPECTED_SIGNATURE" = "$ACTUAL_SIGNATURE" ] -then - sudo php "$composerinstall/composer-setup.php" --install-dir=/usr/local/bin - RESULT=$? - sudo rm "$composerinstall/composer-setup.php" -else - >&2 echo 'ERROR: Invalid installer signature' - sudo rm "$composerinstall/composer-setup.php" - exit 1 -fi -if [ $RESULT != 0 ] -then - exit $RESULT -fi -sudo rm -rf $composerinstall - + sudo mkdir -p /var/www/.composer + sudo chown -R www-data:www-data /var/www/.composer + sudo chmod -R 755 /var/www/.composer ### composer end ### -sudo mkdir -p $final_path -sudo chown -R www-data:www-data $final_path - ### Install flarum -sudo su - www-data -s /bin/bash -c "composer.phar create-project flarum/flarum "$final_path" --stability=beta" +cwd=$(pwd) +sudo su - www-data -s /bin/bash -c "mkdir -p $tmp/$app && cd $tmp/$app && php -d memory_limit=-1 /usr/local/bin/composer create-project flarum/flarum . --stability=beta" +sudo mkdir $final_path +sudo mv $tmp/$app $final_path/.. +sudo chown -R www-data:www-data $final_path +cd $cwd +sudo rm -rf $tmp -### MySQL (can be removed if not used) ### -# If your app use a MySQL database you can use these lines to bootstrap -# a database, an associated user and save the password in app settings. -# -# # Generate MySQL password and create database +### MySQL ### dbuser=$app dbname=$app dbpass=$(ynh_string_random 15) ynh_app_setting_set "$app" mysqlpwd "$dbpass" ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" -# Install - -# Modify Nginx configuration file and copy it to Nginx conf directory +### Nginx ### +if [ $path = "/" ]; then +nginx_conf=../conf/nginx_root.conf +else nginx_conf=../conf/nginx.conf +fi sed -i "s@YNH_WWW_PATH@$path@g" $nginx_conf sed -i "s@YNH_WWW_ALIAS@$app/@g" $nginx_conf -# If a dedicated php-fpm process is used: -# Don't forget to modify ../conf/nginx.conf accordingly or your app will not work! sed -i "s@YNH_WWW_APP@$app@g" $nginx_conf sudo cp $nginx_conf /etc/nginx/conf.d/$domain.d/$app.conf ### PHP ### -# Modify PHP-FPM pool configuration and copy it to the pool directory sed -i "s@YNH_WWW_APP@$app@g" ../conf/php-fpm.conf sed -i "s@YNH_WWW_ALIAS@$app/@g" ../conf/php-fpm.conf finalphpconf=/etc/php5/fpm/pool.d/$app.conf @@ -99,7 +104,6 @@ sudo cp ../conf/php-fpm.conf $finalphpconf sudo chown root: $finalphpconf sudo chmod 644 $finalphpconf sudo service php5-fpm reload -### PHP end ### # If app is public, add url to SSOWat conf as skipped_uris if [[ $is_public -eq 1 ]]; then @@ -109,5 +113,7 @@ fi # Reload services sudo service nginx reload + +# Tell user the MySQL credentials for post-installation echo "MySQL database user is " $dbuser echo "MySQL database password is " $dbpass diff --git a/scripts/remove b/scripts/remove index b085f87..e073f51 100644 --- a/scripts/remove +++ b/scripts/remove @@ -10,6 +10,7 @@ source /usr/share/yunohost/helpers domain=$(ynh_app_setting_get "$app" domain) # Remove sources +sudo rm -rf /tmp/composerinstall sudo rm -rf /var/www/$app # Remove nginx configuration file