diff --git a/conf/nginx.conf b/conf/nginx.conf index 4ac3161..50212a4 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,14 +1,14 @@ -location ^~ YNH_WWW_PATH { +location ^~ __PATH__ { if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } - alias YNH_WWW_FINALPATH/; + alias __FINALPATH__/; try_files $uri $uri/ /index.php?$query_string; index YNH_WWW_ROOTPATH/index.php; - # These weird try_files ... see http://stackoverflow.com/a/35102259 + # Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 ) location YNH_WWW_ROOTPATH/ { try_files $uri $uri/ YNH_WWW_ROOTAPP/index.php?$query_string; } location YNH_WWW_ROOTPATH/api { try_files $uri $uri/ YNH_WWW_ROOTAPP/api.php?$query_string; } location YNH_WWW_ROOTPATH/admin { try_files $uri $uri/ YNH_WWW_ROOTAPP/admin.php?$query_string; } @@ -20,7 +20,7 @@ location ^~ YNH_WWW_PATH { location ~* \.php$ { fastcgi_split_path_info ^(.+.php)(/.+)$; - fastcgi_pass unix:/var/run/php5-fpm-YNH_WWW_APP.sock; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param HTTP_PROXY ""; # Fix for https://httpoxy.org/ vulnerability diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index b2769e7..eb22ecc 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,7 +1,7 @@ ; Start a new pool named 'www'. ; the variable $pool can we used in any directive and will be replaced by the ; pool name ('www' here) -[YNH_WWW_APP] +[__USER__] ; Per pool prefix ; It only applies on the following directives: @@ -24,7 +24,7 @@ ; specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-YNH_WWW_APP.sock +listen = /var/run/php5-fpm-__USER__.sock ; Set listen(2) backlog. A value of '-1' means unlimited. ; Default Value: 128 (-1 on FreeBSD and OpenBSD) @@ -170,7 +170,7 @@ request_slowlog_timeout = 5s ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/YNH_WWW_APP.slow.log +slowlog = /var/log/nginx/__USER__.slow.log ; Set open file descriptor rlimit. ; Default Value: system defined value @@ -195,7 +195,7 @@ rlimit_core = 0 ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot -chdir = YNH_WWW_ALIAS +chdir = __FINALPATH__ ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. @@ -249,4 +249,4 @@ php_value[max_input_time] = 600 ;php_value[memory_limit] = 256M ;php_value[short_open_tag] = On -env[COMPOSER_HOME]= /opt/YNH_WWW_APP_composer' +env[COMPOSER_HOME]= /opt/__USER___composer' diff --git a/scripts/install b/scripts/install index 2c4d36a..459200d 100644 --- a/scripts/install +++ b/scripts/install @@ -1,12 +1,25 @@ #!/bin/bash -# Load helpers +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + source _common.sh source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#=================================================== +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#=================================================== + # This is a multi-instance app, meaning it can be installed several times independently # The id of the app as stated in the manifest is available as $YNH_APP_ID # The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) @@ -19,9 +32,7 @@ ynh_abort_if_errors # db names, ... app=$YNH_APP_INSTANCE_NAME -#=================================================== -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#=================================================== +# Retrieve arguments domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH @@ -51,13 +62,14 @@ ynh_webpath_register $app $domain $path_url #=================================================== # Save app settings -ynh_app_setting_set $app admin $admin -ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app domain $domain ynh_app_setting_set $app path $path_url +ynh_app_setting_set $app admin $admin +ynh_app_setting_set $app is_public $is_public +ynh_app_setting_set $app final_path $final_path #=================================================== -# CREATE APP USER +# CREATE DEDICATED USER #=================================================== ynh_system_user_create $app "$final_path" @@ -83,8 +95,7 @@ php -r "copy('https://getcomposer.org/installer', '$composer_path/composer-setup ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', '$composer_path/composer-setup.php');") if [ "$EXPECTED_SIGNATURE" = "$ACTUAL_SIGNATURE" ] then - exec_as $app \ - php $composer_path/composer-setup.php --install-dir=$composer_path --filename=composer --quiet + sudo su - $app -s /bin/bash -c "php $composer_path/composer-setup.php --install-dir=$composer_path --filename=composer --quiet" RESULT=$? else >&2 echo 'ERROR: Invalid Composer installer signature' @@ -110,11 +121,7 @@ sudo chown -R $app:www-data $tmp sudo chmod -R 0775 $tmp # Install Flarum -CWD="$(pwd)" -cd $tmp -exec_as $app \ - php -d memory_limit=-1 $composer_path/composer create-project flarum/flarum . "$flarum_version" --stability=beta --ansi -cd $CWD +sudo su - $app -s /bin/bash -c "php -d memory_limit=-1 $composer_path/composer create-project flarum/flarum $tmp $flarum_version --stability=beta --ansi" sudo cp -Rf $tmp/* $final_path sudo chown -R $app:www-data $final_path @@ -134,47 +141,51 @@ ynh_app_setting_set "$app" db_pwd "$db_pwd" # NGINX CONFIGURATION #================================================= -finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf" -sudo cp ../conf/nginx.conf "$finalnginxconf" +# Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 ) if [ $path_url = "/" ]; then - sed -i "s@YNH_WWW_ROOTPATH@@g" $finalnginxconf - sed -i "s@YNH_WWW_ROOTAPP@/@g" $finalnginxconf + sed -i "s@YNH_WWW_ROOTPATH@@g" ../conf/nginx.conf + sed -i "s@YNH_WWW_ROOTAPP@/@g" ../conf/nginx.conf else - sed -i "s@YNH_WWW_ROOTPATH@$path_url@g" $finalnginxconf - sed -i "s@YNH_WWW_ROOTAPP@$path_url$path_url@g" $finalnginxconf + sed -i "s@YNH_WWW_ROOTPATH@$path_url@g" ../conf/nginx.conf + sed -i "s@YNH_WWW_ROOTAPP@$path_url$path_url@g" ../conf/nginx.conf fi -sed -i "s@YNH_WWW_PATH@$path_url@g" $finalnginxconf -sed -i "s@YNH_WWW_FINALPATH@$final_path@g" $finalnginxconf -sed -i "s@YNH_WWW_APP@$app@g" $finalnginxconf +# Create a dedicated nginx config +ynh_add_nginx_config #================================================= # PHP-FPM CONFIGURATION #================================================= -finalphpconf=/etc/php5/fpm/pool.d/$app.conf -sudo cp ../conf/php-fpm.conf $finalphpconf -sed -i "s@YNH_WWW_APP@$app@g" $finalphpconf -sed -i "s@YNH_WWW_ALIAS@$final_path@g" $finalphpconf -sudo chown root: $finalphpconf -sudo chmod 644 $finalphpconf -sudo service php5-fpm reload +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SETUP LOGROTATE +#================================================= + +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate #================================================= # SETUP SSOWAT #================================================= -# If app is public, add url to SSOWat conf as skipped_uris -if [[ $is_public -eq 1 ]]; then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set "$app" unprotected_uris "/" +if [ $is_public -eq 0 ] +then # Remove the public access + ynh_app_setting_delete $app skipped_uris +fi +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set $app unprotected_uris "/" fi - ynh_app_setting_set "$app" skipped_uris "/api" -# Reload services -service nginx reload +#================================================= +# RELOAD NGINX +#================================================= -# Install the SSOwat auth extension -#sudo su - www-data -s /bin/bash -c "cd $final_path && php -d memory_limit=-1 $composer_path/composer require 'tituspijean/flarum-ext-auth-ssowat:*@dev'" +systemctl reload nginx #================================================= # FLARUM POST-INSTALL @@ -206,6 +217,9 @@ ynh_mysql_execute_as_root "$apitablesql" $db_name ynh_mysql_execute_as_root "$rootsql" $db_name ynh_app_setting_set "$app" root_token "$roottoken" +# Install the SSOwat auth extension +#sudo su - www-data -s /bin/bash -c "cd $final_path && /opt/flarum_composer/composer require 'tituspijean/flarum-ext-auth-ssowat:*@dev'" + # Configure SSOwat auth extension #ssowatdomain=$(</etc/yunohost/current_host) #data='{"flarum-ext-auth-ssowat.address": "'$ssowatdomain'","flarum-ext-auth-ssowat.onlyUse": true}' diff --git a/scripts/remove b/scripts/remove index b6d5803..32b8caf 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,33 +1,68 @@ #!/bin/bash -# See comments in install script -app=$YNH_APP_INSTANCE_NAME +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Source YunoHost helpers +source _common.sh source /usr/share/yunohost/helpers -# Retrieve app settings -domain=$(ynh_app_setting_get "$app" domain) +#================================================= +# LOAD SETTINGS +#================================================= -# Delete user -ynh_system_user_delete $app +app=$YNH_APP_INSTANCE_NAME -# Remove sources +domain=$(ynh_app_setting_get $app domain) +db_name=$(ynh_app_setting_get $app db_name) +db_user=$db_name +final_path=$(ynh_app_setting_get $app final_path) + +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= + +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db $db_user $db_name + +#================================================= +# REMOVE APP MAIN DIR +#================================================= + +# Remove the app directory securely +ynh_secure_remove "$final_path" ynh_secure_remove "/tmp/$app" -ynh_secure_remove "/var/www/$app" ynh_secure_remove "/opt/${app}_composer" -# Remove nginx and PHP-FPM files and restart services -ynh_remove_nginx_config -ynh_remove_fpm_config -sudo service nginx reload -sudo service php5-fpm reload +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= + +# Remove the dedicated nginx config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +#================================================= +# REMOVE LOGROTATE CONFIGURATION +#================================================= + +# Remove the app-specific logrotate config +ynh_remove_logrotate + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= + +# Delete a system user +ynh_system_user_delete $app -### MySQL ### -# If a MySQL database is used: -# # Drop MySQL database and user -dbname=$app -dbuser=$app -ynh_mysql_drop_db "$dbname" || true -ynh_mysql_drop_user "$dbuser" || true -### MySQL end ###