From 4bc868c1f865d7833a6cd840b3791899b15f1be0 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Mon, 12 Feb 2018 21:53:49 +0100 Subject: [PATCH] Refactoring and helpers Insprided by @frju365 refactoring proposals --- conf/nginx.conf | 8 ++--- conf/php-fpm.conf | 10 +++--- scripts/install | 92 +++++++++++++++++++++++++++-------------------- scripts/remove | 79 ++++++++++++++++++++++++++++------------ 4 files changed, 119 insertions(+), 70 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 4ac3161..50212a4 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,14 +1,14 @@ -location ^~ YNH_WWW_PATH { +location ^~ __PATH__ { if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } - alias YNH_WWW_FINALPATH/; + alias __FINALPATH__/; try_files $uri $uri/ /index.php?$query_string; index YNH_WWW_ROOTPATH/index.php; - # These weird try_files ... see http://stackoverflow.com/a/35102259 + # Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 ) location YNH_WWW_ROOTPATH/ { try_files $uri $uri/ YNH_WWW_ROOTAPP/index.php?$query_string; } location YNH_WWW_ROOTPATH/api { try_files $uri $uri/ YNH_WWW_ROOTAPP/api.php?$query_string; } location YNH_WWW_ROOTPATH/admin { try_files $uri $uri/ YNH_WWW_ROOTAPP/admin.php?$query_string; } @@ -20,7 +20,7 @@ location ^~ YNH_WWW_PATH { location ~* \.php$ { fastcgi_split_path_info ^(.+.php)(/.+)$; - fastcgi_pass unix:/var/run/php5-fpm-YNH_WWW_APP.sock; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param HTTP_PROXY ""; # Fix for https://httpoxy.org/ vulnerability diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index b2769e7..eb22ecc 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,7 +1,7 @@ ; Start a new pool named 'www'. ; the variable $pool can we used in any directive and will be replaced by the ; pool name ('www' here) -[YNH_WWW_APP] +[__USER__] ; Per pool prefix ; It only applies on the following directives: @@ -24,7 +24,7 @@ ; specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-YNH_WWW_APP.sock +listen = /var/run/php5-fpm-__USER__.sock ; Set listen(2) backlog. A value of '-1' means unlimited. ; Default Value: 128 (-1 on FreeBSD and OpenBSD) @@ -170,7 +170,7 @@ request_slowlog_timeout = 5s ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/YNH_WWW_APP.slow.log +slowlog = /var/log/nginx/__USER__.slow.log ; Set open file descriptor rlimit. ; Default Value: system defined value @@ -195,7 +195,7 @@ rlimit_core = 0 ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot -chdir = YNH_WWW_ALIAS +chdir = __FINALPATH__ ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. @@ -249,4 +249,4 @@ php_value[max_input_time] = 600 ;php_value[memory_limit] = 256M ;php_value[short_open_tag] = On -env[COMPOSER_HOME]= /opt/YNH_WWW_APP_composer' +env[COMPOSER_HOME]= /opt/__USER___composer' diff --git a/scripts/install b/scripts/install index 2c4d36a..459200d 100644 --- a/scripts/install +++ b/scripts/install @@ -1,12 +1,25 @@ #!/bin/bash -# Load helpers +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + source _common.sh source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#=================================================== +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#=================================================== + # This is a multi-instance app, meaning it can be installed several times independently # The id of the app as stated in the manifest is available as $YNH_APP_ID # The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) @@ -19,9 +32,7 @@ ynh_abort_if_errors # db names, ... app=$YNH_APP_INSTANCE_NAME -#=================================================== -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#=================================================== +# Retrieve arguments domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH @@ -51,13 +62,14 @@ ynh_webpath_register $app $domain $path_url #=================================================== # Save app settings -ynh_app_setting_set $app admin $admin -ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app domain $domain ynh_app_setting_set $app path $path_url +ynh_app_setting_set $app admin $admin +ynh_app_setting_set $app is_public $is_public +ynh_app_setting_set $app final_path $final_path #=================================================== -# CREATE APP USER +# CREATE DEDICATED USER #=================================================== ynh_system_user_create $app "$final_path" @@ -83,8 +95,7 @@ php -r "copy('https://getcomposer.org/installer', '$composer_path/composer-setup ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', '$composer_path/composer-setup.php');") if [ "$EXPECTED_SIGNATURE" = "$ACTUAL_SIGNATURE" ] then - exec_as $app \ - php $composer_path/composer-setup.php --install-dir=$composer_path --filename=composer --quiet + sudo su - $app -s /bin/bash -c "php $composer_path/composer-setup.php --install-dir=$composer_path --filename=composer --quiet" RESULT=$? else >&2 echo 'ERROR: Invalid Composer installer signature' @@ -110,11 +121,7 @@ sudo chown -R $app:www-data $tmp sudo chmod -R 0775 $tmp # Install Flarum -CWD="$(pwd)" -cd $tmp -exec_as $app \ - php -d memory_limit=-1 $composer_path/composer create-project flarum/flarum . "$flarum_version" --stability=beta --ansi -cd $CWD +sudo su - $app -s /bin/bash -c "php -d memory_limit=-1 $composer_path/composer create-project flarum/flarum $tmp $flarum_version --stability=beta --ansi" sudo cp -Rf $tmp/* $final_path sudo chown -R $app:www-data $final_path @@ -134,47 +141,51 @@ ynh_app_setting_set "$app" db_pwd "$db_pwd" # NGINX CONFIGURATION #================================================= -finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf" -sudo cp ../conf/nginx.conf "$finalnginxconf" +# Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 ) if [ $path_url = "/" ]; then - sed -i "s@YNH_WWW_ROOTPATH@@g" $finalnginxconf - sed -i "s@YNH_WWW_ROOTAPP@/@g" $finalnginxconf + sed -i "s@YNH_WWW_ROOTPATH@@g" ../conf/nginx.conf + sed -i "s@YNH_WWW_ROOTAPP@/@g" ../conf/nginx.conf else - sed -i "s@YNH_WWW_ROOTPATH@$path_url@g" $finalnginxconf - sed -i "s@YNH_WWW_ROOTAPP@$path_url$path_url@g" $finalnginxconf + sed -i "s@YNH_WWW_ROOTPATH@$path_url@g" ../conf/nginx.conf + sed -i "s@YNH_WWW_ROOTAPP@$path_url$path_url@g" ../conf/nginx.conf fi -sed -i "s@YNH_WWW_PATH@$path_url@g" $finalnginxconf -sed -i "s@YNH_WWW_FINALPATH@$final_path@g" $finalnginxconf -sed -i "s@YNH_WWW_APP@$app@g" $finalnginxconf +# Create a dedicated nginx config +ynh_add_nginx_config #================================================= # PHP-FPM CONFIGURATION #================================================= -finalphpconf=/etc/php5/fpm/pool.d/$app.conf -sudo cp ../conf/php-fpm.conf $finalphpconf -sed -i "s@YNH_WWW_APP@$app@g" $finalphpconf -sed -i "s@YNH_WWW_ALIAS@$final_path@g" $finalphpconf -sudo chown root: $finalphpconf -sudo chmod 644 $finalphpconf -sudo service php5-fpm reload +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SETUP LOGROTATE +#================================================= + +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate #================================================= # SETUP SSOWAT #================================================= -# If app is public, add url to SSOWat conf as skipped_uris -if [[ $is_public -eq 1 ]]; then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set "$app" unprotected_uris "/" +if [ $is_public -eq 0 ] +then # Remove the public access + ynh_app_setting_delete $app skipped_uris +fi +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set $app unprotected_uris "/" fi - ynh_app_setting_set "$app" skipped_uris "/api" -# Reload services -service nginx reload +#================================================= +# RELOAD NGINX +#================================================= -# Install the SSOwat auth extension -#sudo su - www-data -s /bin/bash -c "cd $final_path && php -d memory_limit=-1 $composer_path/composer require 'tituspijean/flarum-ext-auth-ssowat:*@dev'" +systemctl reload nginx #================================================= # FLARUM POST-INSTALL @@ -206,6 +217,9 @@ ynh_mysql_execute_as_root "$apitablesql" $db_name ynh_mysql_execute_as_root "$rootsql" $db_name ynh_app_setting_set "$app" root_token "$roottoken" +# Install the SSOwat auth extension +#sudo su - www-data -s /bin/bash -c "cd $final_path && /opt/flarum_composer/composer require 'tituspijean/flarum-ext-auth-ssowat:*@dev'" + # Configure SSOwat auth extension #ssowatdomain=$(