YunoHost-Apps/freshrss_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/freshrss_ynh.git synced 2024-09-03 18:36:33 +02:00
Code Issues Activity Actions

Fail2ban (#171)

Browse source 
* fix SC2086 linter alerts

* tidying up

* add fail2ban

* add fail2ban

* fix install: "Have not found any log file for freshrss jail"

* sigh I'm dumdum... / fix touch path while installing fail2ban

* while upgrading, create the logfile for fail2ban if it doesn't exist

* reduce warns that freshrss returns and which may worry users
This commit is contained in:
OniriCorpe 2023-11-01 16:57:59 +01:00 committed by GitHub
parent 3a60dd3b2d
commit 8d51003b97
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 149 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
scripts/backup
View file

@ -41,6 +41,13 @@ ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
ynh_backup --src_path="/etc/logrotate.d/$app"
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
#=================================================
# BACKUP VARIOUS FILES
#=================================================

2
scripts/change_url
View file

@ -25,7 +25,7 @@ ynh_change_url_nginx_config
#=================================================
ynh_script_progression --message="Upgrading FreshRSS..." --weight=1
ynh_exec_as $app $install_dir/cli/reconfigure.php --auth_type http_auth --environment production --base_url https://$new_domain$new_path --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name
ynh_exec_warn_less ynh_exec_as "$app" "$install_dir/cli/reconfigure.php" --auth_type http_auth --environment production --base_url "https://$new_domain$new_path" --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user "$db_name" --db-password "$db_pwd" --db-base "$db_name"
#=================================================
# END OF SCRIPT

29
scripts/install
View file

@ -18,7 +18,7 @@ ynh_script_progression --message="Setting up source files..." --weight=1
ynh_setup_source --dest_dir="$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
chown -R "$app":www-data "$install_dir"
#=================================================
# SYSTEM CONFIGURATION
@ -36,11 +36,30 @@ chown root: "/etc/cron.d/$app"
chmod 644 "/etc/cron.d/$app"
log_path="/var/log/$app"
mkdir -p $log_path
chown $app:www-data $log_path
mkdir -p "$log_path"
chown "$app":www-data "$log_path"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=1
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Upgrading fail2ban configuration..."
# Create the logfile, required before configuring fail2ban
touch "/var/log/${domain}-access.log"
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/${domain}-access.log" --failregex="<HOST> .* \"GET /api/.*\" 401" --max_retry=5
#=================================================
# SPECIFIC SETUP
#=================================================
@ -48,12 +67,12 @@ ynh_use_logrotate
#=================================================
ynh_script_progression --message="FreshRSS setup..." --weight=1
ynh_exec_as $app $install_dir/cli/do-install.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name
ynh_exec_warn_less ynh_exec_as "$app" "$install_dir/cli/do-install.php" --default_user "$admin" --auth_type http_auth --environment production --base_url "https://$domain$path" --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user "$db_name" --db-password "$db_pwd" --db-base "$db_name"
for myuser in $(ynh_user_list)
do
user_token=$(ynh_string_random)
ynh_exec_as $app $install_dir/cli/create-user.php --user $myuser --language $language --token $user_token
ynh_exec_as "$app" "$install_dir/cli/create-user.php" --user "$myuser" --language "$language" --token "$user_token"
done
#=================================================

36
scripts/remove
View file

@ -16,18 +16,54 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE PHP CONFIGURATION
#=================================================
ynh_script_progression --message="Removing PHP configuration..." --weight=1
# Remove the dedicated PHP-FPM config
ynh_remove_fpm_config
#=================================================
# REMOVE CRON CONFIGURATION
#=================================================
ynh_script_progression --message="Removing Cron configuration..." --weight=1
# Remove a cron file
ynh_secure_remove --file="/etc/cron.d/$app"
#=================================================
# REMOVE LOG FILES
#=================================================
ynh_script_progression --message="Removing log files..." --weight=1
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..." --weight=1
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Removing fail2ban configuration..." --weight=1
ynh_remove_fail2ban_config
#=================================================
# END OF SCRIPT
#=================================================

39
scripts/restore
View file

@ -18,14 +18,14 @@ ynh_script_progression --message="Restoring the app main directory..." --weight=
ynh_restore_file --origin_path="$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
chown -R "$app":www-data "$install_dir"
#=================================================
# RESTORE THE MYSQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the MySQL database..." --weight=1
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" < ./db.sql
#=================================================
# RESTORE SYSTEM CONFIGURATIONS
@ -36,15 +36,44 @@ ynh_script_progression --message="Restoring system configurations related to $ap
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the NGINX configuration..." --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE THE CRON CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the Cron configuration..." --weight=1
ynh_restore_file --origin_path="/etc/cron.d/$app"
#=================================================
# RESTORE THE LOG FILES
#=================================================
ynh_script_progression --message="Restoring the log files..." --weight=1
log_path="/var/log/$app"
mkdir -p $log_path
chown $app:www-data $log_path
mkdir -p "$log_path"
chown "$app":www-data "$log_path"
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# RESTORE THE FAIL2BAN CONFIGURATION
#=================================================
ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
ynh_systemd_action --action=restart --service_name=fail2ban
#=================================================
# GENERIC FINALIZATION
#=================================================
@ -52,7 +81,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1
ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
ynh_systemd_action --service_name="php$phpversion-fpm" --action=reload
ynh_systemd_action --service_name=nginx --action=reload
#=================================================

56
scripts/upgrade
View file

@ -23,12 +23,12 @@ upgrade_type=$(ynh_check_app_version_changed)
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
if [ -z "$admin" ]; then
admin=$(ynh_app_setting_get --app=$app --key=admin_user)
if [ -z $admin ]; then
admin=$(ynh_app_setting_get --app="$app" --key=admin_user)
if [ -z "$admin" ]; then
ynh_die --message="no admin user found"
fi;
ynh_app_setting_delete --app=$app --key=admin_user
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_delete --app="$app" --key=admin_user
ynh_app_setting_set --app="$app" --key=admin --value="$admin"
fi
#=================================================
@ -44,37 +44,75 @@ then
fi
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
chown -R "$app":www-data "$install_dir"
#=================================================
# REAPPLY SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1
#=================================================
# PHP CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading PHP configuration..."
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# CRON CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading Cron configuration..."
ynh_add_config --template="../conf/freshrss.cron" --destination="/etc/cron.d/$app"
chown root: "/etc/cron.d/$app"
chmod 644 "/etc/cron.d/$app"
#=================================================
# LOG FILES
#=================================================
if [ -f /tmp/FreshRSS.log ]; then
ynh_secure_remove --file="/tmp/FreshRSS.log"
fi
if [ -f $install_dir/$app.log ]; then
if [ -f "$install_dir/$app.log" ]; then
ynh_secure_remove --file="/var/www/$app/$app.log"
fi
log_path="/var/log/$app"
mkdir -p $log_path
chown $app:www-data "$log_path"
mkdir -p "$log_path"
chown "$app":www-data "$log_path"
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..."
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Upgrading fail2ban configuration..."
# If it doesn't exist, create the logfile, required before configuring fail2ban
if [ ! -f "/var/log/${domain}-access.log" ]; then
touch "/var/log/${domain}-access.log"
fi
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/${domain}-access.log" --failregex="<HOST> .* \"GET /api/.*\" 401" --max_retry=5
#=================================================
# SPECIFIC UPGRADE
#=================================================
@ -83,7 +121,7 @@ ynh_use_logrotate --non-append
ynh_script_progression --message="Upgrading FreshRSS..." --weight=1
# reconfigure application with latest parameters
ynh_exec_as $app $install_dir/cli/reconfigure.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name
ynh_exec_warn_less ynh_exec_as "$app" "$install_dir/cli/reconfigure.php" --default_user "$admin" --auth_type http_auth --environment production --base_url "https://$domain$path" --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user "$db_name" --db-password "$db_pwd" --db-base "$db_name"
#=================================================
# END OF SCRIPT