diff --git a/conf/app-frontend.src b/conf/app-frontend.src index 50f94c8..e4bb4d5 100644 --- a/conf/app-frontend.src +++ b/conf/app-frontend.src @@ -1,6 +1,6 @@ -SOURCE_URL=https://code.eliotberriot.com/funkwhale/funkwhale/-/jobs/artifacts/0.17/download?job=build_front -SOURCE_SUM=3578e1c60da578681c4e60a94dde1e18511f2455814c980b24748c87ffb8b4a2 +SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/0.18.2/download?job=build_front +SOURCE_SUM=cec96c574c7de95a94380bde3ab5f26d61b78018821bc012f80ef62caf3b2448 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= \ No newline at end of file +SOURCE_FILENAME= diff --git a/conf/app.src b/conf/app.src index dceef94..dcafd2c 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://code.eliotberriot.com/funkwhale/funkwhale/-/archive/0.17/funkwhale-0.17.tar.bz2 -SOURCE_SUM=100eb3dfa5285eb9886d05dd575251e24cf43525596083b3793e8f80e369db1b +SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/-/archive/0.18.2/funkwhale-0.18.2.tar.bz2 +SOURCE_SUM=a4ae89e7f92ed4d047849ce36db86690d9114ec48226225e7b6db35c1cc1f936 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.bz2 SOURCE_IN_SUBDIR=true diff --git a/conf/env.prod b/conf/env.prod index 950fa59..457c026 100644 --- a/conf/env.prod +++ b/conf/env.prod @@ -40,7 +40,8 @@ FUNKWHALE_API_PORT=__PORT__ # Replace this by the definitive, public domain you will use for # your instance -FUNKWHALE_URL=https://__DOMAIN__ +FUNKWHALE_HOSTNAME=__DOMAIN__ +FUNKWHALE_PROTOCOL=https # Configure email sending using this variale # By default, funkwhale will output emails sent to stdout @@ -86,11 +87,6 @@ MEDIA_ROOT=__FINALPATH__/media # (Ensure this directory actually exists) STATIC_ROOT=__FINALPATH__/code/data/static -# Update it to match the domain that will be used to reach your funkwhale -# instance -# Example: DJANGO_ALLOWED_HOSTS=funkwhale.yourdomain.com -DJANGO_ALLOWED_HOSTS=__DOMAIN__ - # which settings module should django use? # You don't have to touch this unless you really know what you're doing DJANGO_SETTINGS_MODULE=config.settings.production @@ -119,8 +115,8 @@ RAVEN_DSN=https://44332e9fdd3d42879c7d35bf8562c6a4:0062dc16a22b41679cd5765e5342f # MUSIC_DIRECTORY_PATH=/srv/funkwhale/data/music # # MUSIC_DIRECTORY_SERVE_PATH= # stays commented, not needed -MUSIC_DIRECTORY_SERVE_PATH=__FINALPATH__/import MUSIC_DIRECTORY_PATH=__FINALPATH__/import +MUSIC_DIRECTORY_SERVE_PATH=__FINALPATH__/import # LDAP settings # Use the following options to allow authentication on your Funkwhale instance @@ -138,7 +134,8 @@ LDAP_START_TLS=False LDAP_ROOT_DN=ou=users,dc=yunohost,dc=org LDAP_USER_ATTR_MAP={"username":"uid"} -FUNKWHALE_FRONTEND_PATH=/srv/funkwhale/front/dist +FUNKWHALE_FRONTEND_PATH=__FINALPATH__/code/front/dist +FUNKWHALE_SPA_HTML_ROOT=__FINALPATH__/code/front/dist/index.html # Nginx related configuration -NGINX_MAX_BODY_SIZE=30M \ No newline at end of file +NGINX_MAX_BODY_SIZE=100M diff --git a/conf/funkwhale-beat.service b/conf/funkwhale-beat.service index 80a0d33..55fae20 100644 --- a/conf/funkwhale-beat.service +++ b/conf/funkwhale-beat.service @@ -12,15 +12,15 @@ EnvironmentFile=__FINALPATH__/code/config/.env ExecStart=__FINALPATH__/code/virtualenv/bin/celery -A funkwhale_api.taskapp beat \ --loglevel INFO --logfile=/var/log/__APP__/beat.log -NoNewPrivileges=true -PrivateDevices=true -PrivateTmp=true -ProtectHome=true -ProtectSystem=strict -ProtectControlGroups=yes -ProtectKernelModules=yes -ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/ -ReadWritePaths=__FINALPATH__/media __FINALPATH__/import __FINALPATH__/code/api /var/log/__APP__ +#NoNewPrivileges=true +#PrivateDevices=true +#PrivateTmp=true +#ProtectHome=true +#ProtectSystem=strict +#ProtectControlGroups=yes +#ProtectKernelModules=yes +#ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/ +#ReadWritePaths=__FINALPATH__/media __FINALPATH__/import __FINALPATH__/code/api /var/log/__APP__ StandardOutput=syslog StandardError=syslog diff --git a/conf/funkwhale-server.service b/conf/funkwhale-server.service index 9152bc0..a48c1f5 100644 --- a/conf/funkwhale-server.service +++ b/conf/funkwhale-server.service @@ -12,15 +12,15 @@ EnvironmentFile=__FINALPATH__/code/config/.env ExecStart=__FINALPATH__/code/virtualenv/bin/daphne -b ${FUNKWHALE_API_IP} -p ${FUNKWHALE_API_PORT} config.asgi:application --proxy-headers \ --verbosity 1 --access-log=/var/log/__APP__/server.log -NoNewPrivileges=true -PrivateDevices=true -PrivateTmp=true -ProtectHome=true -ProtectSystem=strict -ProtectControlGroups=yes -ProtectKernelModules=yes -ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/ -ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__ +#NoNewPrivileges=true +#PrivateDevices=true +#PrivateTmp=true +#ProtectHome=true +#ProtectSystem=strict +#ProtectControlGroups=yes +#ProtectKernelModules=yes +#ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/ +#ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__ StandardOutput=syslog StandardError=syslog diff --git a/conf/funkwhale-worker.service b/conf/funkwhale-worker.service index f465cdf..c0cefea 100644 --- a/conf/funkwhale-worker.service +++ b/conf/funkwhale-worker.service @@ -12,15 +12,15 @@ EnvironmentFile=__FINALPATH__/code/config/.env ExecStart=__FINALPATH__/code/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO \ --loglevel INFO --logfile=/var/log/__APP__/worker.log -NoNewPrivileges=true -PrivateDevices=true -PrivateTmp=true -ProtectHome=true -ProtectSystem=strict -ProtectControlGroups=yes -ProtectKernelModules=yes -ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/ -ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__ +#NoNewPrivileges=true +#PrivateDevices=true +#PrivateTmp=true +#ProtectHome=true +#ProtectSystem=strict +#ProtectControlGroups=yes +#ProtectKernelModules=yes +#ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/ +#ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__ StandardOutput=syslog StandardError=syslog diff --git a/conf/nginx.conf b/conf/nginx.conf index 291203f..f23364a 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,22 +1,16 @@ + location / { - alias __FINALPATH__/code/front/dist/; - - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - - try_files $uri $uri/ @rewrites; + include __FINALPATH__/code/deploy/funkwhale_proxy.conf; + # this is needed if you have file import via upload enabled + client_max_body_size 100M; + proxy_pass http://127.0.0.1:__PORT__/; } -location @rewrites { - rewrite ^(.+)$ /index.html last; -} - -location /api/ { - include __FINALPATH__/code/deploy/funkwhale_proxy.conf; - # this is needed if you have file import via upload enabled - client_max_body_size 100M; - proxy_pass http://127.0.0.1:__PORT__/api/; +location /front/ { + alias __FINALPATH__/code/front/dist/; + expires 30d; + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } location /federation/ { @@ -24,6 +18,13 @@ location /federation/ { proxy_pass http://127.0.0.1:__PORT__/federation/; } + +location /rest/ { + include __FINALPATH__/code/deploy/funkwhale_proxy.conf; + proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/; +} + + location /.well-known/ { include __FINALPATH__/code/deploy/funkwhale_proxy.conf; proxy_pass http://127.0.0.1:__PORT__/.well-known/; @@ -33,7 +34,7 @@ location /media/ { alias __FINALPATH__/media/; } -location __PATH__/_protected/media/ { +location /_protected/media/ { # this is an internal location that is used to serve # audio files once correct permission / authentication # has been checked on API side @@ -41,56 +42,12 @@ location __PATH__/_protected/media/ { alias __FINALPATH__/media/; } -# Transcoding logic and caching -# TODO: try to enable this -# https://code.eliotberriot.com/funkwhale/funkwhale/blob/0.8/deploy/nginx.conf#L4 -# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache - -location = /transcode-auth { - include __FINALPATH__/code/deploy/funkwhale_proxy.conf; - # needed so we can authenticate transcode requests, but still - # cache the result +location /_protected/music/ { internal; - set $query ''; - # ensure we actually pass the jwt to the underlytin auth url - if ($request_uri ~* "[^\?]+\?(.*)$") { - set $query $1; - } - proxy_pass http://127.0.0.1:__PORT__/api/v1/trackfiles/viewable/?$query; - proxy_pass_request_body off; - proxy_set_header Content-Length ""; + alias __FINALPATH__/import/; } -location /api/v1/trackfiles/transcode/ { - include __FINALPATH__/code/deploy/funkwhale_proxy.conf; - # this block deals with authenticating and caching transcoding - # requests. Caching is heavily recommended as transcoding - # is a CPU intensive process. - auth_request /transcode-auth; - if ($args ~ (.*)jwt=[^&]*(.*)) { - set $cleaned_args $1$2; - } - proxy_cache_key "$scheme$request_method$host$uri$is_args$cleaned_args"; - proxy_cache __NAME__-transcode; - proxy_cache_valid 200 7d; - proxy_ignore_headers "Set-Cookie"; - proxy_hide_header "Set-Cookie"; - add_header X-Cache-Status $upstream_cache_status; - proxy_pass http://127.0.0.1:__PORT__; -} -# end of transcoding logic - location /staticfiles/ { # django static files alias __FINALPATH__/code/data/static/; -} - -location /rest/ { - include __FINALPATH__/code/deploy/funkwhale_proxy.conf; - proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/; -} - -location /_protected/music { - internal; - alias __FINALPATH__/import; } \ No newline at end of file diff --git a/manifest.json b/manifest.json index 7ec8807..0b3182a 100644 --- a/manifest.json +++ b/manifest.json @@ -3,12 +3,12 @@ "id": "funkwhale", "packaging_format": 1, "requirements": { - "yunohost": ">= 3.2.0" + "yunohost": ">= 3.3.0" }, "description": { "en": "A modern, convivial and free music server" }, - "version": "0.17.0~ynh3", + "version": "0.18.2~ynh1", "url": "https://funkwhale.audio", "license": "BSD-3-Clause", "maintainer": { @@ -41,7 +41,7 @@ "name": "admin", "type": "user", "ask": { - "en": "Choose an admin user for Funkwhale?" + "en": "Choose an admin user for Funkwhale" }, "example": "jibec" } diff --git a/scripts/_common.sh b/scripts/_common.sh index b5d7203..f491c5c 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,5 +1,40 @@ #!/bin/bash +# funkwhale needs edits to the domain config file +# this function removes funkwhale specifics +funkwhale_nginx_domain_cleaning() { + local line + local tempFile + local nginxConf + + nginxConf="/etc/nginx/conf.d/$domain.conf" + tempFile="$nginxConf.temp" + + line=$(sed -n '/server /=' "$nginxConf" | head -n 1) + + tail -n +"$line" "$nginxConf" > "$tempFile" + mv "$tempFile" "$nginxConf" +} + +# funkwhale needs edits to the domain config file +# this function adds funkwhale specifics +funkwhale_nginx_domain_configure() { + local tempFile + local nginxConf + + nginxConf="/etc/nginx/conf.d/$domain.conf" + tempFile="$nginxConf.temp" + + echo " +# required for websocket support +map \$http_upgrade \$connection_upgrade { + default upgrade; + '' close; +} +" | cat - "$nginxConf" > "$tempFile" + mv "$tempFile" "$nginxConf" +} + #================================================= # # Redis HELPERS diff --git a/scripts/install b/scripts/install index 3a5edcf..d6be769 100644 --- a/scripts/install +++ b/scripts/install @@ -70,7 +70,7 @@ ynh_app_setting_set "$app" port "$port" #================================================= ynh_install_app_dependencies build-essential curl ffmpeg \ - libjpeg-dev libmagic-dev libpq-dev postgresql python3-dev virtualenv \ + libjpeg-dev libmagic-dev libpq-dev postgresql postgresql-contrib python3-dev virtualenv \ redis-server libldap2-dev libsasl2-dev \ `# add arm support` \ zlib1g-dev libffi-dev libssl-dev @@ -110,17 +110,8 @@ ynh_setup_source "$final_path/code" "app-frontend" # NGINX CONFIGURATION #================================================= -# add proxy_cache and connection_upgrade at the beginning of the domain configuration -echo " - -proxy_cache_path /tmp/$app-transcode levels=1:2 keys_zone=$app-transcode:10m max_size=1g inactive=7d; - -# required for websocket support -map \$http_upgrade \$connection_upgrade { - default upgrade; - '' close; -} -" | cat - "/etc/nginx/conf.d/$domain.conf" > temp && mv temp "/etc/nginx/conf.d/$domain.conf" +# add funkwhale specifics at the beginning of the domain configuration +funkwhale_nginx_domain_configure # Create a dedicated nginx config ynh_add_nginx_config @@ -260,4 +251,4 @@ fi #================================================= systemctl start "$app-server" "$app-worker" "$app-beat" -systemctl reload nginx \ No newline at end of file +systemctl reload nginx diff --git a/scripts/remove b/scripts/remove index 188f246..f136b49 100644 --- a/scripts/remove +++ b/scripts/remove @@ -95,15 +95,11 @@ ynh_secure_remove "/var/log/$app" #================================================= # remove domain specific configuration -tail -n +11 "/etc/nginx/conf.d/$domain.conf" > "/etc/nginx/conf.d/$domain.conf.temp" -mv "/etc/nginx/conf.d/$domain.conf.temp" "/etc/nginx/conf.d/$domain.conf" +funkwhale_nginx_domain_cleaning # Remove the dedicated nginx config ynh_remove_nginx_config -# remove local nginx cache -ynh_secure_remove "/tmp/$app-transcode" - #================================================= # CLOSE A PORT #================================================= diff --git a/scripts/restore b/scripts/restore index 12ccaae..1974bdf 100644 --- a/scripts/restore +++ b/scripts/restore @@ -96,7 +96,7 @@ ynh_system_user_create "$app" #================================================= ynh_install_app_dependencies build-essential curl ffmpeg \ - libjpeg-dev libmagic-dev libpq-dev postgresql python3-dev virtualenv \ + libjpeg-dev libmagic-dev libpq-dev postgresql postgresql-contrib python3-dev virtualenv \ redis-server libldap2-dev libsasl2-dev \ `# add arm support` \ zlib1g-dev libffi-dev libssl-dev @@ -115,18 +115,11 @@ ynh_psql_execute_file_as_root ./db.sql "$db_name" # Restore permissions on app files chown -R "$app": "$final_path" +chmod -R 755 "$final_path/code/front/dist/" mkdir -p "/var/log/$app" chown -R "$app": "/var/log/$app" -#================================================= -# ADVERTISE SERVICE IN ADMIN PANEL -#================================================= - -yunohost service add "$app-server" --log "/var/log/$app/server.log" -yunohost service add "$app-worker" --log "/var/log/$app/worker.log" -yunohost service add "$app-beat" --log "/var/log/$app/beat.log" - #================================================= # RESTORE SYSTEMD #================================================= @@ -141,10 +134,18 @@ systemctl enable "$app-server.service" systemctl enable "$app-worker.service" systemctl restart "$app.target" +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= + +yunohost service add "$app-server" --log "/var/log/$app/server.log" +yunohost service add "$app-worker" --log "/var/log/$app/worker.log" +yunohost service add "$app-beat" --log "/var/log/$app/beat.log" + #================================================= # GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -systemctl reload nginx \ No newline at end of file +systemctl reload nginx diff --git a/scripts/upgrade b/scripts/upgrade index 68c2ce5..aba0c6b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -111,22 +111,11 @@ ynh_setup_source "$final_path/code" "app-frontend" # NGINX CONFIGURATION #================================================= -# change the global configuration # remove domain specific configuration -tail -n +11 "/etc/nginx/conf.d/$domain.conf" > "/etc/nginx/conf.d/$domain.conf.temp" -mv "/etc/nginx/conf.d/$domain.conf.temp" "/etc/nginx/conf.d/$domain.conf" +funkwhale_nginx_domain_cleaning -# add proxy_cache and connection_upgrade at the beginning of the domain configuration -echo " - -proxy_cache_path /tmp/$app-transcode levels=1:2 keys_zone=$app-transcode:10m max_size=1g inactive=7d; - -# required for websocket support -map \$http_upgrade \$connection_upgrade { - default upgrade; - '' close; -} -" | cat - "/etc/nginx/conf.d/$domain.conf" > temp && mv temp "/etc/nginx/conf.d/$domain.conf" +# add funkwhale specifics at the beginning of the domain configuration +funkwhale_nginx_domain_configure # Create a dedicated nginx config ynh_add_nginx_config @@ -143,7 +132,7 @@ ynh_system_user_create "$app" #================================================= ynh_install_app_dependencies build-essential curl ffmpeg \ - libjpeg-dev libmagic-dev libpq-dev postgresql python3-dev virtualenv \ + libjpeg-dev libmagic-dev libpq-dev postgresql postgresql-contrib python3-dev virtualenv \ redis-server libldap2-dev libsasl2-dev \ `# add arm support` \ zlib1g-dev libffi-dev libssl-dev @@ -226,6 +215,10 @@ ynh_replace_string "__FINALPATH__" "$final_path" "$loadfile" # https://docs.funkwhale.audio/upgrading/0.17.html#upgrade-instructions python api/manage.py script migrate_to_user_libraries --no-input + + # Delete pre 0.17 federated tracks [manual action suggested] + # https://dev.funkwhale.audio/funkwhale/funkwhale/tags/0.18 + python api/manage.py script delete_pre_017_federated_uploads --no-input ) #================================================= @@ -287,4 +280,4 @@ ynh_app_setting_set "$app" code_migration 2 # RESTART Funkwhale #================================================= -systemctl restart "$app.target" \ No newline at end of file +systemctl restart "$app.target"