From 5b5451b3845795554b442d2c9202a3115b1c65e3 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 14:03:02 +0100 Subject: [PATCH 01/22] init upgrade to 1.4.0 --- manifest.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest.toml b/manifest.toml index a478ab8..9e5dc8b 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Funkwhale" description.en = "Convivial and modern music server" description.fr = "Serveur de musique moderne et convivial" -version = "1.3.4~ynh1" +version = "1.4.0~ynh1" maintainers = ["Thovi98"] @@ -44,14 +44,14 @@ ram.runtime = "50M" [resources] [resources.sources] [resources.sources.api] - url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.3.4/download?job=build_api" + url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.4.0/download?job=build_api" sha256 = "8a05e3cab5c698cb89a23e1cd8b95c0e0ce2a2bea1580e1ec59364a07a870cd5" in_subdir = true extract = true format = "zip" [resources.sources.front] - url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.3.4/download?job=build_front" + url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.4.0/download?job=build_front" sha256 = "fbf0d25153dd16f9c9a70e6bb2b15238a091a9acb36fc1dc2e2766f761f2a17c" in_subdir = true extract = true From 837ffd87afc0f11b1bcc6dd0514c2111b44bf472 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 13 Dec 2023 13:03:05 +0000 Subject: [PATCH 02/22] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8472a5c..0a8b29a 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Funkwhale is a community-driven project that lets you listen and share music and audio within a decentralized, open network. -**Shipped version:** 1.3.4~ynh1 +**Shipped version:** 1.4.0~ynh1 **Demo:** https://demo.funkwhale.audio diff --git a/README_fr.md b/README_fr.md index 88ba9cc..90cba06 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Funkwhale est un projet communautaire qui vous permet d'écouter et de partager de la musique et de l'audio au sein d'un réseau ouvert et décentralisé. -**Version incluse :** 1.3.4~ynh1 +**Version incluse :** 1.4.0~ynh1 **Démo :** https://demo.funkwhale.audio From 897b959805087158629c08cc110182f04d778cc2 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 14:18:18 +0100 Subject: [PATCH 03/22] Update SHA sum for api --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 9e5dc8b..0e17214 100644 --- a/manifest.toml +++ b/manifest.toml @@ -45,7 +45,7 @@ ram.runtime = "50M" [resources.sources] [resources.sources.api] url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.4.0/download?job=build_api" - sha256 = "8a05e3cab5c698cb89a23e1cd8b95c0e0ce2a2bea1580e1ec59364a07a870cd5" + sha256 = "e1c3d49da0e03545ff96f584d7c437fa333d7836b1a70c54b31ba5db3e1a2ae1" in_subdir = true extract = true format = "zip" From 2184b8797f36d04cd7bb756fce4e87afb98f82f7 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 14:36:16 +0100 Subject: [PATCH 04/22] Update SHA sum for front --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 0e17214..e2e9462 100644 --- a/manifest.toml +++ b/manifest.toml @@ -52,7 +52,7 @@ ram.runtime = "50M" [resources.sources.front] url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.4.0/download?job=build_front" - sha256 = "fbf0d25153dd16f9c9a70e6bb2b15238a091a9acb36fc1dc2e2766f761f2a17c" + sha256 = "d0429566bcc3fa395b9c54b16b939bbc86009c174929910de345db149d3e9d6d" in_subdir = true extract = true format = "zip" From 07a3bb7bcf707335771bdf7702052d9484a6c4a8 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 19:35:20 +0100 Subject: [PATCH 05/22] upgrade nginx --- conf/funkwhale_proxy.conf | 13 ++ conf/nginx.conf | 274 +++++++++++++++++++------------------- scripts/backup | 2 +- scripts/install | 1 + scripts/remove | 1 + scripts/restore | 2 +- scripts/upgrade | 1 + 7 files changed, 158 insertions(+), 136 deletions(-) create mode 100644 conf/funkwhale_proxy.conf diff --git a/conf/funkwhale_proxy.conf b/conf/funkwhale_proxy.conf new file mode 100644 index 0000000..1f091b4 --- /dev/null +++ b/conf/funkwhale_proxy.conf @@ -0,0 +1,13 @@ +# global proxy conf +proxy_set_header Host $host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Forwarded-Host $host:$server_port; +proxy_set_header X-Forwarded-Port $server_port; +proxy_redirect off; + +# websocket support +proxy_http_version 1.1; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection $connection_upgrade; diff --git a/conf/nginx.conf b/conf/nginx.conf index 715112d..9224618 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,144 +1,150 @@ -root __INSTALL_DIR__/front/dist; -location /api/ { + # HSTS + add_header Strict-Transport-Security "max-age=31536000"; - # global proxy conf - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Port $server_port; - proxy_redirect off; + # General configs + root ${FUNKWHALE_FRONTEND_PATH}; + client_max_body_size ${NGINX_MAX_BODY_SIZE}; + charset utf-8; - # websocket support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; + # compression settings + gzip on; + gzip_comp_level 5; + gzip_min_length 256; + gzip_proxied any; + gzip_vary on; + gzip_types + application/javascript + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + text/vcard + text/vnd.rim.location.xloc + text/vtt + text/x-component + text/x-cross-domain-policy; + # end of compression settings - # this is needed if you have file import via upload enabled - client_max_body_size 100M; - proxy_pass http://127.0.0.1:__PORT__; -} + # headers + add_header Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'"; + add_header Referrer-Policy "strict-origin-when-cross-origin"; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header Service-Worker-Allowed "/"; -location / { - alias __INSTALL_DIR__/front/dist/; - expires 1d; - try_files $uri $uri/ /index.html; -} - -location /embed.html { - more_set_headers "Content-Security-Policy: connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; - more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; - - alias __INSTALL_DIR__/front/dist/embed.html; - expires 1d; -} - -location /federation/ { - - # global proxy conf - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Port $server_port; - proxy_redirect off; - - # websocket support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - proxy_pass http://127.0.0.1:__PORT__/federation/; -} - -# You can comment this if you do not plan to use the Subsonic API -location /rest/ { - - # global proxy conf - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Port $server_port; - proxy_redirect off; - - # websocket support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/; -} - -location /.well-known/ { - - # global proxy conf - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-Port $server_port; - proxy_redirect off; - - # websocket support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - proxy_pass http://127.0.0.1:__PORT__; -} - -location /media/__sized__/ { - alias __DATA_DIR__/data/media/__sized__/; - more_set_headers "Access-Control-Allow-Origin: *"; -} - -location /media/attachments/ { - alias __DATA_DIR__/data/media/attachments/; - more_set_headers "Access-Control-Allow-Origin: *"; -} - -# This is an internal location that is used to serve -# media (uploaded) files once correct permission / authentication -# has been checked on API side. -# Comment the "NON-S3" commented lines and uncomment "S3" commented lines -# if you're storing media files in a S3 bucket. -location /_protected/media/ { - internal; - alias __DATA_DIR__/data/media/$1; # NON-S3 -# Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932. -# proxy_set_header Authorization ""; # S3 -# proxy_pass $1; # S3 - more_set_headers "Access-Control-Allow-Origin: *"; + location /api/ { + include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + # This is needed if you have file import via upload enabled. + client_max_body_size ${NGINX_MAX_BODY_SIZE}; + proxy_pass http://127.0.0.1:__PORT__; } -location /_protected/music/ { - # this is an internal location that is used to serve - # audio files once correct permission / authentication - # has been checked on API side - # Set this to the same value as your MUSIC_DIRECTORY_PATH setting - internal; - alias __DATA_DIR__/data/music/; - more_set_headers "Access-Control-Allow-Origin: *"; -} + location ~ ^/library/(albums|tracks|artists|playlists)/ { + include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + proxy_pass http://127.0.0.1:__PORT__; + } -# Allow direct access to /staticfiles -location /staticfiles/ { - alias __DATA_DIR__/data/static/; - more_set_headers "Access-Control-Allow-Origin: *"; -} + location /channels/ { + include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + proxy_pass http://127.0.0.1:__PORT__; + } -# Allow direct access to only specific subdirectories in /media -location /media/dynamic_preferences/ { - alias __DATA_DIR__/data/media/dynamic_preferences/; - more_set_headers "Access-Control-Allow-Origin: *"; -} + location ~ ^/@(vite-plugin-pwa|vite|id)/ { + include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + alias ${FUNKWHALE_FRONTEND_PATH}/; + try_files $uri $uri/ /index.html; + } -location /manifest.json { - return 302 /api/v1/instance/spa-manifest.json; -} + location /@ { + include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + proxy_pass http://127.0.0.1:__PORT__; + } + + location / { + expires 1d; + include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + alias ${FUNKWHALE_FRONTEND_PATH}/; + try_files $uri $uri/ /index.html; + } + + location ~ "/(front/)?embed.html" { + alias ${FUNKWHALE_FRONTEND_PATH}/embed.html; + add_header Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; + add_header Referrer-Policy "strict-origin-when-cross-origin"; + + expires 1d; + } + + location /federation/ { + include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + proxy_pass http://127.0.0.1:__PORT__; + } + + # You can comment this if you do not plan to use the Subsonic API. + location /rest/ { + include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/; + } + + location /.well-known/ { + include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + proxy_pass http://127.0.0.1:__PORT__; + } + + # Allow direct access to only specific subdirectories in /media + location /media/__sized__/ { + alias ${MEDIA_ROOT}/__sized__/; + add_header Access-Control-Allow-Origin '*'; + } + + # Allow direct access to only specific subdirectories in /media + location /media/attachments/ { + alias ${MEDIA_ROOT}/attachments/; + add_header Access-Control-Allow-Origin '*'; + } + + # Allow direct access to only specific subdirectories in /media + location /media/dynamic_preferences/ { + alias ${MEDIA_ROOT}/dynamic_preferences/; + add_header Access-Control-Allow-Origin '*'; + } + + # This is an internal location that is used to serve + # media (uploaded) files once correct permission / authentication + # has been checked on API side. + # Comment the "NON-S3" commented lines and uncomment "S3" commented lines + # if you're storing media files in a S3 bucket. + location ~ /_protected/media/(.+) { + internal; + alias ${MEDIA_ROOT}/$1; # NON-S3 + # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932. +# proxy_set_header Authorization ""; # S3 +# proxy_pass $1; # S3 + add_header Access-Control-Allow-Origin '*'; + } + + location /_protected/music/ { + # This is an internal location that is used to serve + # local music files once correct permission / authentication + # has been checked on API side. + # Set this to the same value as your MUSIC_DIRECTORY_PATH setting. + internal; + alias ${MUSIC_DIRECTORY_PATH}/; + add_header Access-Control-Allow-Origin '*'; + } + + location /manifest.json { + # If the reverse proxy is terminating SSL, nginx gets confused and redirects to http, hence the full URL + return 302 ${FUNKWHALE_PROTOCOL}://${FUNKWHALE_HOSTNAME}/api/v1/instance/spa-manifest.json; + } + + location /staticfiles/ { + alias ${STATIC_ROOT}/; + } \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index 13fa6d1..ed8efd6 100644 --- a/scripts/backup +++ b/scripts/backup @@ -31,7 +31,7 @@ ynh_backup --src_path="$data_dir" --is_big # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d" #================================================= # BACKUP FAIL2BAN CONFIGURATION diff --git a/scripts/install b/scripts/install index e850264..8390cc4 100644 --- a/scripts/install +++ b/scripts/install @@ -33,6 +33,7 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config +ynh_add_config --template="funkwhale_proxy.conf" --destination="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" #================================================= # SPECIFIC SETUP diff --git a/scripts/remove b/scripts/remove index e2c549b..42e9981 100644 --- a/scripts/remove +++ b/scripts/remove @@ -57,6 +57,7 @@ ynh_script_progression --message="Removing NGINX web server configuration..." -- # Remove the dedicated NGINX config ynh_remove_nginx_config +ynh_secure_remove --file="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" #================================================= # REMOVE LOGS diff --git a/scripts/restore b/scripts/restore index a92c9cd..af8f55a 100644 --- a/scripts/restore +++ b/scripts/restore @@ -39,7 +39,7 @@ chown -R $app:www-data "$data_dir/" #================================================= ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d" #================================================= # RESTORE THE POSTGRESQL DATABASE diff --git a/scripts/upgrade b/scripts/upgrade index cd7eb2d..d233229 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -50,6 +50,7 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config +ynh_add_config --template="funkwhale_proxy.conf" --destination="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" #================================================= # Assure correct permissions to $data_dir From bdd2baf3eec46d22dbea9a1d5c0fb5b42e624c3b Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 19:51:14 +0100 Subject: [PATCH 06/22] fix nginx --- conf/nginx.conf | 50 ++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 9224618..1ef4c7b 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,10 +1,10 @@ # HSTS - add_header Strict-Transport-Security "max-age=31536000"; + more_set_headers Strict-Transport-Security "max-age=31536000"; # General configs - root ${FUNKWHALE_FRONTEND_PATH}; - client_max_body_size ${NGINX_MAX_BODY_SIZE}; + root __INSTALL_DIR__/front/dist; + client_max_body_size 100M; charset utf-8; # compression settings @@ -34,15 +34,15 @@ # end of compression settings # headers - add_header Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'"; - add_header Referrer-Policy "strict-origin-when-cross-origin"; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header Service-Worker-Allowed "/"; + more_set_headers Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'"; + more_set_headers Referrer-Policy "strict-origin-when-cross-origin"; + more_set_headers X-Frame-Options "SAMEORIGIN" always; + more_set_headers Service-Worker-Allowed "/"; location /api/ { include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; # This is needed if you have file import via upload enabled. - client_max_body_size ${NGINX_MAX_BODY_SIZE}; + client_max_body_size 100M; proxy_pass http://127.0.0.1:__PORT__; } @@ -58,7 +58,7 @@ location ~ ^/@(vite-plugin-pwa|vite|id)/ { include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; - alias ${FUNKWHALE_FRONTEND_PATH}/; + alias __INSTALL_DIR__/front/dist/; try_files $uri $uri/ /index.html; } @@ -70,14 +70,14 @@ location / { expires 1d; include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; - alias ${FUNKWHALE_FRONTEND_PATH}/; + alias __INSTALL_DIR__/front/dist/; try_files $uri $uri/ /index.html; } location ~ "/(front/)?embed.html" { - alias ${FUNKWHALE_FRONTEND_PATH}/embed.html; - add_header Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; - add_header Referrer-Policy "strict-origin-when-cross-origin"; + alias __INSTALL_DIR__/front/dist/;embed.html; + more_set_headers Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; + more_set_headers Referrer-Policy "strict-origin-when-cross-origin"; expires 1d; } @@ -100,20 +100,20 @@ # Allow direct access to only specific subdirectories in /media location /media/__sized__/ { - alias ${MEDIA_ROOT}/__sized__/; - add_header Access-Control-Allow-Origin '*'; + alias __DATA_DIR__/data/media/__sized__/; + more_set_headers "Access-Control-Allow-Origin: *"; } # Allow direct access to only specific subdirectories in /media location /media/attachments/ { - alias ${MEDIA_ROOT}/attachments/; - add_header Access-Control-Allow-Origin '*'; + alias __DATA_DIR__/data/media/attachments/; + more_set_headers "Access-Control-Allow-Origin: *"; } # Allow direct access to only specific subdirectories in /media location /media/dynamic_preferences/ { - alias ${MEDIA_ROOT}/dynamic_preferences/; - add_header Access-Control-Allow-Origin '*'; + alias __DATA_DIR__/data/media/dynamic_preferences/; + more_set_headers "Access-Control-Allow-Origin: *"; } # This is an internal location that is used to serve @@ -123,11 +123,11 @@ # if you're storing media files in a S3 bucket. location ~ /_protected/media/(.+) { internal; - alias ${MEDIA_ROOT}/$1; # NON-S3 + alias __DATA_DIR__/data/media/$1; # NON-S3 # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932. # proxy_set_header Authorization ""; # S3 # proxy_pass $1; # S3 - add_header Access-Control-Allow-Origin '*'; + more_set_headers "Access-Control-Allow-Origin: *"; } location /_protected/music/ { @@ -136,15 +136,15 @@ # has been checked on API side. # Set this to the same value as your MUSIC_DIRECTORY_PATH setting. internal; - alias ${MUSIC_DIRECTORY_PATH}/; - add_header Access-Control-Allow-Origin '*'; + alias __DATA_DIR__/data/music/; + more_set_headers "Access-Control-Allow-Origin: *"; } location /manifest.json { # If the reverse proxy is terminating SSL, nginx gets confused and redirects to http, hence the full URL - return 302 ${FUNKWHALE_PROTOCOL}://${FUNKWHALE_HOSTNAME}/api/v1/instance/spa-manifest.json; + return 302 https://__DOMAIN__/api/v1/instance/spa-manifest.json; } location /staticfiles/ { - alias ${STATIC_ROOT}/; + alias __DATA_DIR__/data/static/; } \ No newline at end of file From 33da504a8125e8c0c593f9231ffde8281f0e8c09 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 19:58:39 +0100 Subject: [PATCH 07/22] fix nginx one more time --- conf/nginx.conf | 31 ++----------------------------- 1 file changed, 2 insertions(+), 29 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 1ef4c7b..15ff97a 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -7,37 +7,10 @@ client_max_body_size 100M; charset utf-8; - # compression settings - gzip on; - gzip_comp_level 5; - gzip_min_length 256; - gzip_proxied any; - gzip_vary on; - gzip_types - application/javascript - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy; - # end of compression settings - # headers more_set_headers Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'"; more_set_headers Referrer-Policy "strict-origin-when-cross-origin"; more_set_headers X-Frame-Options "SAMEORIGIN" always; - more_set_headers Service-Worker-Allowed "/"; location /api/ { include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; @@ -74,7 +47,7 @@ try_files $uri $uri/ /index.html; } - location ~ "/(front/)?embed.html" { + location ~ "/(front/)?embed.html/" { alias __INSTALL_DIR__/front/dist/;embed.html; more_set_headers Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; more_set_headers Referrer-Policy "strict-origin-when-cross-origin"; @@ -121,7 +94,7 @@ # has been checked on API side. # Comment the "NON-S3" commented lines and uncomment "S3" commented lines # if you're storing media files in a S3 bucket. - location ~ /_protected/media/(.+) { + location ~ /_protected/media/(.+)/ { internal; alias __DATA_DIR__/data/media/$1; # NON-S3 # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932. From e4599af321f20b7504b71024dd84991c882bb53a Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 20:03:00 +0100 Subject: [PATCH 08/22] fix nginx --- conf/nginx.conf | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 15ff97a..c34a6a9 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -7,11 +7,6 @@ client_max_body_size 100M; charset utf-8; - # headers - more_set_headers Content-Security-Policy "default-src 'self'; connect-src https: wss: http: ws: 'self' 'unsafe-eval'; script-src 'self' 'wasm-unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; media-src https: http: 'self' data:; object-src 'none'"; - more_set_headers Referrer-Policy "strict-origin-when-cross-origin"; - more_set_headers X-Frame-Options "SAMEORIGIN" always; - location /api/ { include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; # This is needed if you have file import via upload enabled. @@ -47,7 +42,7 @@ try_files $uri $uri/ /index.html; } - location ~ "/(front/)?embed.html/" { + location ~ "/(front/)?embed.html" { alias __INSTALL_DIR__/front/dist/;embed.html; more_set_headers Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; more_set_headers Referrer-Policy "strict-origin-when-cross-origin"; From 3af39dfc9557dc991faf809cdd2eb96b910b636d Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 20:13:15 +0100 Subject: [PATCH 09/22] fix nginx --- scripts/install | 2 +- scripts/remove | 2 +- scripts/upgrade | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index 8390cc4..c7f7b25 100644 --- a/scripts/install +++ b/scripts/install @@ -32,8 +32,8 @@ mkdir -p $install_dir/config ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config -ynh_add_nginx_config ynh_add_config --template="funkwhale_proxy.conf" --destination="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" +ynh_add_nginx_config #================================================= # SPECIFIC SETUP diff --git a/scripts/remove b/scripts/remove index 42e9981..104fb0f 100644 --- a/scripts/remove +++ b/scripts/remove @@ -56,8 +56,8 @@ ynh_secure_remove --file="/etc/systemd/system/$app.target" ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 # Remove the dedicated NGINX config -ynh_remove_nginx_config ynh_secure_remove --file="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" +ynh_remove_nginx_config #================================================= # REMOVE LOGS diff --git a/scripts/upgrade b/scripts/upgrade index d233229..2ff9135 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -49,8 +49,8 @@ fi ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 # Create a dedicated NGINX config -ynh_add_nginx_config ynh_add_config --template="funkwhale_proxy.conf" --destination="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" +ynh_add_nginx_config #================================================= # Assure correct permissions to $data_dir From cdc2bc3f877fb76b94619b2e9bad7c4a2369e652 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 20:16:54 +0100 Subject: [PATCH 10/22] fix more_set_headers --- conf/nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index c34a6a9..574df61 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -44,8 +44,8 @@ location ~ "/(front/)?embed.html" { alias __INSTALL_DIR__/front/dist/;embed.html; - more_set_headers Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; - more_set_headers Referrer-Policy "strict-origin-when-cross-origin"; + more_set_headers "Content-Security-Policy: connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; + more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; expires 1d; } From 70be271df9c22be86507bf0d4ab0cef22d5d23d4 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 20:20:03 +0100 Subject: [PATCH 11/22] fix __DOMAIN__ variable --- conf/nginx.conf | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 574df61..a44dcb7 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -8,36 +8,36 @@ charset utf-8; location /api/ { - include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf; # This is needed if you have file import via upload enabled. client_max_body_size 100M; proxy_pass http://127.0.0.1:__PORT__; } location ~ ^/library/(albums|tracks|artists|playlists)/ { - include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf; proxy_pass http://127.0.0.1:__PORT__; } location /channels/ { - include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf; proxy_pass http://127.0.0.1:__PORT__; } location ~ ^/@(vite-plugin-pwa|vite|id)/ { - include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf; alias __INSTALL_DIR__/front/dist/; try_files $uri $uri/ /index.html; } location /@ { - include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf; proxy_pass http://127.0.0.1:__PORT__; } location / { expires 1d; - include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf; alias __INSTALL_DIR__/front/dist/; try_files $uri $uri/ /index.html; } @@ -51,18 +51,18 @@ } location /federation/ { - include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf; proxy_pass http://127.0.0.1:__PORT__; } # You can comment this if you do not plan to use the Subsonic API. location /rest/ { - include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf; proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/; } location /.well-known/ { - include /etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf; + include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf; proxy_pass http://127.0.0.1:__PORT__; } From 9a10c36251eb63378e9fa15581f97de9cd0fb30b Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 20:23:10 +0100 Subject: [PATCH 12/22] fix more_set_headers --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index a44dcb7..13f07c6 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,6 +1,6 @@ # HSTS - more_set_headers Strict-Transport-Security "max-age=31536000"; + more_set_headers "Strict-Transport-Security: max-age=31536000"; # General configs root __INSTALL_DIR__/front/dist; From 66ef729d9bfbe259b4453942d6a1411b098f7d7d Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 20:27:59 +0100 Subject: [PATCH 13/22] fix embed.html --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 13f07c6..e177f60 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -43,7 +43,7 @@ } location ~ "/(front/)?embed.html" { - alias __INSTALL_DIR__/front/dist/;embed.html; + alias __INSTALL_DIR__/front/dist/embed.html; more_set_headers "Content-Security-Policy: connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; From 48e1012e663539f6b1c7572da5d891ba8e7703a6 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 20:36:09 +0100 Subject: [PATCH 14/22] Add tests for ugprade from 1.3.4 --- tests.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests.toml b/tests.toml index 8496494..ed0afbc 100644 --- a/tests.toml +++ b/tests.toml @@ -5,4 +5,5 @@ test_format = 1.0 test_upgrade_from.9058c1b.name = "1.3.1" test_upgrade_from.fefe575.name = "1.3.2" test_upgrade_from.13391bf.name = "1.3.3" + test_upgrade_from.006a760.name = "1.3.4" From d3e41f949d4a60aaccd7456c0edea5bed4498450 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 21:05:56 +0100 Subject: [PATCH 15/22] revert update which leads to track not available when uploaded (not in_place) --- conf/nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index e177f60..3f2f2d0 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -89,7 +89,7 @@ # has been checked on API side. # Comment the "NON-S3" commented lines and uncomment "S3" commented lines # if you're storing media files in a S3 bucket. - location ~ /_protected/media/(.+)/ { + location /_protected/media/ { internal; alias __DATA_DIR__/data/media/$1; # NON-S3 # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932. @@ -115,4 +115,4 @@ location /staticfiles/ { alias __DATA_DIR__/data/static/; - } \ No newline at end of file + } From b47873bde12c0f898604582d85b045eae8a653b3 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 21:35:23 +0100 Subject: [PATCH 16/22] Fix change_url --- scripts/change_url | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/change_url b/scripts/change_url index aa87db4..68d2e36 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -25,14 +25,15 @@ ynh_systemd_action --service_name="$app-worker" --action=stop --log_path="/var/l #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 +domain=$new_domain ynh_change_url_nginx_config +ynh_add_config --template="funkwhale_proxy.conf" --destination="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" #================================================= # MODIFY THE CONFIG FILE #================================================= ynh_script_progression --message="Modifying a config file..." --weight=1 -domain=$new_domain ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/.env" #================================================= From 8075dc1f4d7f1deb61a3368979cde066c6083547 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Wed, 13 Dec 2023 23:14:32 +0100 Subject: [PATCH 17/22] change order --- scripts/change_url | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/change_url b/scripts/change_url index 68d2e36..9bb78b0 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -26,8 +26,8 @@ ynh_systemd_action --service_name="$app-worker" --action=stop --log_path="/var/l ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 domain=$new_domain -ynh_change_url_nginx_config ynh_add_config --template="funkwhale_proxy.conf" --destination="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" +ynh_change_url_nginx_config #================================================= # MODIFY THE CONFIG FILE From a95f8a32c5b983fd694168d80ef8f35a8f12339d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 20 Dec 2023 18:43:24 +0100 Subject: [PATCH 18/22] Update manifest.toml --- manifest.toml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifest.toml b/manifest.toml index e2e9462..d57b66b 100644 --- a/manifest.toml +++ b/manifest.toml @@ -22,8 +22,11 @@ fund = "https://next.funkwhale.audio/donate/" yunohost = ">= 11.2" architectures = "all" multi_instance = true + ldap = true + sso = true + disk = "50M" ram.build = "50M" ram.runtime = "50M" From 6a8ba5beec809f1f912ef8c6709e7406264196ad Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Sat, 20 Jan 2024 09:30:52 +0100 Subject: [PATCH 19/22] fix line-match for services --- scripts/install | 2 +- scripts/remove | 6 +++--- scripts/restore | 2 +- scripts/upgrade | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/scripts/install b/scripts/install index c7f7b25..bd43072 100644 --- a/scripts/install +++ b/scripts/install @@ -151,7 +151,7 @@ yunohost service add "${app}-worker" --description="${app} celery worker" --log= ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service -ynh_systemd_action --service_name="${app}-beat" --action="start" --log_path="systemd" --line_match="Started" +ynh_systemd_action --service_name="${app}-beat" --action="start" --log_path="systemd" ynh_systemd_action --service_name="${app}-server" --action="start" --log_path="systemd" --line_match="Application startup complete" ynh_systemd_action --service_name="${app}-worker" --action="start" --log_path="systemd" --line_match="ready" diff --git a/scripts/remove b/scripts/remove index 104fb0f..2fb24d9 100644 --- a/scripts/remove +++ b/scripts/remove @@ -39,9 +39,9 @@ fi #================================================= ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 -ynh_systemd_action --service_name="${app}-beat" --action="stop" --log_path="systemd" --line_match="Stopped $app" -ynh_systemd_action --service_name="${app}-server" --action="stop" --log_path="systemd" --line_match="Stopped $app" -ynh_systemd_action --service_name="${app}-worker" --action="stop" --log_path="systemd" --line_match="Stopped $app" +ynh_systemd_action --service_name="${app}-beat" --action="stop" --log_path="systemd" +ynh_systemd_action --service_name="${app}-server" --action="stop" --log_path="systemd" +ynh_systemd_action --service_name="${app}-worker" --action="stop" --log_path="systemd" # Remove the dedicated systemd config ynh_remove_systemd_config --service="${app}-beat" diff --git a/scripts/restore b/scripts/restore index af8f55a..ae65c8f 100644 --- a/scripts/restore +++ b/scripts/restore @@ -92,7 +92,7 @@ yunohost service add "${app}-worker" --description="${app} celery worker" --log= #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name="${app}-beat" --action="start" --log_path="systemd" --line_match="Started" +ynh_systemd_action --service_name="${app}-beat" --action="start" --log_path="systemd" ynh_systemd_action --service_name="${app}-server" --action="start" --log_path="systemd" --line_match="Application startup complete" ynh_systemd_action --service_name="${app}-worker" --action="start" --log_path="systemd" --line_match="ready" diff --git a/scripts/upgrade b/scripts/upgrade index 2ff9135..2f78ea1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -22,9 +22,9 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --action="stop" --service_name="${app}-beat" --log_path="systemd" --line_match="Stopped" -ynh_systemd_action --action="stop" --service_name="${app}-server" --log_path="systemd" --line_match="Stopped" -ynh_systemd_action --action="stop" --service_name="${app}-worker" --log_path="systemd" --line_match="Stopped" +ynh_systemd_action --action="stop" --service_name="${app}-beat" --log_path="systemd" +ynh_systemd_action --action="stop" --service_name="${app}-server" --log_path="systemd" +ynh_systemd_action --action="stop" --service_name="${app}-worker" --log_path="systemd" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -162,7 +162,7 @@ yunohost service add "${app}-worker" --description="${app} celery worker" --log= ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service -ynh_systemd_action --service_name="${app}-beat" --action="start" --log_path="systemd" --line_match="Started" +ynh_systemd_action --service_name="${app}-beat" --action="start" --log_path="systemd" ynh_systemd_action --service_name="${app}-server" --action="start" --log_path="systemd" --line_match="Application startup complete" ynh_systemd_action --service_name="${app}-worker" --action="start" --log_path="systemd" --line_match="ready" From 66391f94499bdeabad3228c931dd2a46d2aacecd Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Sat, 20 Jan 2024 09:35:59 +0100 Subject: [PATCH 20/22] fix api shasum --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index d57b66b..5362549 100644 --- a/manifest.toml +++ b/manifest.toml @@ -48,7 +48,7 @@ ram.runtime = "50M" [resources.sources] [resources.sources.api] url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.4.0/download?job=build_api" - sha256 = "e1c3d49da0e03545ff96f584d7c437fa333d7836b1a70c54b31ba5db3e1a2ae1" + sha256 = "719c5cd0feb3716993d63bd09c05468615c0682c985c29f3be8076c2caa0e60f" in_subdir = true extract = true format = "zip" From 7fb1b3dbd8ef07dfa886bde48428106077cbc3d7 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Sat, 20 Jan 2024 09:39:21 +0100 Subject: [PATCH 21/22] fix front shasum --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 5362549..5bc9fdc 100644 --- a/manifest.toml +++ b/manifest.toml @@ -55,7 +55,7 @@ ram.runtime = "50M" [resources.sources.front] url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.4.0/download?job=build_front" - sha256 = "d0429566bcc3fa395b9c54b16b939bbc86009c174929910de345db149d3e9d6d" + sha256 = "d6df32113ca355e8181a463b2a83ef3eabf574a3faac16feb9d37a1f7844d0191" in_subdir = true extract = true format = "zip" From e73b6334675303098e5291b9d34dc05c0ff74011 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Sat, 20 Jan 2024 09:47:15 +0100 Subject: [PATCH 22/22] typo --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 5bc9fdc..3ee4dee 100644 --- a/manifest.toml +++ b/manifest.toml @@ -55,7 +55,7 @@ ram.runtime = "50M" [resources.sources.front] url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.4.0/download?job=build_front" - sha256 = "d6df32113ca355e8181a463b2a83ef3eabf574a3faac16feb9d37a1f7844d0191" + sha256 = "6df32113ca355e8181a463b2a83ef3eabf574a3faac16feb9d37a1f7844d0191" in_subdir = true extract = true format = "zip"