1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/funkwhale_ynh.git synced 2024-09-03 18:36:24 +02:00

Merge pull request #259 from YunoHost-Apps/upgrade-to-1.4.0

Upgrade to 1.4.0
This commit is contained in:
Thomas 2023-12-13 21:08:22 +01:00 committed by GitHub
commit a4b432cdfc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 136 additions and 145 deletions

View file

@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
Funkwhale is a community-driven project that lets you listen and share music and audio within a decentralized, open network. Funkwhale is a community-driven project that lets you listen and share music and audio within a decentralized, open network.
**Shipped version:** 1.3.4~ynh1 **Shipped version:** 1.4.0~ynh1
**Demo:** https://demo.funkwhale.audio **Demo:** https://demo.funkwhale.audio

View file

@ -18,7 +18,7 @@ Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
Funkwhale est un projet communautaire qui vous permet d'écouter et de partager de la musique et de l'audio au sein d'un réseau ouvert et décentralisé. Funkwhale est un projet communautaire qui vous permet d'écouter et de partager de la musique et de l'audio au sein d'un réseau ouvert et décentralisé.
**Version incluse :** 1.3.4~ynh1 **Version incluse :** 1.4.0~ynh1
**Démo :** https://demo.funkwhale.audio **Démo :** https://demo.funkwhale.audio

13
conf/funkwhale_proxy.conf Normal file
View file

@ -0,0 +1,13 @@
# global proxy conf
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_redirect off;
# websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

View file

@ -1,144 +1,118 @@
root __INSTALL_DIR__/front/dist;
location /api/ { # HSTS
more_set_headers "Strict-Transport-Security: max-age=31536000";
# global proxy conf # General configs
proxy_set_header Host $host; root __INSTALL_DIR__/front/dist;
proxy_set_header X-Real-IP $remote_addr; client_max_body_size 100M;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; charset utf-8;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_redirect off;
# websocket support location /api/ {
proxy_http_version 1.1; include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf;
proxy_set_header Upgrade $http_upgrade; # This is needed if you have file import via upload enabled.
proxy_set_header Connection $connection_upgrade; client_max_body_size 100M;
proxy_pass http://127.0.0.1:__PORT__;
# this is needed if you have file import via upload enabled
client_max_body_size 100M;
proxy_pass http://127.0.0.1:__PORT__;
}
location / {
alias __INSTALL_DIR__/front/dist/;
expires 1d;
try_files $uri $uri/ /index.html;
}
location /embed.html {
more_set_headers "Content-Security-Policy: connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:";
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
alias __INSTALL_DIR__/front/dist/embed.html;
expires 1d;
}
location /federation/ {
# global proxy conf
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_redirect off;
# websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://127.0.0.1:__PORT__/federation/;
}
# You can comment this if you do not plan to use the Subsonic API
location /rest/ {
# global proxy conf
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_redirect off;
# websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/;
}
location /.well-known/ {
# global proxy conf
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_redirect off;
# websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://127.0.0.1:__PORT__;
}
location /media/__sized__/ {
alias __DATA_DIR__/data/media/__sized__/;
more_set_headers "Access-Control-Allow-Origin: *";
}
location /media/attachments/ {
alias __DATA_DIR__/data/media/attachments/;
more_set_headers "Access-Control-Allow-Origin: *";
}
# This is an internal location that is used to serve
# media (uploaded) files once correct permission / authentication
# has been checked on API side.
# Comment the "NON-S3" commented lines and uncomment "S3" commented lines
# if you're storing media files in a S3 bucket.
location /_protected/media/ {
internal;
alias __DATA_DIR__/data/media/$1; # NON-S3
# Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932.
# proxy_set_header Authorization ""; # S3
# proxy_pass $1; # S3
more_set_headers "Access-Control-Allow-Origin: *";
} }
location /_protected/music/ { location ~ ^/library/(albums|tracks|artists|playlists)/ {
# this is an internal location that is used to serve include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf;
# audio files once correct permission / authentication proxy_pass http://127.0.0.1:__PORT__;
# has been checked on API side }
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting
internal;
alias __DATA_DIR__/data/music/;
more_set_headers "Access-Control-Allow-Origin: *";
}
# Allow direct access to /staticfiles location /channels/ {
location /staticfiles/ { include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf;
alias __DATA_DIR__/data/static/; proxy_pass http://127.0.0.1:__PORT__;
more_set_headers "Access-Control-Allow-Origin: *"; }
}
# Allow direct access to only specific subdirectories in /media location ~ ^/@(vite-plugin-pwa|vite|id)/ {
location /media/dynamic_preferences/ { include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf;
alias __DATA_DIR__/data/media/dynamic_preferences/; alias __INSTALL_DIR__/front/dist/;
more_set_headers "Access-Control-Allow-Origin: *"; try_files $uri $uri/ /index.html;
} }
location /manifest.json { location /@ {
return 302 /api/v1/instance/spa-manifest.json; include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf;
} proxy_pass http://127.0.0.1:__PORT__;
}
location / {
expires 1d;
include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf;
alias __INSTALL_DIR__/front/dist/;
try_files $uri $uri/ /index.html;
}
location ~ "/(front/)?embed.html" {
alias __INSTALL_DIR__/front/dist/embed.html;
more_set_headers "Content-Security-Policy: connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:";
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
expires 1d;
}
location /federation/ {
include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf;
proxy_pass http://127.0.0.1:__PORT__;
}
# You can comment this if you do not plan to use the Subsonic API.
location /rest/ {
include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf;
proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/;
}
location /.well-known/ {
include /etc/nginx/conf.d/__DOMAIN__.d/funkwhale_proxy.conf;
proxy_pass http://127.0.0.1:__PORT__;
}
# Allow direct access to only specific subdirectories in /media
location /media/__sized__/ {
alias __DATA_DIR__/data/media/__sized__/;
more_set_headers "Access-Control-Allow-Origin: *";
}
# Allow direct access to only specific subdirectories in /media
location /media/attachments/ {
alias __DATA_DIR__/data/media/attachments/;
more_set_headers "Access-Control-Allow-Origin: *";
}
# Allow direct access to only specific subdirectories in /media
location /media/dynamic_preferences/ {
alias __DATA_DIR__/data/media/dynamic_preferences/;
more_set_headers "Access-Control-Allow-Origin: *";
}
# This is an internal location that is used to serve
# media (uploaded) files once correct permission / authentication
# has been checked on API side.
# Comment the "NON-S3" commented lines and uncomment "S3" commented lines
# if you're storing media files in a S3 bucket.
location /_protected/media/ {
internal;
alias __DATA_DIR__/data/media/$1; # NON-S3
# Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932.
# proxy_set_header Authorization ""; # S3
# proxy_pass $1; # S3
more_set_headers "Access-Control-Allow-Origin: *";
}
location /_protected/music/ {
# This is an internal location that is used to serve
# local music files once correct permission / authentication
# has been checked on API side.
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting.
internal;
alias __DATA_DIR__/data/music/;
more_set_headers "Access-Control-Allow-Origin: *";
}
location /manifest.json {
# If the reverse proxy is terminating SSL, nginx gets confused and redirects to http, hence the full URL
return 302 https://__DOMAIN__/api/v1/instance/spa-manifest.json;
}
location /staticfiles/ {
alias __DATA_DIR__/data/static/;
}

View file

@ -5,7 +5,7 @@ name = "Funkwhale"
description.en = "Convivial and modern music server" description.en = "Convivial and modern music server"
description.fr = "Serveur de musique moderne et convivial" description.fr = "Serveur de musique moderne et convivial"
version = "1.3.4~ynh1" version = "1.4.0~ynh1"
maintainers = ["Thovi98"] maintainers = ["Thovi98"]
@ -44,15 +44,15 @@ ram.runtime = "50M"
[resources] [resources]
[resources.sources] [resources.sources]
[resources.sources.api] [resources.sources.api]
url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.3.4/download?job=build_api" url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.4.0/download?job=build_api"
sha256 = "8a05e3cab5c698cb89a23e1cd8b95c0e0ce2a2bea1580e1ec59364a07a870cd5" sha256 = "e1c3d49da0e03545ff96f584d7c437fa333d7836b1a70c54b31ba5db3e1a2ae1"
in_subdir = true in_subdir = true
extract = true extract = true
format = "zip" format = "zip"
[resources.sources.front] [resources.sources.front]
url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.3.4/download?job=build_front" url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.4.0/download?job=build_front"
sha256 = "fbf0d25153dd16f9c9a70e6bb2b15238a091a9acb36fc1dc2e2766f761f2a17c" sha256 = "d0429566bcc3fa395b9c54b16b939bbc86009c174929910de345db149d3e9d6d"
in_subdir = true in_subdir = true
extract = true extract = true
format = "zip" format = "zip"

View file

@ -31,7 +31,7 @@ ynh_backup --src_path="$data_dir" --is_big
# BACKUP THE NGINX CONFIGURATION # BACKUP THE NGINX CONFIGURATION
#================================================= #=================================================
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d"
#================================================= #=================================================
# BACKUP FAIL2BAN CONFIGURATION # BACKUP FAIL2BAN CONFIGURATION

View file

@ -32,6 +32,7 @@ mkdir -p $install_dir/config
ynh_script_progression --message="Configuring NGINX web server..." --weight=1 ynh_script_progression --message="Configuring NGINX web server..." --weight=1
# Create a dedicated NGINX config # Create a dedicated NGINX config
ynh_add_config --template="funkwhale_proxy.conf" --destination="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf"
ynh_add_nginx_config ynh_add_nginx_config
#================================================= #=================================================

View file

@ -56,6 +56,7 @@ ynh_secure_remove --file="/etc/systemd/system/$app.target"
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
# Remove the dedicated NGINX config # Remove the dedicated NGINX config
ynh_secure_remove --file="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf"
ynh_remove_nginx_config ynh_remove_nginx_config
#================================================= #=================================================

View file

@ -39,7 +39,7 @@ chown -R $app:www-data "$data_dir/"
#================================================= #=================================================
ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d"
#================================================= #=================================================
# RESTORE THE POSTGRESQL DATABASE # RESTORE THE POSTGRESQL DATABASE

View file

@ -49,6 +49,7 @@ fi
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
# Create a dedicated NGINX config # Create a dedicated NGINX config
ynh_add_config --template="funkwhale_proxy.conf" --destination="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf"
ynh_add_nginx_config ynh_add_nginx_config
#================================================= #=================================================

View file

@ -5,4 +5,5 @@ test_format = 1.0
test_upgrade_from.9058c1b.name = "1.3.1" test_upgrade_from.9058c1b.name = "1.3.1"
test_upgrade_from.fefe575.name = "1.3.2" test_upgrade_from.fefe575.name = "1.3.2"
test_upgrade_from.13391bf.name = "1.3.3" test_upgrade_from.13391bf.name = "1.3.3"
test_upgrade_from.006a760.name = "1.3.4"