Fix installation, nginx_traversal and upgrade

conf/nginx.conf

@@ -1,4 +1,5 @@
-location __PATH__ {
+#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
+location __PATH__/ {
 
   # Path to source
   alias __FINALPATH__/ ;

scripts/install

@@ -114,6 +114,13 @@ ynh_replace_string "__USER_DB__" "$db_name" "$configpath"
 # Calculate and store the config file checksum into the app settings
 ynh_store_file_checksum "$configpath"
 
+#=================================================
+# CREATE DATABASE
+#=================================================
+
+script_for_db="$final_path"/install/scripts/mysql.sql
+ynh_mysql_execute_file_as_root "$script_for_db" "$db_name"
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -122,14 +129,10 @@ ynh_store_file_checksum "$configpath"
 
 # TODO: improve permissions
 
-chown -R root:www-data "$final_path"
-chmod -R o-rwx "$final_path"
-chmod u+rx  "$final_path/config"
-chmod g+rwx "$final_path/config"
 for folder in attachments cache exports files imports logs photos templates_c tempimages
 do
-    chmod u+rx  "$final_path/data/$folder"
-    chmod g+rwx "$final_path/data/$folder"
+    chown "$app"  "$final_path/data/$folder"
+    chmod 750     "$final_path/data/$folder"
 done
 
 #=================================================
@@ -143,12 +146,21 @@ ynh_use_logrotate
 # SETUP SSOWAT
 #=================================================
 
-if [ $is_public -eq 0 ]
+if [[ "$path_url" == "/" ]]
+then
+	# ynh panel is only comptable with non-root installation
+	ynh_replace_string "  include conf.d/" "  #include conf.d/" "$finalnginxconf"
+else
+	ynh_replace_string "^#sub_path_only"   ""                   "$finalnginxconf"
+fi
+ynh_store_file_checksum "$finalnginxconf"
+
+if [ "$is_public" -eq 0 ]
 then	# Remove the public access
 	ynh_app_setting_delete "$app" skipped_uris
 fi
 # Make app public if necessary
-if [ $is_public -eq 1 ]
+if [ "$is_public" -eq 1 ]
 then
 	# unprotected_uris allows SSO credentials to be passed anyway.
 	ynh_app_setting_set "$app" unprotected_uris "/"

scripts/remove

@@ -44,7 +44,7 @@ ynh_mysql_remove_db "$db_user" "$db_name"
 #=================================================
 
 # Remove the app directory securely
-# ynh_secure_remove "$final_path"
+ynh_secure_remove "$final_path"
 
 #=================================================
 # REMOVE NGINX CONFIGURATION

scripts/upgrade

@@ -59,8 +59,8 @@ if [ -z "$db_pwd" ]; then
 fi
 
 # If final_path doesn't exist, create it
-if [ -z $final_path ]; then
-	final_path=/var/www/$app
+if [ -z "$final_path" ]; then
+	final_path="/var/www/$app"
 	ynh_app_setting_set "$app" final_path "$final_path"
 fi
 
@@ -78,7 +78,7 @@ ynh_abort_if_errors
 #=================================================
 
 # Normalize the URL path syntax
-path_url=$(ynh_normalize_url_path $path_url)
+path_url=$(ynh_normalize_url_path "$path_url")
 
 #=================================================
 # STANDARD UPGRADE STEPS
@@ -101,7 +101,7 @@ ynh_add_nginx_config
 #=================================================
 
 # Create a system user
-ynh_system_user_create $app
+ynh_system_user_create "$app"
 
 #=================================================
 # PHP-FPM CONFIGURATION
@@ -116,16 +116,17 @@ ynh_add_fpm_config
 # ...
 #=================================================
 
-configpath="$final_path"/config/
-cp ../config.inc.php "$configpath"
+configpath="$final_path"/config/config.inc.php
+cp ../conf/config.inc.php "$configpath"
+
 ynh_replace_string "__NAME_DB__" "$db_name" "$configpath"
 ynh_replace_string "__PWD_DB__"  "$db_pwd"  "$configpath"
 ynh_replace_string "__USER_DB__" "$db_name" "$configpath"
 
 # Verify the checksum and backup the file if it's different
-ynh_backup_if_checksum_is_different "$final_path/CONFIG_FILE"
+ynh_backup_if_checksum_is_different "$configpath"
 # Recalculate and store the config file checksum into the app settings
-ynh_store_file_checksum "$final_path/CONFIG_FILE"
+ynh_store_file_checksum "$configpath"
 
 #=================================================
 # SETUP LOGROTATE
@@ -134,13 +135,6 @@ ynh_store_file_checksum "$final_path/CONFIG_FILE"
 # Use logrotate to manage app-specific logfile(s)
 ynh_use_logrotate --non-append
 
-#=================================================
-# SETUP SYSTEMD
-#=================================================
-
-# Create a dedicated systemd config
-ynh_add_systemd_config
-
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -149,29 +143,35 @@ ynh_add_systemd_config
 
 # TODO: improve permissions
 
-chown -R root:www-data "$final_path"
-chmod -R o-rwx "$final_path"
-chmod u+rx  "$final_path/config"
-chmod g+rwx "$final_path/config"
+chown -R root:root "$final_path"
 for folder in attachments cache exports files imports logs photos templates_c tempimages
 do
-    chmod u+rx  "$final_path/data/$folder"
-    chmod g+rwx "$final_path/data/$folder"
+    chown "$app"  "$final_path/data/$folder"
+    chmod 750     "$final_path/data/$folder"
 done
 
 #=================================================
 # SETUP SSOWAT
 #=================================================
 
+if [[ "$path_url" == "/" ]]
+then
+	# ynh panel is only comptable with non-root installation
+	ynh_replace_string "  include conf.d/" "  #include conf.d/" "$finalnginxconf"
+else
+	ynh_replace_string "^#sub_path_only"   ""                   "$finalnginxconf"
+fi
+ynh_store_file_checksum "$finalnginxconf"
+
 if [ $is_public -eq 0 ]
 then	# Remove the public access
-	ynh_app_setting_delete $app skipped_uris
+	ynh_app_setting_delete "$app" skipped_uris
 fi
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
 	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set $app unprotected_uris "/"
+	ynh_app_setting_set "$app" unprotected_uris "/"
 fi
 
 #=================================================