diff --git a/conf/systemd.service b/conf/backend.service similarity index 76% rename from conf/systemd.service rename to conf/backend.service index 839ebca..400de95 100644 --- a/conf/systemd.service +++ b/conf/backend.service @@ -1,5 +1,5 @@ [Unit] -Description=HedgeDoc: collaborative Markdown notes +Description=HedgeDoc: collaborative Markdown notes backend Documentation=https://github.com/hedgedoc/hedgedoc After=network.target postgresql.service @@ -7,10 +7,10 @@ After=network.target postgresql.service Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__ +WorkingDirectory=__FINALPATH__/backend Environment="PATH=__ENV_PATH__" Environment="NODE_ENV=production" -ExecStart=__YNH_NPM__ start --production +ExecStart=__YNH_NPM__ start Restart=always PrivateTmp=true PrivateDevices=true diff --git a/conf/config.json.example b/conf/config.json.example deleted file mode 100644 index 5f6ec2b..0000000 --- a/conf/config.json.example +++ /dev/null @@ -1,51 +0,0 @@ -{ - "production": { - "protocolUseSSL": true, - "domain": "__DOMAIN__", - "port": "__PORT__", - "urlPath": "__PATH__", - "loglevel": "info", - "useCDN": false, - "allowGravatar": false, - "allowFreeURL": false, - "allowAnonymousEdits": true, - "defaultPermission": "locked", - "email": true, - "allowEmailRegister": true, - "imageUploadType": "filesystem", - "tooBusyLag": 1000, - "hsts": { - "enable": true, - "maxAgeSeconds": 31536000, - "includeSubdomains": true, - "preload": true - }, - "csp": { - "enable": true, - "directives": { - }, - "upgradeInsecureRequests": "auto", - "addDefaults": true, - "addDisqus": true, - "addGoogleAnalytics": false - }, - "db": { - "username": "__DB_NAME__", - "password": "__DB_PWD__", - "database": "__DB_NAME__", - "host": "localhost", - "port": "5432", - "dialect": "postgres" - }, - "ldap": { - "url": "ldap://127.0.0.1:389", - "bindDn": null, - "bindCredentials": null, - "searchBase": "ou=users,dc=yunohost,dc=org", - "searchFilter": "(&(|(objectclass=posixAccount))(uid={{username}})(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))", - "usernameField": "cn", - "useridField": "uid", - "providerName": "YunoHost" - } - } -} diff --git a/conf/env_backend b/conf/env_backend new file mode 100644 index 0000000..2fef918 --- /dev/null +++ b/conf/env_backend @@ -0,0 +1,28 @@ +# SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file) +# +# SPDX-License-Identifier: CC0-1.0 + +HD_DOMAIN="https://__DOMAIN____PATH__" +PORT=__PORT_BACKEND__ +HD_MEDIA_BACKEND="filesystem" +HD_MEDIA_BACKEND_FILESYSTEM_UPLOAD_PATH="uploads/" + +HD_DATABASE_NAME="__DB_NAME__" +HD_DATABASE_USER="__DB_NAME__" +HD_DATABASE_PASS="__DB_PWD__" +HD_DATABASE_HOST="localhost" +HD_DATABASE_PORT="5432" +HD_DATABASE_DIALECT="postgres" + +HD_AUTH_LDAPS="YUNOHOST" +HD_AUTH_LDAP_YUNOHOST_PROVIDER_NAME="YunoHost" +HD_AUTH_LDAP_YUNOHOST_URL="ldap://127.0.0.1:389" +#HD_AUTH_LDAP_YUNOHOST_BIND_DN=null +#HD_AUTH_LDAP_YUNOHOST_BIND_CREDENTIALS=null +HD_AUTH_LDAP_YUNOHOST_SEARCH_BASE="ou=users,dc=yunohost,dc=org" +HD_AUTH_LDAP_YUNOHOST_SEARCH_FILTER="(&(|(objectclass=posixAccount))(uid={{username}})(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))" +#HD_AUTH_LDAP_YUNOHOST_SEARCH_ATTRIBUTES= +HD_AUTH_LDAP_YUNOHOST_USERNAME_FIELD="cn" +HD_AUTH_LDAP_YUNOHOST_USERID_FIELD="uid" +#HD_AUTH_LDAP_YUNOHOST_TLS_CA= + diff --git a/conf/frontend.service b/conf/frontend.service new file mode 100644 index 0000000..762bfbc --- /dev/null +++ b/conf/frontend.service @@ -0,0 +1,27 @@ +[Unit] +Description=HedgeDoc: collaborative Markdown notes frontend +Documentation=https://github.com/hedgedoc/hedgedoc +After=network.target postgresql.service __APP___backend.service + +[Service] +Type=simple +User=__APP__ +Group=__APP__ +WorkingDirectory=__FINALPATH__/frontend +Environment="PATH=__ENV_PATH__" +Environment="NODE_ENV=production" +Environment="PORT=__PORT_FRONTEND__" +Environment="REACT_APP_BACKEND_BASE_URL=http://localhost:__PORT_BACKEND__/" +ExecStart=__FINALPATH__/frontend/node_modules/.bin/cross-env PORT=__PORT_FRONTEND__ REACT_APP_BACKEND_BASE_URL=http://localhost:__PORT_BACKEND__/ __FINAL_PATH__/frontend/node_modules/.bin/craco start +Restart=always +PrivateTmp=true +PrivateDevices=true + +ProtectControlGroups=true +ProtectHome=true +ProtectKernelTunables=true +ProtectSystem=full +RestrictSUIDSGID=true + +[Install] +WantedBy=multi-user.target diff --git a/conf/nginx.conf b/conf/nginx.conf index a0fc0ae..ce4e4fc 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -5,7 +5,7 @@ location ^~ __PATH__/ { rewrite ^ https://$server_name$request_uri? permanent; } - proxy_pass http://127.0.0.1:__PORT__/; + proxy_pass http://127.0.0.1:__PORT_FRONTEND__/; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; diff --git a/scripts/install b/scripts/install index 7c328f7..0c986bf 100644 --- a/scripts/install +++ b/scripts/install @@ -53,11 +53,15 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url #================================================= # FIND AND OPEN A PORT #================================================= -ynh_script_progression --message="Finding an available port..." --weight=2 +ynh_script_progression --message="Finding available ports..." --weight=2 -# Find an available port -port=$(ynh_find_port --port=3000) -ynh_app_setting_set --app=$app --key=port --value=$port +# Find an available port for the backend +port_backend=$(ynh_find_port --port=3000) +ynh_app_setting_set --app=$app --key=port_backend --value=$port_backend + +# Find an available port for the frontend +port_frontend=$(ynh_find_port --port=$(($port_backend+1))) +ynh_app_setting_set --app=$app --key=port_frontend --value=$port_frontend #================================================= # INSTALL DEPENDENCIES @@ -97,7 +101,11 @@ ynh_script_progression --message="Setting up source files..." --weight=2 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir=$final_path +#ynh_setup_source --dest_dir=$final_path +mkdir -p $final_path/backend +mkdir -p $final_path/frontend +git clone --depth 1 https://github.com/hedgedoc/hedgedoc -b develop $final_path/backend +git clone --depth 1 https://github.com/hedgedoc/react-client $final_path/frontend #================================================= # NGINX CONFIGURATION @@ -112,11 +120,22 @@ ynh_add_nginx_config #============================================== # INSTALL HEDGEDOC #============================================== -ynh_script_progression --message="Building HedgeDoc... (this will take some time and resources!)" --weight=20 +ynh_use_nodejs -pushd "$final_path" || ynh_die - ynh_use_nodejs - bin/setup +ynh_script_progression --message="Building HedgeDoc backend... (this will take some time and resources!)" --weight=20 + +pushd "$final_path/backend" || ynh_die + ynh_exec_warn_less yarn install +popd || ynh_die + +ynh_script_progression --message="Building HedgeDoc frontend... (this will take some time and resources!)" --weight=20 + +pushd "$final_path/frontend" || ynh_die + ynh_exec_warn_less yarn install + # TODO: Fails out of memory in my tests + # Production build + # Not sure if PORT is necessary here + # PORT=$port_frontend REACT_APP_BACKEND_BASE_URL=http://localhost:$port_backend/ yarn build:production popd || ynh_die #================================================= @@ -124,18 +143,19 @@ popd || ynh_die #================================================= ynh_script_progression --message="Configuring a systemd service..." --weight=1 -ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/backend.service" +ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/frontend.service" -ynh_add_systemd_config +ynh_add_systemd_config --service="${app}_backend" --template="../conf/backend.service" +ynh_add_systemd_config --service="${app}_frontend" --template="../conf/frontend.service" #================================================= # MODIFY A CONFIG FILE #================================================= ynh_script_progression --message="Modifying a config file..." --weight=1 -path=${path_url:1} - -ynh_add_config --template="../conf/config.json.example" --destination="$final_path/config.json" +#path=${path_url:1} +ynh_add_config --template="../conf/env_backend" --destination="$final_path/backend/.env" #================================================= # GENERIC FINALIZATION @@ -147,14 +167,14 @@ ynh_script_progression --message="Securing files and directories..." --weight=1 # Set permissions to app files chown -R $app:$app $final_path chmod o-rwx $final_path -chmod 600 $final_path/config.json #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 -yunohost service add $app --description="Collaborative Markdown editor" --log="/var/log/$app/$app.log" +yunohost service add "${app}_backend" --description="Collaborative Markdown editor's backend" --log="/var/log/$app/$app.log" +yunohost service add "${app}_frontend" --description="Collaborative Markdown editor's frontend" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE @@ -162,7 +182,8 @@ yunohost service add $app --description="Collaborative Markdown editor" --log="/ ynh_script_progression --message="Starting a systemd service..." --weight=2 # Start a systemd service -ynh_systemd_action --service_name=$app --action=start --log_path=systemd --line_match="HTTP Server listening" +ynh_systemd_action --service_name="${app}_backend" --action=start --log_path=systemd +ynh_systemd_action --service_name="${app}_frontend" --action=start --log_path=systemd #================================================= # SETUP SSOWAT diff --git a/scripts/remove b/scripts/remove index 60d5336..e89de26 100644 --- a/scripts/remove +++ b/scripts/remove @@ -28,19 +28,26 @@ db_user=$db_name #================================================= # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status $app >/dev/null +if ynh_exec_warn_less yunohost service status ${app}_backend >/dev/null then - ynh_script_progression --message="Removing $app service..." --weight=1 - yunohost service remove $app + ynh_script_progression --message="Removing ${app}_backend service..." --weight=1 + yunohost service remove ${app}_backend +fi + +if ynh_exec_warn_less yunohost service status ${app}_frontend >/dev/null +then + ynh_script_progression --message="Removing ${app}_frontend service..." --weight=1 + yunohost service remove ${app}_frontend fi #================================================= # STOP AND REMOVE SERVICE #================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 +ynh_script_progression --message="Stopping and removing the systemd services..." --weight=1 # Remove the dedicated systemd config -ynh_remove_systemd_config +ynh_remove_systemd_config --service=${app}_backend +ynh_remove_systemd_config --service=${app}_frontend #================================================= # REMOVE THE POSTGRESQL DATABASE