diff --git a/README.md b/README.md index 548d0f88..1853328e 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,9 @@ Current snapshot in *sources*: - [X] Remove the admin email,path and is_public form installation form. - [X] Stop modification of php.ini : exec(). - [X] Make changes to nginx configuration accouding to Hubzilla official guide. -- [ ] Force redirection to https by default. +- [X] Force redirection to https by default. +- [X] Multi-instance. +- [X] Adeed php.log in the root folder for debugging php, with logrotate applied on it.(can be accesssed by admin->logs and entering the php.log). ## Important Notes @@ -47,28 +49,6 @@ Hubzilla requires browser-approved SSL certificates. If you have certificates no #### YunoHost >= 2.5 : Once the dedicated domain has been added to YunoHost, go again to the admin panel, go to domains then select your domain and click on "Install Let's Encrypt certificate". -#### Yunohost < 2.5 : -For older versions of YunoHost, once you have added the new domain, SSH into your YunoHost server and perform the following steps: - -1. Install [certbot](https://certbot.eff.org/) to make installing free SSL certificates from Let's Encrypt simple. - -1. Stop nginx - - service nginx stop - -1. Run the **certbot** utility with the **certonly** option - - certbot certonly - -1. Copy the generated certificate and key into the appropriate location for YunoHost to use - - cp /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem /etc/yunohost/certs/YOUR_DOMAIN/crt.pem - cp /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem /etc/yunohost/certs/YOUR_DOMAIN/key.pem - -1. Restart nginx - - service nginx start - ### Install the Hubzilla application Use the YunoHost admin panel to install Hubzilla by entering the GitHub repo address in the custom app URL @@ -81,3 +61,5 @@ When installation is complete, you will need to visit your new hub's page and lo **For normal YunoHost users:** Normal LDAP users can login through Ldap authentication and create there channels. **If the admin cannot access the admin settings:** If you cannot access the admin settings at `https://hub.example.com/admin` when you log in as the administrator, or you want to grant admin rights to any other user(s) on the hub, then you have to manually add 4096 to the account_roles under accounts for that user in the database through phpMYAdmin. + +**For logs:**: Go to admin->logs and enter the file name **php.log**. diff --git a/check_process b/check_process index cf6d106e..e1fc2dfd 100644 --- a/check_process +++ b/check_process @@ -13,7 +13,7 @@ setup_public=1 upgrade=1 backup_restore=1 - multi_instance=0 + multi_instance=1 incorrect_path=1 port_already_use=0 change_url=0 @@ -31,5 +31,5 @@ Level 9=0 Level 10=0 ;;; Options - Email=anmol@datamol.in - Notification=none + Email=anmol@datamol.org + Notification= diff --git a/conf/addpoller b/conf/addpoller deleted file mode 100644 index c5f314a4..00000000 --- a/conf/addpoller +++ /dev/null @@ -1,2 +0,0 @@ -final_path=$1 -(crontab -l ; echo "*/10 * * * * cd $final_path; php include/poller.php") 2>&1 | grep -v "no crontab" | sort | uniq | crontab - \ No newline at end of file diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 00000000..bc1019a8 --- /dev/null +++ b/conf/app.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/redmatrix/hubzilla/archive/3.2.2.zip +SOURCE_SUM=e1a87334579adbabf7e84ecd599bdfa9 +SOURCE_SUM_PRG=md5sum +SOURCE_FORMAT=zip +SOURCE_IN_SUBDIR= +SOURCE_FILENAME= diff --git a/conf/app_addons.src b/conf/app_addons.src new file mode 100644 index 00000000..ef6e76fb --- /dev/null +++ b/conf/app_addons.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/redmatrix/hubzilla-addons/archive/3.2.2.zip +SOURCE_SUM=05b4cbc853248fa855fb5941d9ea5ced +SOURCE_SUM_PRG=md5sum +SOURCE_FORMAT=zip +SOURCE_IN_SUBDIR= +SOURCE_FILENAME= diff --git a/conf/nginx.conf b/conf/nginx.conf index 992141ea..95b05d9c 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,64 +1,63 @@ -location YNH_WWW_PATH { - - # Path to source - alias YNH_WWW_ALIAS/ ; +root __FINALPATH__/ ; +location __PATH__ { # Force https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } + + if ($is_args != "") { + rewrite ^/(.*) /index.php?q=$uri&$args last; + } + rewrite ^/(.*) /index.php?q=$uri last; + } + - # Example PHP configuration - index index.php index.html; - try_files $uri $uri/ index.php; - location ~ [^/]\.php(/|$) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm.sock; + # Example PHP configuration + location ~* \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; - # Set max upload size - client_max_body_size UPLOADTOCHANGE; - fastcgi_buffers 64 4K; - + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + + client_max_body_size 20m; + client_body_buffer_size 128k; } - # .htaccess file from Hubzilla converted using http://winginx.com/en/htaccess - location ~ "(^|/)\.git" { return 403; } - location ~ "(^|/)store" { return 403; } - autoindex off; - location / - { - # Removing the .well-known rewrite below rule seems to work... - # rewrite ^/\.well\-known/.* /index.php?q=$1; - if (!-e $request_filename) - { - rewrite ^(.*)$ /index.php?q=$1; - } + # make sure webfinger and other well known services aren't blocked + # by denying dot files and rewrite request to the front controller + location ^~ /.well-known/ { + allow all; + rewrite ^/(.*) /index.php?q=$uri&$args last; } + # statically serve these file types when possible # otherwise fall back to front controller # allow browser to cache them # added .htm for advanced source code editor library - location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ - { + location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ { expires 30d; try_files $uri /index.php?q=$uri&$args; - } + } + # block these file types - location ~* \.(tpl|md|tgz|log|out)$ - { - deny all; - } - - # deny access to all dot files - location ~ /\. - { + location ~* \.(tpl|md|tgz|log|out)$ { deny all; } + + # deny access to all dot files + location ~ /\. { + deny all; + } + + #deny access to store + + location ~ /store { + deny all; + } + - # Include SSOWAT user panel. - # include conf.d/yunohost_panel.conf.inc; -} diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index dd0a7637..8affbc2e 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,7 +1,7 @@ ; Start a new pool named 'www'. ; the variable $pool can we used in any directive and will be replaced by the ; pool name ('www' here) -[NAMETOCHANGE] +[__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: @@ -16,6 +16,12 @@ ; Default Value: none ;prefix = /path/to/pools/$pool +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = __USER__ +group = __USER__ + ; The address on which to accept FastCGI requests. ; Valid syntaxes are: ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on @@ -24,12 +30,21 @@ ; specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-NAMETOCHANGE.sock +listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock ; Set listen(2) backlog. A value of '-1' means unlimited. ; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = -1 +;listen.backlog = 128 +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 + ; List of ipv4 addresses of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address @@ -38,26 +53,20 @@ listen = /var/run/php5-fpm-NAMETOCHANGE.sock ; Default Value: any ;listen.allowed_clients = 127.0.0.1 -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0666 -listen.owner = www-data -listen.group = www-data -listen.mode = 0600 - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. -user = www-data -group = www-data +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; priority = -19 ; Choose how the process manager will control the number of child processes. ; Possible Values: ; static - a fixed number (pm.max_children) of child processes; ; dynamic - the number of child processes are set dynamically based on the -; following directives: +; following directives. With this process management, there will be +; always at least 1 children. ; pm.max_children - the maximum number of children that can ; be alive at the same time. ; pm.start_servers - the number of children created on startup. @@ -69,34 +78,46 @@ group = www-data ; state (waiting to process). If the number ; of 'idle' processes is greater than this ; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. ; Note: This value is mandatory. pm = dynamic ; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes to be created when pm is set to 'dynamic'. +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. ; This value sets the limit on the number of simultaneous requests that will be ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. -; Note: Used when pm is set to either 'static' or 'dynamic' +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = 6 +pm.max_children = 10 ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 3 +pm.start_servers = 2 ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 3 +pm.min_spare_servers = 1 ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 5 +pm.max_spare_servers = 3 +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. @@ -104,38 +125,103 @@ pm.max_spare_servers = 5 pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. By default, the status page shows the following -; information: -; accepted conn - the number of request accepted by the pool; +; recognized as a status page. It shows the following informations: ; pool - the name of the pool; -; process manager - static or dynamic; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; ; idle processes - the number of idle processes; ; active processes - the number of active processes; -; total processes - the number of idle + active processes. +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; ; max children reached - number of times, the process limit has been reached, ; when pm tries to start more children (works only for -; pm 'dynamic') -; The values of 'idle processes', 'active processes' and 'total processes' are -; updated each second. The value of 'accepted conn' is updated in real time. +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. ; Example output: -; accepted conn: 12073 ; pool: www ; process manager: static -; idle processes: 35 -; active processes: 65 -; total processes: 100 -; max children reached: 1 +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; ; By default the status page output is formatted as text/plain. Passing either -; 'html' or 'json' as a query string will return the corresponding output -; syntax. Example: +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: ; http://www.foo.bar/status ; http://www.foo.bar/status?json ; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: ${prefix}/share/fpm/status.html +; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -pm.status_path = /fpm-status +;pm.status_path = /status ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside @@ -147,46 +233,105 @@ pm.status_path = /fpm-status ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -ping.path = /ping +;ping.path = /ping ; This directive may be used to customize the response of a ping request. The ; response is formatted as text/plain with a 200 response code. ; Default Value: pong ;ping.response = pong -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -request_terminate_timeout = 120s +; The access log file +; Default: not set +;access.log = log/$pool.access.log +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: ouput header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log + ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_slowlog_timeout = 5s - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/NAMETOCHANGE.slow.log - + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 1d + ; Set open file descriptor rlimit. ; Default Value: system defined value -rlimit_files = 4096 - +;rlimit_files = 1024 + ; Set max core size rlimit. ; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Default Value: system defined value -rlimit_core = 0 - +;rlimit_core = 0 + ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; of its subdirectories. If the pool prefix is not set, the global prefix ; will be used instead. -; Note: chrooting is a great security feature and should be used whenever +; Note: chrooting is a great security feature and should be used whenever ; possible. However, all PHP paths will be relative to the chroot ; (error_log, sessions.save_path, ...). ; Default Value: not set @@ -195,7 +340,7 @@ rlimit_core = 0 ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot -chdir = /var/www/NAMETOCHANGE +chdir = __FINALPATH__ ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. @@ -204,6 +349,14 @@ chdir = /var/www/NAMETOCHANGE ; Default Value: no catch_workers_output = yes +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env @@ -217,7 +370,7 @@ catch_workers_output = yes ; overwrite the values previously defined in the php.ini. The directives are the ; same as the PHP SAPI: ; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. +; be overwritten from PHP call 'ini_set'. ; php_admin_value/php_admin_flag - these directives won't be overwritten by ; PHP call 'ini_set' ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. @@ -237,13 +390,3 @@ catch_workers_output = yes ;php_admin_value[error_log] = /var/log/fpm-php.www.log ;php_admin_flag[log_errors] = on ;php_admin_value[memory_limit] = 32M - -php_value[upload_max_filesize] = UPLOADTOCHANGE -php_value[post_max_size] = UPLOADTOCHANGE -php_value[max_file_uploads] = 50 -php_value[mail.add_x_header] = Off - -php_value[register_argc_argv] = true - -; Check if still required : this disable_function may be required to be removed (confirm why first) pcntl_exec - diff --git a/conf/php-fpm.ini b/conf/php-fpm.ini new file mode 100644 index 00000000..7490dd7a --- /dev/null +++ b/conf/php-fpm.ini @@ -0,0 +1,11 @@ +; Common values to change to increase file upload limit +; upload_max_filesize = 50M +; post_max_size = 50M +; mail.add_x_header = Off + +; Other common parameters +; max_execution_time = 600 +; max_input_time = 300 +; memory_limit = 256M +; short_open_tag = On +cgi.fix_pathinfo = 0; diff --git a/conf/poller-cron b/conf/poller-cron index fbbbcdaa..03fbf99d 100644 --- a/conf/poller-cron +++ b/conf/poller-cron @@ -1,2 +1,2 @@ # Run poller periodically to update Hubzilla -*/10 * * * * cd YNH_WWW_PATH; /usr/bin/php include/poller.php +*/10 * * * * cd YNH_WWW_PATH; /usr/bin/php Zotlabs/Daemon/Master.php Cron diff --git a/conf/removepoller b/conf/removepoller deleted file mode 100644 index 219b2fc7..00000000 --- a/conf/removepoller +++ /dev/null @@ -1,2 +0,0 @@ -final_path=$1 -(crontab -l ; echo "*/10 * * * * cd $final_path; php include/poller.php") 2>&1 | grep -v "no crontab" | grep -v "include/poller.php" | sort | uniq | crontab - \ No newline at end of file diff --git a/manifest.json b/manifest.json index 966f1995..20a2261e 100644 --- a/manifest.json +++ b/manifest.json @@ -8,20 +8,20 @@ }, "url": "https://github.com/redmatrix/hubzilla", "license": "Free as-is", - "version": "3.2.1", + "version": "3.2.2", "maintainer": { "name": "Andrew Manning", "email": "andrew@reticu.li" }, - "multi_instance": false, "services": [ "nginx", "php5-fpm", "mysql" ], "requirements": { - "yunohost": ">= 2.4.0" + "yunohost": ">= 2.7.2" }, + "multi_instance": true, "arguments": { "install" : [ { @@ -39,16 +39,6 @@ "en": "Choose the Hubzilla administrator (must be an existing YunoHost user)", "fr": "Choisissez l'administrateur de Hubzilla (doit être un utilisateur YunoHost existant)" } - }, - { - "name": "upload", - "ask": { - "en": "Maximum upload size (MB)", - "fr": "Taille maximale des fichiers envoyés (MB)" - }, - "choices": ["64M", "128M", "256M", "512M", "1024M"], - "default": "256M", - "optional": false } ] } diff --git a/scripts/.fonctions b/scripts/.fonctions deleted file mode 100755 index 2eaaa56c..00000000 --- a/scripts/.fonctions +++ /dev/null @@ -1,227 +0,0 @@ -#!/bin/bash - -CHECK_VAR () { # Vérifie que la variable n'est pas vide. -# $1 = Variable à vérifier -# $2 = Texte à afficher en cas d'erreur - test -n "$1" || (echo "$2" >&2 && false) -} - -EXIT_PROPERLY () { # Provoque l'arrêt du script en cas d'erreur. Et nettoye les résidus. - exit_code=$? - if [ "$exit_code" -eq 0 ]; then - exit 0 # Quitte sans erreur si le script se termine correctement. - fi - trap '' EXIT - set +eu - echo -e "\e[91m \e[1m" # Shell in light red bold - echo -e "!!\n $app install's script has encountered an error. Installation was cancelled.\n!!" >&2 - - if type -t CLEAN_SETUP > /dev/null; then # Vérifie l'existance de la fonction avant de l'exécuter. - CLEAN_SETUP # Appel la fonction de nettoyage spécifique du script install. - fi - - # Compense le bug de ssowat qui ne supprime pas l'entrée de l'app en cas d'erreur d'installation. - sudo sed -i "\@\"$domain$path/\":@d" /etc/ssowat/conf.json - - ynh_die -} - -TRAP_ON () { # Activate signal capture - set -eu # Exit if a command fail, and if a variable is used unset. - trap EXIT_PROPERLY EXIT # Capturing exit signals on shell script -} - -# Ignore the yunohost-cli log to prevent errors with conditionals commands -# usage: NO_LOG COMMAND -# Simply duplicate the log, execute the yunohost command and replace the log without the result of this command -# It's a very badly hack... -# Petite copie perso à mon usage ;) -NO_LOG() { - ynh_cli_log=/var/log/yunohost/yunohost-cli.log - sudo cp -a ${ynh_cli_log} ${ynh_cli_log}-move - eval $@ - exit_code=$? - sudo mv ${ynh_cli_log}-move ${ynh_cli_log} - return $? -} - -CHECK_USER () { # Vérifie la validité de l'user admin -# $1 = Variable de l'user admin. - ynh_user_exists "$1" || (echo "Wrong admin" >&2 && false) -} - -CHECK_PATH () { # Vérifie la présence du / en début de path. Et son absence à la fin. - if [ "${path:0:1}" != "/" ]; then # Si le premier caractère n'est pas un / - path="/$path" # Ajoute un / en début de path - fi - if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # Si le dernier caractère est un / et que ce n'est pas le seul caractère. - path="${path:0:${#path}-1}" # Supprime le dernier caractère - fi -} - -CHECK_DOMAINPATH () { # Vérifie la disponibilité du path et du domaine. - sudo yunohost app checkurl $domain$path -a $app -} - -CHECK_FINALPATH () { # Vérifie que le dossier de destination n'est pas déjà utilisé. - final_path=/var/www/$app - if [ -e "$final_path" ] - then - echo "This path already contains a folder" >&2 - false - fi -} - -GENERATE_DB () { # Créer une base de données et un utilisateur dédié au nom de l'app. -# $1 = Nom de la base de donnée - db_user=$1 - db_user=${db_user//-/_} # mariadb ne supporte pas les - dans les noms de base de données. Ils sont donc remplacé par des _ - # Génère un mot de passe aléatoire. -# db_pwd=$(head -n20 /dev/urandom | tr -c -d 'A-Za-z0-9' | head -c20) - db_pwd=$(ynh_string_random) - CHECK_VAR "$db_pwd" "db_pwd empty" - # Utilise '$app' comme nom d'utilisateur et de base de donnée - # Initialise la base de donnée et stocke le mot de passe mysql. - ynh_mysql_create_db "$db_user" "$db_user" $db_pwd - ynh_app_setting_set $app mysqlpwd $db_pwd -} - -SETUP_SOURCE () { # Télécharge la source, décompresse et copie dans $final_path -# $1 = Nom de l'archive téléchargée. - wget -nv -i ../sources/source_url -O $1 - # Vérifie la somme de contrôle de la source téléchargée. - md5sum -c ../sources/source_md5 --status || (echo "Corrupt source" >&2 && false) - # Décompresse la source - if [ "$(echo ${1##*.})" == "gz" ]; then - tar -x -f $1 - elif [ "$(echo ${1##*.})" == "zip" ]; then - unzip -q $1 - else - false # Format d'archive non pris en charge. - fi - # Copie les fichiers sources - sudo cp -a $(cat ../sources/source_dir)/. "$final_path" - # Copie les fichiers additionnels ou modifiés. - if test -e "../sources/ajouts"; then - sudo cp -a ../sources/ajouts/. "$final_path" - fi -} - -ADD_SYS_USER () { # Créer un utilisateur système dédié à l'app - if ! ynh_system_user_exists "$app" # Test l'existence de l'utilisateur - then - sudo useradd -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin || (echo "Unable to create $app system account" >&2 && false) - fi -} - -POOL_FPM () { # Créer le fichier de configuration du pool php-fpm et le configure. - sed -i "s@__NAMETOCHANGE__@$app@g" ../conf/php-fpm.conf - sed -i "s@__FINALPATH__@$final_path@g" ../conf/php-fpm.conf - sed -i "s@__USER__@$app@g" ../conf/php-fpm.conf - finalphpconf=/etc/php5/fpm/pool.d/$app.conf - sudo cp ../conf/php-fpm.conf $finalphpconf - sudo chown root: $finalphpconf - finalphpini=/etc/php5/fpm/conf.d/20-$app.ini - sudo cp ../conf/php-fpm.ini $finalphpini - sudo chown root: $finalphpini - sudo service php5-fpm reload -} - -STORE_MD5_CONFIG () { # Enregistre la somme de contrôle du fichier de config -# $1 = Nom du fichier de conf pour le stockage dans settings.yml -# $2 = Nom complet et chemin du fichier de conf. - ynh_app_setting_set $app $1_file_md5 $(sudo md5sum "$2" | cut -d' ' -f1) -} - -CHECK_MD5_CONFIG () { # Créé un backup du fichier de config si il a été modifié. -# $1 = Nom du fichier de conf pour le stockage dans settings.yml -# $2 = Nom complet et chemin du fichier de conf. - if [ "$(ynh_app_setting_get $app $1_file_md5)" != $(sudo md5sum "$2" | cut -d' ' -f1) ]; then - sudo cp -a "$2" "$2.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')" # Si le fichier de config a été modifié, créer un backup. - fi -} - -FIND_PORT () { # Cherche un port libre. -# $1 = Numéro de port pour débuter la recherche. - port=$1 - while ! sudo yunohost app checkport $port ; do - port=$((port+1)) - done - CHECK_VAR "$port" "port empty" -} - - -### REMOVE SCRIPT - -REMOVE_NGINX_CONF () { # Suppression de la configuration nginx - if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config - echo "Delete nginx config" - sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf" -# sudo service nginx reload - fi -} - -REMOVE_FPM_CONF () { # Suppression de la configuration du pool php-fpm - if [ -e "/etc/php5/fpm/pool.d/$app.conf" ]; then # Delete fpm config - echo "Delete fpm config" - sudo rm "/etc/php5/fpm/pool.d/$app.conf" - fi - if [ -e "/etc/php5/fpm/conf.d/20-$app.ini" ]; then # Delete php config - echo "Delete php config" - sudo rm "/etc/php5/fpm/conf.d/20-$app.ini" - fi -# sudo service php5-fpm reload -} - -REMOVE_LOGROTATE_CONF () { # Suppression de la configuration de logrotate - if [ -e "/etc/logrotate.d/$app" ]; then - echo "Delete logrotate config" - sudo rm "/etc/logrotate.d/$app" - fi -} - -SECURE_REMOVE () { # Suppression de dossier avec vérification des variables - chaine="$1" # L'argument doit être donné entre quotes simple '', pour éviter d'interpréter les variables. - no_var=0 - while (echo "$chaine" | grep -q '\$') # Boucle tant qu'il y a des $ dans la chaine - do - no_var=1 - global_var=$(echo "$chaine" | cut -d '$' -f 2) # Isole la première variable trouvée. - only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)') # Isole complètement la variable en ajoutant le $ au début et en gardant uniquement le nom de la variable. Se débarrasse surtout du / et d'un éventuel chemin derrière. - real_var=$(eval "echo ${only_var}") # `eval "echo ${var}` permet d'interpréter une variable contenue dans une variable. - if test -z "$real_var" || [ "$real_var" = "/" ]; then - echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2 - return 1 - fi - chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@") # remplace la variable par sa valeur dans la chaine. - done - if [ "$no_var" -eq 1 ] - then - if [ -e "$chaine" ]; then - echo "Delete directory $chaine" - sudo rm -r "$chaine" - fi - return 0 - else - echo "No detected variable." >&2 - return 1 - fi -} - -REMOVE_BDD () { # Suppression de la base de donnée et de l'utilisateur associé. -# $1 = Nom de la base de donnée - # Utilise '$app' comme nom d'utilisateur et de base de donnée - db_user=$1 - if mysqlshow -u root -p$(sudo cat $MYSQL_ROOT_PWD_FILE) | grep -q "^| $db_user"; then - echo "Delete db" - ynh_mysql_drop_db $db_user - ynh_mysql_drop_user $db_user - fi -} - -REMOVE_SYS_USER () { # Supprime l'utilisateur système dédié à l'app - if ynh_system_user_exists "$app" # Test l'existence de l'utilisateur - then - sudo userdel $app - fi -} diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 00000000..24bd7bac --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# ============= FUTURE YUNOHOST HELPER ============= +# Delete a file checksum from the app settings +# +# $app should be defined when calling this helper +# +# usage: ynh_remove_file_checksum file +# | arg: file - The file for which the checksum will be deleted +ynh_delete_file_checksum () { + local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' + ynh_app_setting_delete $app $checksum_setting_name +} diff --git a/scripts/backup b/scripts/backup index 1965acd5..dff5be51 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,30 +1,71 @@ #!/bin/bash -# Source app helpers +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +if [ ! -e _common.sh ]; then + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + chmod a+rx _common.sh +fi +source _common.sh source /usr/share/yunohost/helpers -# Récupère les infos de l'application. +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get $app final_path) domain=$(ynh_app_setting_get $app domain) -db_user=$(ynh_app_setting_get $app db_user) +db_name=$(ynh_app_setting_get $app db_name) -# Backup sources & data -ynh_backup "$final_path" "sources" +#================================================= +# STANDARD BACKUP STEPS +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= -# Copy Nginx and YunoHost parameters to make the script "standalone" -ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "nginx.conf" +ynh_backup "$final_path" -ynh_backup "/etc/yunohost/apps/$app/" "yunohost" +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= -# Copy dedicated php-fpm process to backup folder -ynh_backup "/etc/php5/fpm/pool.d/$app.conf" "php-fpm.conf" +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" -# Backup db -root_pwd=$(sudo cat /etc/yunohost/mysql) -sudo mysqldump -u root -p$root_pwd --no-create-db $db_user --result-file="db.sql" -ynh_backup "db.sql" "backupdb.sql" +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= -# Backup cron job -ynh_backup "/etc/cron.d/$app" "cron.job" +ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini" + +#================================================= +# BACKUP THE MYSQL DATABASE +#================================================= + +ynh_mysql_dump_db "$db_name" > db.sql + +#================================================= +# BACKUP LOGROTATE +#================================================= + +ynh_backup "/etc/logrotate.d/$app" + +#================================================= +# BACKUP THE CRON FILE +#================================================= + +ynh_backup "/etc/cron.d/$app" diff --git a/scripts/install b/scripts/install index eea230b2..ac609ed0 100755 --- a/scripts/install +++ b/scripts/install @@ -1,76 +1,98 @@ #!/bin/bash -source .fonctions # Charge les fonctions génériques habituellement utilisées dans le script +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -TRAP_ON # Active trap pour arrêter le script si une erreur est détectée. - -# Retrieve arguments -app=$YNH_APP_INSTANCE_NAME - -domain=$YNH_APP_ARG_DOMAIN -path="/" -admin=$YNH_APP_ARG_ADMIN -email=$(sudo yunohost user info $admin | grep "mail:" | cut -d' ' -f2) -upload=$YNH_APP_ARG_UPLOAD - -# Source app helpers +source _common.sh source /usr/share/yunohost/helpers -# Vérifie que les variables ne sont pas vides. -CHECK_VAR "$app" "app name not set" +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= -CHECK_USER "$admin" # Vérifie la validité de l'user admin +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors -CHECK_PATH # Vérifie et corrige la syntaxe du path. -CHECK_DOMAINPATH # Vérifie la disponibilité du path et du domaine. +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= -# Créer le repertoire de destination et stocke son emplacement. -CHECK_FINALPATH # Vérifie que le dossier de destination n'est pas déjà utilisé. -sudo mkdir "$final_path" -ynh_app_setting_set $app final_path $final_path +domain=$YNH_APP_ARG_DOMAIN +path_url="/" +admin=$YNH_APP_ARG_ADMIN +email=$(sudo yunohost user info $admin | grep "mail:" | cut -d' ' -f2) +upload="256M" +database="1" + +# This is a multi-instance app, meaning it can be installed several times independently +# The id of the app as stated in the manifest is available as $YNH_APP_ID +# The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) +# The app instance name is available as $YNH_APP_INSTANCE_NAME +# - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample +# - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 +# - ynhexample__{N} for the subsequent installations, with N=3,4, ... +# The app instance name is probably what you are interested the most, since this is +# guaranteed to be unique. This is a good unique identifier to define installation path, +# db names, ... +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= + +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" + +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) + +# Check web path availability +ynh_webpath_available $domain $path_url +# Register (book) web path +ynh_webpath_register $app $domain $path_url # Enregistre les infos dans la config YunoHost ynh_app_setting_set $app domain $domain -ynh_app_setting_set $app path $path +ynh_app_setting_set $app path $path_url ynh_app_setting_set $app admin $admin ynh_app_setting_set $app email $email ynh_app_setting_set $app upload $upload +ynh_app_setting_set $app database $database -# Install dependencies -sudo apt-get update -sudo apt-get install -y -qq php5-cli php5-imagick php5-gd php5-mcrypt php-xml -# Create db -db_user=$app -db_user=${db_user//-/_} # mariadb ne supporte pas les - dans les noms de base de données. Ils sont donc remplacé par des _ -db_pwd=$(ynh_string_random) -CHECK_VAR "$db_pwd" "db_pwd empty" -ynh_mysql_create_db "$db_user" "$db_user" $db_pwd -ynh_app_setting_set $app db_pwd $db_pwd -ynh_app_setting_set $app db_user $db_user +#================================================= +# INSTALL DEPENDENCIES +#================================================= + +ynh_install_app_dependencies php5-cli php5-imagick php5-gd php5-mcrypt php-xml + +#================================================= +# CREATE A MYSQL DATABASE +#================================================= +# If your app uses a MySQL database, you can use these lines to bootstrap +# a database, an associated user and save the password in app settings + +db_name=$(ynh_sanitize_dbid $app) +ynh_app_setting_set $app db_name $db_name +ynh_mysql_setup_db $db_name $db_name # We download the sources and check the md5sum # 1 - hubzilla -hubzilla_file=`sudo cat ../sources/hubzilla/source_file`; -sudo wget -nv -i ../sources/hubzilla/source_url -O ${hubzilla_file}.zip -sudo md5sum -c ../sources/hubzilla/source_md5 --status || (echo "Corrupt source" >&2 && false) -sudo unzip -q ${hubzilla_file}.zip -d ../sources/hubzilla/ -sudo cp -r ../sources/hubzilla/${hubzilla_file}/. $final_path - -# 2 - Addons -addons_file=`sudo cat ../sources/hubzilla-addons/source_file`; -sudo wget -nv -i ../sources/hubzilla-addons/source_url -O ${addons_file}.zip -sudo md5sum -c ../sources/hubzilla-addons/source_md5 --status || (echo "Corrupt source" >&2 && false) -sudo unzip -q ${addons_file}.zip -d ../sources/hubzilla-addons/ +ynh_app_setting_set $app final_path $final_path +ynh_setup_source "$final_path" sudo mkdir $final_path/addon -sudo cp -r ../sources/hubzilla-addons/${addons_file}/. $final_path/addon +ynh_setup_source "$final_path/addon" "app_addons" + # 3 - some extra folders sudo mkdir -p "${final_path}/store/[data]/smarty3" sudo chmod -R 777 $final_path/store # Import database schema -sudo mysql -u$db_user -p$db_pwd $db_user < $final_path/install/schema_mysql.sql +ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < $final_path/install/schema_mysql.sql # Copy the template install/htconfig.sample.php to .htconfig.php sudo cp $final_path/install/htconfig.sample.php $final_path/.htconfig.php @@ -78,33 +100,44 @@ sudo cp $final_path/install/htconfig.sample.php $final_path/.htconfig.php # Use sed to add the database information to .htconfig.php sudo sed -i "s/your.mysqlhost.com/localhost/g" $final_path/.htconfig.php sudo sed -i "s/mysqlpassword/$db_pwd/g" $final_path/.htconfig.php -sudo sed -i "s/mysqlusername/$db_user/g" $final_path/.htconfig.php -sudo sed -i "s/mysqldatabasename/$db_user/g" $final_path/.htconfig.php +sudo sed -i "s/mysqlusername/$db_name/g" $final_path/.htconfig.php +sudo sed -i "s/mysqldatabasename/$db_name/g" $final_path/.htconfig.php sudo sed -i "s/mysite.example/$domain/g" $final_path/.htconfig.php sudo sed -i "s/if the auto install failed, put a unique random string here/$(ynh_string_random)$(ynh_string_random)$(ynh_string_random)/g" $final_path/.htconfig.php sudo sed -i "s/\['admin_email'\] = '';/\['admin_email'\] = '$email';/g" $final_path/.htconfig.php +sudo sed -i "s@//error_reporting(E_ERROR | E_WARNING | E_PARSE );@error_reporting(E_ERROR | E_WARNING | E_PARSE );@g" $final_path/.htconfig.php +sudo sed -i "s@//ini_set('error_log','php.out');@ini_set('error_log','php.log');@g" $final_path/.htconfig.php +sudo sed -i "s@//ini_set('log_errors','1');@ini_set('log_errors','1');@g" $final_path/.htconfig.php +sudo sed -i "s@//ini_set('display_errors', '0');@ini_set('display_errors', '0');@g" $final_path/.htconfig.php + # addon ldap config sudo su -c "cat ../conf/ldap_conf.php >> $final_path/.htconfig.php" -# Set www-data to owner -sudo chown -R www-data:www-data $final_path -# Modify Nginx configuration file and copy it to Nginx conf directory -sed -i "s@YNH_WWW_PATH@$path@g" ../conf/nginx.conf -sed -i "s@YNH_WWW_ALIAS@$final_path@g" ../conf/nginx.conf -sed -i "s@UPLOADTOCHANGE@$upload@g" ../conf/nginx.conf -nginxconf=/etc/nginx/conf.d/$domain.d/$app.conf -sudo cp ../conf/nginx.conf $nginxconf -sudo chown root: $nginxconf -sudo chmod 600 $nginxconf +#================================================= +# NGINX CONFIGURATION +#================================================= -# Dedicated php-fpm -sed -i "s@UPLOADTOCHANGE@$upload@g" ../conf/php-fpm.conf -sed -i "s@NAMETOCHANGE@$app@g" ../conf/php-fpm.conf -phpfpmconf=/etc/php5/fpm/pool.d/$app.conf -sudo cp ../conf/php-fpm.conf $phpfpmconf -sudo chown root: $phpfpmconf -sudo chmod 644 $phpfpmconf +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create a system user +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +# Set right permissions for curl install +chown -R $app: $final_path # Set up poller sed -i "s@YNH_WWW_PATH@$final_path@g" ../conf/poller-cron @@ -113,10 +146,20 @@ sudo cp ../conf/poller-cron /etc/cron.d/$app # Make app public ynh_app_setting_set $app skipped_uris "/" +#================================================= +# STORE THE CHECKSUM OF THE CONFIG FILE +#================================================= +# Calculate and store the config file checksum into the app settings +ynh_store_file_checksum "$final_path/.htconfig.php" + +#================================================= +# SETUP LOGROTATE +#================================================= + +# Use logrotate to manage application logfile(s) +ynh_use_logrotate "$final_path/php.log" # Reload services -sudo service php5-fpm reload || true -sudo service nginx reload || true - +systemctl reload nginx sudo yunohost app ssowatconf diff --git a/scripts/remove b/scripts/remove index 2a367e53..a886b314 100755 --- a/scripts/remove +++ b/scripts/remove @@ -1,33 +1,74 @@ #!/bin/bash -source .fonctions # Charge les fonctions génériques habituellement utilisées dans le script +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Récupère les infos de l'application. -app=$YNH_APP_INSTANCE_NAME - -# Source app helpers +source _common.sh source /usr/share/yunohost/helpers +#================================================= +# LOAD SETTINGS +#================================================= +app=$YNH_APP_INSTANCE_NAME + domain=$(ynh_app_setting_get $app domain) -db_user=$(ynh_app_setting_get $app db_user) +db_name=$(ynh_app_setting_get $app db_name) +db_user="$db_name" +final_path=$(ynh_app_setting_get $app final_path) -REMOVE_BDD $db_user # Suppression de la base de donnée et de l'utilisateur associé. +#================================================= +# STANDARD REMOVE +#================================================= -SECURE_REMOVE '/var/www/$app' # Suppression du dossier de l'application +#================================================= +# REMOVE DEPENDENCIES +#================================================= -REMOVE_NGINX_CONF # Suppression de la configuration nginx +# Remove metapackage and its dependencies +ynh_remove_app_dependencies -REMOVE_FPM_CONF # Suppression de la configuration du pool php-fpm +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= -# Remove poller cron job -sudo rm -f /etc/cron.d/$app +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db $db_user $db_name +#================================================= +# REMOVE APP MAIN DIR +#================================================= -# Reload services after cleaning -sudo service php5-fpm reload -sudo service nginx reload +# Remove the app directory securely +ynh_secure_remove "$final_path" -# Régénère la configuration de SSOwat -sudo yunohost app ssowatconf +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= -echo -e "\e[0m" # Restore normal color +# Remove the dedicated nginx config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +# Remove the app-specific logrotate config +ynh_remove_logrotate "$final_path/php.log" + +# Remove a cron file +ynh_secure_remove "/etc/cron.d/$app" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= + +# Delete a system user +ynh_system_user_delete $app diff --git a/scripts/restore b/scripts/restore index c381b7b5..d711d8eb 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,54 +1,112 @@ #!/bin/bash -# Source app helpers +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +if [ ! -e _common.sh ]; then + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + chmod a+rx _common.sh +fi +source _common.sh source /usr/share/yunohost/helpers -# Récupère les infos de l'application. +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain) -path=$(ynh_app_setting_get $app path) +path_url=$(ynh_app_setting_get $app path) admin=$(ynh_app_setting_get $app admin) final_path=$(ynh_app_setting_get $app final_path) -db_user=$(ynh_app_setting_get $app db_user) -db_pwd=$(ynh_app_setting_get $app db_pwd) +db_name=$(ynh_app_setting_get $app db_name) -if [ -d $final_path ]; then - echo "There is already a directory: $final_path " >&2 - exit 1 -fi +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= -# Restore Nginx -conf=/etc/nginx/conf.d/$domain.d/$app.conf -if [ -f $conf ]; then - echo "There is already a nginx conf file at this path: $conf " >&2 - exit 1 -fi -sudo cp -a ./nginx.conf $conf +ynh_webpath_available $domain $path_url \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die "There is already a directory: $final_path " -# Restore YunoHost parameters -sudo cp -a ./yunohost/. /etc/yunohost/apps/$app/ +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= -# Restore sources & data -sudo mkdir -p $final_path -sudo cp -a ./sources/. $final_path/ +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" -ynh_mysql_create_db $db_user $db_user $db_pwd -mysql --debug-check -u $db_user -p$db_pwd $db_user < ./backupdb.sql +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_restore_file "$final_path" -# Copy dedicated php-fpm process from backup folder to the right location -sudo cp -a ./php-fpm.conf /etc/php5/fpm/pool.d/$app.conf +#================================================= +# RESTORE THE MYSQL DATABASE +#================================================= -# Restore cron job -sudo cp -a ./cron.job /etc/cron.d/$app +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +ynh_mysql_setup_db $db_name $db_name $db_pwd +ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql + +#================================================= +# RECREATE THE DEDICATED USER +#================================================= + +# Create the dedicated user (if not existing) +ynh_system_user_create $app + +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= + +ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" +ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini" + +#================================================= +# SPECIFIC RESTORATION +#================================================= +# REINSTALL DEPENDENCIES +#================================================= + +# Define and install dependencies +ynh_install_app_dependencies php5-cli php5-imagick php5-gd php5-mcrypt php-xml + +#================================================= +# RESTORE THE CRON FILE +#================================================= + +ynh_restore_file "/etc/cron.d/$app" + +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= + +ynh_restore_file "/etc/logrotate.d/$app" # Make app public ynh_app_setting_set $app skipped_uris "/" +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= -# And Reload services -sudo service php5-fpm reload -sudo service nginx reload - -sudo yunohost app ssowatconf +systemctl reload php5-fpm +systemctl reload nginx diff --git a/scripts/upgrade b/scripts/upgrade index 1b8bf77e..8e74a877 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,67 +1,125 @@ #!/bin/bash -source .fonctions # Charge les fonctions génériques habituellement utilisées dans le script +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Récupère les infos de l'application. -app=$YNH_APP_INSTANCE_NAME - -# Source app helpers +source _common.sh source /usr/share/yunohost/helpers +#================================================= +# LOAD SETTINGS +#================================================= + +app=$YNH_APP_INSTANCE_NAME + domain=$(ynh_app_setting_get $app domain) -path=$(ynh_app_setting_get $app path) +path_url=$(ynh_app_setting_get $app path) final_path=$(ynh_app_setting_get $app final_path) upload=$(ynh_app_setting_get $app upload) +db_name=$(ynh_app_setting_get $app db_name) -CHECK_PATH # Vérifie et corrige la syntaxe du path. +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= -# Make backup of old app folder and create again the app folder -sudo mv ${final_path} ${final_path}.old -sudo mkdir -p $final_path +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# REMOVE APP MAIN DIR +#================================================= + +# Create a temporary directory +tmpdir="$(mktemp -d)" +# Backup the config file in the temp dir +cp -a "$final_path/.htconfig.php" "$tmpdir/.htconfig.php" +cp -a "$final_path/store" "$tmpdir/store" +cp -a "$final_path/php.log" "$tmpdir/php.log" -# We download the sources and check the md5sum -# 1 - hubzilla -hubzilla_file=`sudo cat ../sources/hubzilla/source_file`; -sudo wget -nv -i ../sources/hubzilla/source_url -O ${hubzilla_file}.zip -sudo md5sum -c ../sources/hubzilla/source_md5 --status || (echo "Corrupt source" >&2 && false) -sudo unzip -q ${hubzilla_file}.zip -d ../sources/hubzilla/ -sudo cp -r ../sources/hubzilla/${hubzilla_file}/. $final_path -sudo cp -a ${final_path}.old/store ${final_path} -sudo cp -a ${final_path}.old/.htconfig.php ${final_path} -sudo rm -Rf ${final_path}.old +# Remove the app directory securely +ynh_secure_remove "$final_path" -# 2 - Addons -addons_file=`sudo cat ../sources/hubzilla-addons/source_file`; -sudo wget -nv -i ../sources/hubzilla-addons/source_url -O ${addons_file}.zip -sudo md5sum -c ../sources/hubzilla-addons/source_md5 --status || (echo "Corrupt source" >&2 && false) -sudo unzip -q ${addons_file}.zip -d ../sources/hubzilla-addons/ -sudo mkdir $final_path/addon -sudo cp -r ../sources/hubzilla-addons/${addons_file}/. $final_path/addon +# If db_name doesn't exist, create it +if [ -z $db_name ]; then + db_name=$(ynh_sanitize_dbid $app) + ynh_app_setting_set $app db_name $db_name +fi -# 3 - some extra folders +# If final_path doesn't exist, create it +if [ -z $final_path ]; then + final_path=/var/www/$app + ynh_app_setting_set $app final_path $final_path +fi + +#================================================= +# CHECK THE PATH +#================================================= + +# Normalize the URL path syntax +path_url=$(ynh_normalize_url_path $path_url) + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" +sudo cp -a "$tmpdir/store" "${final_path}" +sudo cp -a "$tmpdir/.htconfig.php" "${final_path}" +sudo cp -a "$tmpdir/php.log" "${final_path}" +sudo rm -Rf "$tmpdir" sudo chmod -R 777 $final_path/store +sudo mkdir $final_path/addon +ynh_setup_source "$final_path/addon" "app_addons" +#================================================= +# NGINX CONFIGURATION +#================================================= -# Set www-data to owner -sudo chown -R www-data:www-data $final_path +# Create a dedicated nginx config +ynh_add_nginx_config -# Modify Nginx configuration file and copy it to Nginx conf directory -sed -i "s@YNH_WWW_PATH@$path@g" ../conf/nginx.conf -sed -i "s@YNH_WWW_ALIAS@$final_path@g" ../conf/nginx.conf -sed -i "s@UPLOADTOCHANGE@$upload@g" ../conf/nginx.conf -nginxconf=/etc/nginx/conf.d/$domain.d/$app.conf -sudo cp ../conf/nginx.conf $nginxconf -sudo chown root: $nginxconf -sudo chmod 600 $nginxconf +#================================================= +# CREATE DEDICATED USER +#================================================= -# Dedicated php-fpm -sed -i "s@UPLOADTOCHANGE@$upload@g" ../conf/php-fpm.conf -sed -i "s@NAMETOCHANGE@$app@g" ../conf/php-fpm.conf -phpfpmconf=/etc/php5/fpm/pool.d/$app.conf -sudo cp ../conf/php-fpm.conf $phpfpmconf -sudo chown root: $phpfpmconf +# Create a system user +ynh_system_user_create $app + +# Set right permissions for curl install +chown -R $app: $final_path + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +# Verify the checksum and backup the file if it's different +ynh_backup_if_checksum_is_different "$final_path/.htconfig.php" +# Recalculate and store the config file checksum into the app settings +ynh_store_file_checksum "$final_path/.htconfig.php" + +#================================================= +# SETUP LOGROTATE +#================================================= + +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate "$final_path/php.log" --non-append # Set up poller sed -i "s@YNH_WWW_PATH@$final_path@g" ../conf/poller-cron @@ -70,7 +128,8 @@ sudo cp ../conf/poller-cron /etc/cron.d/$app # Make app public ynh_app_setting_set $app skipped_uris "/" -# Reload services -sudo service php5-fpm reload || true -sudo service nginx reload || true -sudo yunohost app ssowatconf +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx