General improvements to various scripts (#4)

* add check_process file * change nginx conf to allow install in root-path and subdomain * remove public-option * use php version variable * remove useless tasks in various install scripts * remove service removal step * run upgrade steps with sudo * fix upgrading * fix dbpwd variable and restore script * seed db on first install * use correct upgrade procedure
2024-09-03 19:26:22 +02:00 · 2020-06-07 15:31:15 +02:00 · 2020-06-07 15:31:15 +02:00 · b151356e80
commit b151356e80
parent a9aaac8c34
9 changed files with 109 additions and 233 deletions
--- a/check_process.default
+++ b/check_process.default
@ -9,22 +9,17 @@
 		path="/path"	(PATH)
 		admin="john"	(USER)
 		language="fr"
 		is_public=1	(PUBLIC|public=1|private=0)
 		password="pass"
 		port="666"	(PORT)
 	; Checks
 		pkg_linter=1
 		setup_sub_dir=1
 		setup_root=1
 		setup_nourl=0
-		setup_private=1
+		setup_private=0
-		setup_public=1
+		setup_public=0
 		upgrade=1
-		upgrade=1	from_commit=CommitHash
+		#upgrade=1	from_commit=CommitHash
 		backup_restore=1
 		multi_instance=1
 		# This test is no longer necessary since the version 2.7 (PR: https://github.com/YunoHost/yunohost/pull/304), you can still do it if your app could be installed with this version.
 		# incorrect_path=1
 		port_already_use=0
 		change_url=1
 ;;; Levels
@ -37,4 +32,3 @@ Notification=none
 	; commit=CommitHash
 		name=Name and date of the commit.
 		manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -1,19 +1,33 @@
-location __PATH__/ {
+#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
 location ^~ __PATH__/ {
  # Path to source
  alias __FINALPATH__/public/ ;
  try_files $uri $uri/ @__NAME__;
  location __PATH__/ {
    rewrite ^ __PATH__/index.php;
  }
  # Force usage of https
  if ($scheme = http) {
    rewrite ^ https://$server_name$request_uri? permanent;
  }
-  index index.php;
+  # Add headers to serve security related headers
  more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
  more_set_headers "X-Content-Type-Options: nosniff";
  more_set_headers "X-XSS-Protection: 1; mode=block";
  more_set_headers "X-Robots-Tag: none";
  more_set_headers "X-Download-Options: noopen";
  more_set_headers "X-Permitted-Cross-Domain-Policies: none";
  more_set_headers "Referrer-Policy: no-referrer";
-  location ~ [^/]\.php(/|$) {
+  #index index.php;
-    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+
  location ~ ^__PATH__/index\.php(/.*|)$ {
    fastcgi_split_path_info ^(.+?\.php)(/.*|)$;
    set $path_info $fastcgi_path_info;
    fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock;
    fastcgi_index index.php;
@ -23,10 +37,29 @@ location __PATH__/ {
    fastcgi_param SCRIPT_FILENAME $request_filename;
  }
  # Adding the cache control header for js and css files
  location ~ \.(?:css|js|woff2?|svg|gif)$ {
    try_files $uri __PATH__/index.php$request_uri;
    more_set_headers "Cache-Control: public, max-age=15778463";
    # Add headers to serve security related headers
    more_set_headers "Strict-Transport-Security: max-age=15768000";
    more_set_headers "X-Content-Type-Options: nosniff";
    more_set_headers "X-XSS-Protection: 1; mode=block";
    more_set_headers "X-Robots-Tag: none";
    more_set_headers "X-Download-Options: noopen";
    more_set_headers "X-Permitted-Cross-Domain-Policies: none";
    more_set_headers "Referrer-Policy: no-referrer";
    # Optional: Don't log access to assets
    access_log off;
  }
  location ~* \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
    try_files $uri __FINALPATH__/index.php$request_uri;
    # Optional: Don't log access to other assets
    access_log off;
  }
    # Include SSOWAT user panel.
    include conf.d/yunohost_panel.conf.inc;
 }
 location @__PATH__ {
    rewrite ^(.+)$ /index.php?/$1 last;
 }
--- a/manifest.json
+++ b/manifest.json
@ -52,15 +52,6 @@
                },
                "example": "johndoe"
            },
            {
                "name": "is_public",
                "type": "boolean",
                "ask": {
                    "en": "Is it a public application?",
                    "fr": "Est-ce une application publique?"
                },
                "default": true
            },
            {
                "name": "language",
                "type": "string",
--- a/scripts/backup
+++ b/scripts/backup
@ -26,6 +26,8 @@ ynh_abort_if_errors
 #=================================================
 ynh_script_progression --message="Loading installation settings..."
 YNH_PHP_VERSION="7.0"
 app=$YNH_APP_INSTANCE_NAME
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
@ -54,7 +56,7 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 #=================================================
 ynh_script_progression --message="Backing up php-fpm configuration..."
-ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf"
+ynh_backup --src_path="/etc/php/$YNH_PHP_VERSION/fpm/pool.d/$app.conf"
 #=================================================
 # BACKUP THE MYSQL DATABASE
@ -63,23 +65,6 @@ ynh_script_progression --message="Backing up the MySQL database..."
 ynh_mysql_dump_db --database="$db_name" > db.sql
 #=================================================
 # BACKUP FAIL2BAN CONFIGURATION
 #=================================================
 ynh_script_progression --message="Backing up fail2ban configuration..."
 ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
 ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
 #=================================================
 # SPECIFIC BACKUP
 #=================================================
 # BACKUP LOGROTATE
 #=================================================
 ynh_script_progression --message="Backing up logrotate configuration..."
 ynh_backup --src_path="/etc/logrotate.d/$app"
 #=================================================
 # BACKUP A CRON FILE
 #=================================================
--- a/scripts/change_url
+++ b/scripts/change_url
@ -32,7 +32,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 # Add settings here as needed by your application
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
-db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
+db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
--- a/scripts/install
+++ b/scripts/install
@ -29,7 +29,6 @@ YNH_PHP_VERSION="7.0"
 domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH
 admin=$YNH_APP_ARG_ADMIN
 is_public=$YNH_APP_ARG_IS_PUBLIC
 language=$YNH_APP_ARG_LANGUAGE
 ### If it's a multi-instance app, meaning it can be installed several times independently
@ -73,9 +72,15 @@ ynh_script_progression --message="Storing installation settings..."
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=admin --value=$admin
 ynh_app_setting_set --app=$app --key=is_public --value=$is_public
 ynh_app_setting_set --app=$app --key=language --value=$language
 ynh_app_setting_set --app=$app --key=api_secret --value="$(ynh_string_random --length=32)"
 ynh_app_setting_set --app=$app --key=app_key --value="$(ynh_string_random --length=32)"
 ynh_app_setting_set --app=$app --key=phantomjs_key --value="$(ynh_string_random --length=32)"
 ynh_app_setting_set --app=$app --key=mail_from_address --value="$(ynh_user_get_info $admin mail)"
 ynh_app_setting_set --app=$app --key=mail_from_name --value="$(ynh_user_get_info $admin firstname) $(ynh_user_get_info $admin lastname)"
 #=================================================
 # STANDARD MODIFICATIONS
 #=================================================
@ -149,43 +154,6 @@ ynh_script_progression --message="Configuring php-fpm..."
 # Create a dedicated php-fpm config
 ynh_add_fpm_config
 #=================================================
 # SPECIFIC SETUP
 #=================================================
 # ...
 #=================================================
 #=================================================
 # SETUP APPLICATION WITH CURL
 #=================================================
 ### Use these lines only if the app installation needs to be finalized through
 ### web forms. We generally don't want to ask the final user,
 ### so we're going to use curl to automatically fill the fields and submit the
 ### forms.
 # Set right permissions for curl install
 chown -R $app: $final_path
 # Set the app as temporarily public for curl call
 ynh_script_progression --message="Configuring SSOwat..."
 ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
 # Reload SSOwat config
 yunohost app ssowatconf
 # Reload Nginx
 ynh_systemd_action --service_name=nginx --action=reload
 # Installation with curl
 ynh_script_progression --message="Finalizing installation..."
 ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
 # Remove the public access
 if [ $is_public -eq 0 ]
 then
 	ynh_app_setting_delete --app=$app --key=skipped_uris
 fi
 #=================================================
 # MODIFY A CONFIG FILE
 #=================================================
@ -201,15 +169,21 @@ ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --ta
 ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$final_path/.env"
 ynh_replace_string --match_string="__DB_PASS__" --replace_string="$db_pwd" --target_file="$final_path/.env"
-ynh_replace_string --match_string="__API_SECRET__" --replace_string="$(ynh_string_random --length=32)" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__API_SECRET__" --replace_string="$(ynh_app_setting_get --app=$app --key=api_secret)" --target_file="$final_path/.env"
-ynh_replace_string --match_string="__APP_KEY__" --replace_string="$(ynh_string_random --length=32)" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__APP_KEY__" --replace_string="$(ynh_app_setting_get --app=$app --key=app_key)" --target_file="$final_path/.env"
-ynh_replace_string --match_string="__PHANTOMJS_KEY__" --replace_string="$(ynh_string_random --length=32)" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__PHANTOMJS_KEY__" --replace_string="$(ynh_app_setting_get --app=$app --key=phantomjs_jey)" --target_file="$final_path/.env"
-ynh_replace_string --match_string="__MAIL_FROM_ADDRESS__" --replace_string="$(ynh_user_get_info $admin mail)" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__MAIL_FROM_ADDRESS__" --replace_string="$(ynh_app_setting_get --app=$app --key=mail_from_address)" --target_file="$final_path/.env"
-ynh_replace_string --match_string="__MAIL_FROM_NAME__" --replace_string="$(ynh_user_get_info $admin firstname) $(ynh_user_get_info $admin lastname)" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__MAIL_FROM_NAME__" --replace_string="$(ynh_app_setting_get --app=$app --key=mail_from_name)" --target_file="$final_path/.env"
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # Run the database migrations and initially fill the db
 sudo $final_path/artisan migrate --no-interaction --verbose --force
 sudo $final_path/artisan db:seed --force --no-interaction --verbose
 #=================================================
 # SECURE FILES AND DIRECTORIES
 #=================================================
@ -224,23 +198,6 @@ chown -R root: $final_path
 chmod -R 755 $final_path/storage
 chown -R $app: $final_path/storage $final_path/bootstrap $final_path/public/logo $final_path/.env
 #=================================================
 # SETUP LOGROTATE
 #=================================================
 ynh_script_progression --message="Configuring log rotation..."
 ### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
 ### Use this helper only if there is effectively a log file for this app.
 ### If you're not using this helper:
 ###		- Remove the section "BACKUP LOGROTATE" in the backup script
 ###		- Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
 ###		- As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
 ###		- And the section "SETUP LOGROTATE" in the upgrade script
 # Use logrotate to manage application logfile(s)
 ynh_use_logrotate
 #=================================================
 # ADD A CRON JOB
 #=================================================
@ -254,26 +211,6 @@ ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_fi
 ynh_replace_string --match_string="__DESTDIR__" --replace_string="$final_path" --target_file="$cron_path"
 ynh_replace_string --match_string="__YNH_PHP_VERSION__" --replace_string="$YNH_PHP_VERSION" --target_file="$cron_path"
 #=================================================
 # SETUP FAIL2BAN
 #=================================================
 ynh_script_progression --message="Configuring fail2ban..."
 # Create a dedicated fail2ban config
 ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
 #=================================================
 # SETUP SSOWAT
 #=================================================
 ynh_script_progression --message="Configuring SSOwat..."
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
 	# unprotected_uris allows SSO credentials to be passed anyway.
 	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
 fi
 #=================================================
 # RELOAD NGINX
 #=================================================
--- a/scripts/remove
+++ b/scripts/remove
@ -24,17 +24,6 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 #=================================================
 # STANDARD REMOVE
 #=================================================
 # REMOVE SERVICE INTEGRATION IN YUNOHOST
 #=================================================
 # Remove the service from the list of services known by Yunohost (added from `yunohost service add`)
 if ynh_exec_warn_less yunohost service status $app >/dev/null
 then
 	ynh_script_progression --message="Removing $app service..."
 	yunohost service remove $app
 fi
 #=================================================
 # REMOVE THE MYSQL DATABASE
 #=================================================
@ -67,22 +56,6 @@ ynh_script_progression --message="Removing php-fpm configuration..."
 # Remove the dedicated php-fpm config
 ynh_remove_fpm_config
 #=================================================
 # REMOVE LOGROTATE CONFIGURATION
 #=================================================
 ynh_script_progression --message="Removing logrotate configuration..."
 # Remove the app-specific logrotate config
 ynh_remove_logrotate
 #=================================================
 # REMOVE FAIL2BAN CONFIGURATION
 #=================================================
 ynh_script_progression --message="Removing fail2ban configuration..."
 # Remove the dedicated fail2ban config
 ynh_remove_fail2ban_config
 #=================================================
 # SPECIFIC REMOVE
 #=================================================
@ -92,10 +65,6 @@ ynh_remove_fail2ban_config
 # Remove a cron file
 ynh_secure_remove --file="/etc/cron.d/$app"
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 #=================================================
 # END OF SCRIPT
 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -22,12 +22,17 @@ ynh_abort_if_errors
 #=================================================
 ynh_script_progression --message="Loading settings..."
 YNH_PHP_VERSION="7.0"
 app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 language=$(ynh_app_setting_get --app=$app --key=language)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
 db_user=$db_name
 #=================================================
@ -70,52 +75,29 @@ ynh_system_user_create --username=$app
 # Restore permissions on app files
 chown -R root: $final_path
 chmod -R 755 $final_path/storage
 chown -R $app: $final_path/storage $final_path/bootstrap $final_path/public/logo $final_path/.env
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
 #=================================================
-ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf"
+ynh_restore_file --origin_path="/etc/php/$YNH_PHP_VERSION/fpm/pool.d/$app.conf"
 #=================================================
 # RESTORE FAIL2BAN CONFIGURATION
 #=================================================
 ynh_script_progression --message="Restoring the fail2ban configuration..."
 ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
 ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
 ynh_systemd_action --action=restart --service_name=fail2ban
 #=================================================
 # SPECIFIC RESTORATION
 #=================================================
 #=================================================
 # RESTORE THE MYSQL DATABASE
 #=================================================
 ynh_script_progression --message="Restoring the MySQL database..."
 db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
 ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
 ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 yunohost service add $app --description "A short description of the app" --log "/var/log/$app/$app.log"
 #=================================================
 # RESTORE THE CRON FILE
 #=================================================
 ynh_restore_file --origin_path="/etc/cron.d/$app"
 #=================================================
 # RESTORE THE LOGROTATE CONFIGURATION
 #=================================================
 ynh_restore_file --origin_path="/etc/logrotate.d/$app"
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@ -123,7 +105,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
 #=================================================
 ynh_script_progression --message="Reloading nginx web server and php-fpm..."
-ynh_systemd_action --service_name=php7.0-fpm --action=reload
+ynh_systemd_action --service_name=php$YNH_PHP_VERSION-fpm --action=reload
 ynh_systemd_action --service_name=nginx --action=reload
 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -19,10 +19,11 @@ app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
 is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 language=$(ynh_app_setting_get --app=$app --key=language)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
 db_user=$db_name
 #=================================================
 # CHECK VERSION
@ -41,15 +42,6 @@ upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..."
 # Fix is_public as a boolean value
 if [ "$is_public" = "Yes" ]; then
 	ynh_app_setting_set --app=$app --key=is_public --value=1
 	is_public=1
 elif [ "$is_public" = "No" ]; then
 	ynh_app_setting_set --app=$app --key=is_public --value=0
 	is_public=0
 fi
 # If db_name doesn't exist, create it
 if [ -z "$db_name" ]; then
 	db_name=$(ynh_sanitize_dbid --db_name=$app)
@ -124,6 +116,28 @@ ynh_script_progression --message="Upgrading php-fpm configuration..."
 # Create a dedicated php-fpm config
 ynh_add_fpm_config
 #=================================================
 # MODIFY A CONFIG FILE
 #=================================================
 ### `ynh_replace_string` is used to replace a string in a file.
 ### (It's compatible with sed regular expressions syntax)
 ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$final_path/.env"
 ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/.env"
 ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$final_path/.env"
 ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$final_path/.env"
 ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$final_path/.env"
 ynh_replace_string --match_string="__DB_PASS__" --replace_string="$db_pwd" --target_file="$final_path/.env"
 ynh_replace_string --match_string="__API_SECRET__" --replace_string="$(ynh_app_setting_get --app=$app --key=api_secret)" --target_file="$final_path/.env"
 ynh_replace_string --match_string="__APP_KEY__" --replace_string="$(ynh_app_setting_get --app=$app --key=app_key)" --target_file="$final_path/.env"
 ynh_replace_string --match_string="__PHANTOMJS_KEY__" --replace_string="$(ynh_app_setting_get --app=$app --key=phantomjs_jey)" --target_file="$final_path/.env"
 ynh_replace_string --match_string="__MAIL_FROM_ADDRESS__" --replace_string="$(ynh_app_setting_get --app=$app --key=mail_from_address)" --target_file="$final_path/.env"
 ynh_replace_string --match_string="__MAIL_FROM_NAME__" --replace_string="$(ynh_app_setting_get --app=$app --key=mail_from_name)" --target_file="$final_path/.env"
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
@ -132,35 +146,18 @@ ynh_add_fpm_config
 ynh_script_progression --message="Upgrading the database..."
 # Put the application into maintenance mode
 $final_path/artisan down --no-interaction --verbose
-# Run the database migrations
+sudo $final_path/artisan down --no-interaction --verbose
 $final_path/artisan migrate --force --no-interaction --verbose
 # Optimize the framework for better performance
-$final_path/artisan optimize --force --no-interaction --verbose
+sudo $final_path/artisan optimize --force --no-interaction --verbose
 # Run the database migrations
 sudo $final_path/artisan migrate --no-interaction --verbose
 sudo $final_path/artisan db:seed --class=UpdateSeeder --force --no-interaction --verbose
 # Bring the application out of maintenance mode
-$final_path/artisan up --no-interaction --verbose
+sudo $final_path/artisan up --no-interaction --verbose
 #=================================================
 # SETUP LOGROTATE
 #=================================================
 ynh_script_progression --message="Upgrading logrotate configuration..."
 # Use logrotate to manage app-specific logfile(s)
 ynh_use_logrotate --non-append
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # UPGRADE FAIL2BAN
 #=================================================
 ynh_script_progression --message="Reconfiguring fail2ban..."
 # Create a dedicated fail2ban config
 ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
 #=================================================
 # SECURE FILES AND DIRECTORIES
@ -170,19 +167,7 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg
 chown -R root: $final_path
 chmod -R 755 $final_path/storage
-chown -R $app $final_path/storage $final_path/bootstrap $final_path/public/logo
+chown -R $app: $final_path/storage $final_path/bootstrap $final_path/public/logo $final_path/.env
 #=================================================
 # SETUP SSOWAT
 #=================================================
 ynh_script_progression --message="Upgrading SSOwat configuration..."
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
 	# unprotected_uris allows SSO credentials to be passed anyway
 	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
 fi
 #=================================================
 # RELOAD NGINX