General improvements to various scripts (#4)

* add check_process file * change nginx conf to allow install in root-path and subdomain * remove public-option * use php version variable * remove useless tasks in various install scripts * remove service removal step * run upgrade steps with sudo * fix upgrading * fix dbpwd variable and restore script * seed db on first install * use correct upgrade procedure
2024-09-03 19:26:22 +02:00 · 2020-06-07 15:31:15 +02:00 · 2020-06-07 15:31:15 +02:00 · b151356e80
commit b151356e80
parent a9aaac8c34
9 changed files with 109 additions and 233 deletions
--- a/check_process.default
+++ b/check_process.default
@ -9,22 +9,17 @@
 		path="/path"	(PATH)
 		admin="john"	(USER)
 		language="fr"
-		is_public=1	(PUBLIC|public=1|private=0)
-		password="pass"
-		port="666"	(PORT)
 	; Checks
 		pkg_linter=1
 		setup_sub_dir=1
 		setup_root=1
 		setup_nourl=0
-		setup_private=1
-		setup_public=1
+		setup_private=0
+		setup_public=0
 		upgrade=1
-		upgrade=1	from_commit=CommitHash
+		#upgrade=1	from_commit=CommitHash
 		backup_restore=1
 		multi_instance=1
-		# This test is no longer necessary since the version 2.7 (PR: https://github.com/YunoHost/yunohost/pull/304), you can still do it if your app could be installed with this version.
-		# incorrect_path=1
 		port_already_use=0
 		change_url=1
 ;;; Levels
@ -37,4 +32,3 @@ Notification=none
 	; commit=CommitHash
 		name=Name and date of the commit.
 		manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&
-
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -1,19 +1,33 @@
-location __PATH__/ {
+#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
+
+location ^~ __PATH__/ {

  # Path to source
  alias __FINALPATH__/public/ ;
-  try_files $uri $uri/ @__NAME__;

+  location __PATH__/ {
+    rewrite ^ __PATH__/index.php;
+  }

  # Force usage of https
  if ($scheme = http) {
    rewrite ^ https://$server_name$request_uri? permanent;
  }

-  index index.php;
+  # Add headers to serve security related headers
+  more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
+  more_set_headers "X-Content-Type-Options: nosniff";
+  more_set_headers "X-XSS-Protection: 1; mode=block";
+  more_set_headers "X-Robots-Tag: none";
+  more_set_headers "X-Download-Options: noopen";
+  more_set_headers "X-Permitted-Cross-Domain-Policies: none";
+  more_set_headers "Referrer-Policy: no-referrer";

-  location ~ [^/]\.php(/|$) {
-    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+  #index index.php;
+
+  location ~ ^__PATH__/index\.php(/.*|)$ {
+    fastcgi_split_path_info ^(.+?\.php)(/.*|)$;
+    set $path_info $fastcgi_path_info;
    fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock;

    fastcgi_index index.php;
@ -23,10 +37,29 @@ location __PATH__/ {
    fastcgi_param SCRIPT_FILENAME $request_filename;
  }

+  # Adding the cache control header for js and css files
+  location ~ \.(?:css|js|woff2?|svg|gif)$ {
+    try_files $uri __PATH__/index.php$request_uri;
+    more_set_headers "Cache-Control: public, max-age=15778463";
+    # Add headers to serve security related headers
+    more_set_headers "Strict-Transport-Security: max-age=15768000";
+    more_set_headers "X-Content-Type-Options: nosniff";
+    more_set_headers "X-XSS-Protection: 1; mode=block";
+    more_set_headers "X-Robots-Tag: none";
+    more_set_headers "X-Download-Options: noopen";
+    more_set_headers "X-Permitted-Cross-Domain-Policies: none";
+    more_set_headers "Referrer-Policy: no-referrer";
+
+    # Optional: Don't log access to assets
+    access_log off;
+  }
+
+  location ~* \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
+    try_files $uri __FINALPATH__/index.php$request_uri;
+    # Optional: Don't log access to other assets
+    access_log off;
+  }
+
    # Include SSOWAT user panel.
    include conf.d/yunohost_panel.conf.inc;
 }
-
-location @__PATH__ {
-    rewrite ^(.+)$ /index.php?/$1 last;
-}
--- a/manifest.json
+++ b/manifest.json
@ -52,15 +52,6 @@
                },
                "example": "johndoe"
            },
-            {
-                "name": "is_public",
-                "type": "boolean",
-                "ask": {
-                    "en": "Is it a public application?",
-                    "fr": "Est-ce une application publique?"
-                },
-                "default": true
-            },
            {
                "name": "language",
                "type": "string",
--- a/scripts/backup
+++ b/scripts/backup
@ -26,6 +26,8 @@ ynh_abort_if_errors
 #=================================================
 ynh_script_progression --message="Loading installation settings..."

+YNH_PHP_VERSION="7.0"
+
 app=$YNH_APP_INSTANCE_NAME

 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
@ -54,7 +56,7 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 #=================================================
 ynh_script_progression --message="Backing up php-fpm configuration..."

-ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf"
+ynh_backup --src_path="/etc/php/$YNH_PHP_VERSION/fpm/pool.d/$app.conf"

 #=================================================
 # BACKUP THE MYSQL DATABASE
@ -63,23 +65,6 @@ ynh_script_progression --message="Backing up the MySQL database..."

 ynh_mysql_dump_db --database="$db_name" > db.sql

-#=================================================
-# BACKUP FAIL2BAN CONFIGURATION
-#=================================================
-ynh_script_progression --message="Backing up fail2ban configuration..."
-
-ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
-ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
-
-#=================================================
-# SPECIFIC BACKUP
-#=================================================
-# BACKUP LOGROTATE
-#=================================================
-ynh_script_progression --message="Backing up logrotate configuration..."
-
-ynh_backup --src_path="/etc/logrotate.d/$app"
-
 #=================================================
 # BACKUP A CRON FILE
 #=================================================
--- a/scripts/change_url
+++ b/scripts/change_url
@ -32,7 +32,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 # Add settings here as needed by your application
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
-db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
+db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)

 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
--- a/scripts/install
+++ b/scripts/install
@ -29,7 +29,6 @@ YNH_PHP_VERSION="7.0"
 domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH
 admin=$YNH_APP_ARG_ADMIN
-is_public=$YNH_APP_ARG_IS_PUBLIC
 language=$YNH_APP_ARG_LANGUAGE

 ### If it's a multi-instance app, meaning it can be installed several times independently
@ -73,9 +72,15 @@ ynh_script_progression --message="Storing installation settings..."
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=admin --value=$admin
-ynh_app_setting_set --app=$app --key=is_public --value=$is_public
 ynh_app_setting_set --app=$app --key=language --value=$language

+ynh_app_setting_set --app=$app --key=api_secret --value="$(ynh_string_random --length=32)"
+ynh_app_setting_set --app=$app --key=app_key --value="$(ynh_string_random --length=32)"
+ynh_app_setting_set --app=$app --key=phantomjs_key --value="$(ynh_string_random --length=32)"
+
+ynh_app_setting_set --app=$app --key=mail_from_address --value="$(ynh_user_get_info $admin mail)"
+ynh_app_setting_set --app=$app --key=mail_from_name --value="$(ynh_user_get_info $admin firstname) $(ynh_user_get_info $admin lastname)"
+
 #=================================================
 # STANDARD MODIFICATIONS
 #=================================================
@ -149,43 +154,6 @@ ynh_script_progression --message="Configuring php-fpm..."
 # Create a dedicated php-fpm config
 ynh_add_fpm_config

-#=================================================
-# SPECIFIC SETUP
-#=================================================
-# ...
-#=================================================
-
-#=================================================
-# SETUP APPLICATION WITH CURL
-#=================================================
-
-### Use these lines only if the app installation needs to be finalized through
-### web forms. We generally don't want to ask the final user,
-### so we're going to use curl to automatically fill the fields and submit the
-### forms.
-
-# Set right permissions for curl install
-chown -R $app: $final_path
-
-# Set the app as temporarily public for curl call
-ynh_script_progression --message="Configuring SSOwat..."
-ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
-# Reload SSOwat config
-yunohost app ssowatconf
-
-# Reload Nginx
-ynh_systemd_action --service_name=nginx --action=reload
-
-# Installation with curl
-ynh_script_progression --message="Finalizing installation..."
-ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
-
-# Remove the public access
-if [ $is_public -eq 0 ]
-then
-	ynh_app_setting_delete --app=$app --key=skipped_uris
-fi
-
 #=================================================
 # MODIFY A CONFIG FILE
 #=================================================
@ -201,15 +169,21 @@ ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --ta
 ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$final_path/.env"
 ynh_replace_string --match_string="__DB_PASS__" --replace_string="$db_pwd" --target_file="$final_path/.env"

-ynh_replace_string --match_string="__API_SECRET__" --replace_string="$(ynh_string_random --length=32)" --target_file="$final_path/.env"
-ynh_replace_string --match_string="__APP_KEY__" --replace_string="$(ynh_string_random --length=32)" --target_file="$final_path/.env"
-ynh_replace_string --match_string="__PHANTOMJS_KEY__" --replace_string="$(ynh_string_random --length=32)" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__API_SECRET__" --replace_string="$(ynh_app_setting_get --app=$app --key=api_secret)" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__APP_KEY__" --replace_string="$(ynh_app_setting_get --app=$app --key=app_key)" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__PHANTOMJS_KEY__" --replace_string="$(ynh_app_setting_get --app=$app --key=phantomjs_jey)" --target_file="$final_path/.env"

-ynh_replace_string --match_string="__MAIL_FROM_ADDRESS__" --replace_string="$(ynh_user_get_info $admin mail)" --target_file="$final_path/.env"
-ynh_replace_string --match_string="__MAIL_FROM_NAME__" --replace_string="$(ynh_user_get_info $admin firstname) $(ynh_user_get_info $admin lastname)" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__MAIL_FROM_ADDRESS__" --replace_string="$(ynh_app_setting_get --app=$app --key=mail_from_address)" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__MAIL_FROM_NAME__" --replace_string="$(ynh_app_setting_get --app=$app --key=mail_from_name)" --target_file="$final_path/.env"

 #=================================================
 # GENERIC FINALIZATION
+#=================================================
+
+# Run the database migrations and initially fill the db
+sudo $final_path/artisan migrate --no-interaction --verbose --force
+sudo $final_path/artisan db:seed --force --no-interaction --verbose
+
 #=================================================
 # SECURE FILES AND DIRECTORIES
 #=================================================
@ -224,23 +198,6 @@ chown -R root: $final_path
 chmod -R 755 $final_path/storage
 chown -R $app: $final_path/storage $final_path/bootstrap $final_path/public/logo $final_path/.env

-
-#=================================================
-# SETUP LOGROTATE
-#=================================================
-ynh_script_progression --message="Configuring log rotation..."
-
-### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
-### Use this helper only if there is effectively a log file for this app.
-### If you're not using this helper:
-###		- Remove the section "BACKUP LOGROTATE" in the backup script
-###		- Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
-###		- As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
-###		- And the section "SETUP LOGROTATE" in the upgrade script
-
-# Use logrotate to manage application logfile(s)
-ynh_use_logrotate
-
 #=================================================
 # ADD A CRON JOB
 #=================================================
@ -254,26 +211,6 @@ ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_fi
 ynh_replace_string --match_string="__DESTDIR__" --replace_string="$final_path" --target_file="$cron_path"
 ynh_replace_string --match_string="__YNH_PHP_VERSION__" --replace_string="$YNH_PHP_VERSION" --target_file="$cron_path"

-#=================================================
-# SETUP FAIL2BAN
-#=================================================
-ynh_script_progression --message="Configuring fail2ban..."
-
-# Create a dedicated fail2ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
-
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Configuring SSOwat..."
-
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
-
 #=================================================
 # RELOAD NGINX
 #=================================================
--- a/scripts/remove
+++ b/scripts/remove
@ -24,17 +24,6 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)

 #=================================================
 # STANDARD REMOVE
-#=================================================
-# REMOVE SERVICE INTEGRATION IN YUNOHOST
-#=================================================
-
-# Remove the service from the list of services known by Yunohost (added from `yunohost service add`)
-if ynh_exec_warn_less yunohost service status $app >/dev/null
-then
-	ynh_script_progression --message="Removing $app service..."
-	yunohost service remove $app
-fi
-
 #=================================================
 # REMOVE THE MYSQL DATABASE
 #=================================================
@ -67,22 +56,6 @@ ynh_script_progression --message="Removing php-fpm configuration..."
 # Remove the dedicated php-fpm config
 ynh_remove_fpm_config

-#=================================================
-# REMOVE LOGROTATE CONFIGURATION
-#=================================================
-ynh_script_progression --message="Removing logrotate configuration..."
-
-# Remove the app-specific logrotate config
-ynh_remove_logrotate
-
-#=================================================
-# REMOVE FAIL2BAN CONFIGURATION
-#=================================================
-ynh_script_progression --message="Removing fail2ban configuration..."
-
-# Remove the dedicated fail2ban config
-ynh_remove_fail2ban_config
-
 #=================================================
 # SPECIFIC REMOVE
 #=================================================
@ -92,10 +65,6 @@ ynh_remove_fail2ban_config
 # Remove a cron file
 ynh_secure_remove --file="/etc/cron.d/$app"

-#=================================================
-# GENERIC FINALIZATION
-#=================================================
-
 #=================================================
 # END OF SCRIPT
 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -22,12 +22,17 @@ ynh_abort_if_errors
 #=================================================
 ynh_script_progression --message="Loading settings..."

+YNH_PHP_VERSION="7.0"
+
 app=$YNH_APP_INSTANCE_NAME

 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
+admin=$(ynh_app_setting_get --app=$app --key=admin)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+language=$(ynh_app_setting_get --app=$app --key=language)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
 db_user=$db_name

 #=================================================
@ -70,52 +75,29 @@ ynh_system_user_create --username=$app
 # Restore permissions on app files
 chown -R root: $final_path

+chmod -R 755 $final_path/storage
+chown -R $app: $final_path/storage $final_path/bootstrap $final_path/public/logo $final_path/.env
+
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
 #=================================================

-ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf"
-
-#=================================================
-# RESTORE FAIL2BAN CONFIGURATION
-#=================================================
-ynh_script_progression --message="Restoring the fail2ban configuration..."
-
-ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
-ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
-ynh_systemd_action --action=restart --service_name=fail2ban
-
-#=================================================
-# SPECIFIC RESTORATION
-#=================================================
+ynh_restore_file --origin_path="/etc/php/$YNH_PHP_VERSION/fpm/pool.d/$app.conf"

 #=================================================
 # RESTORE THE MYSQL DATABASE
 #=================================================
 ynh_script_progression --message="Restoring the MySQL database..."

-db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
 ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
 ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql

-#=================================================
-# INTEGRATE SERVICE IN YUNOHOST
-#=================================================
-
-yunohost service add $app --description "A short description of the app" --log "/var/log/$app/$app.log"
-
 #=================================================
 # RESTORE THE CRON FILE
 #=================================================

 ynh_restore_file --origin_path="/etc/cron.d/$app"

-#=================================================
-# RESTORE THE LOGROTATE CONFIGURATION
-#=================================================
-
-ynh_restore_file --origin_path="/etc/logrotate.d/$app"
-
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@ -123,7 +105,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
 #=================================================
 ynh_script_progression --message="Reloading nginx web server and php-fpm..."

-ynh_systemd_action --service_name=php7.0-fpm --action=reload
+ynh_systemd_action --service_name=php$YNH_PHP_VERSION-fpm --action=reload
 ynh_systemd_action --service_name=nginx --action=reload

 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -19,10 +19,11 @@ app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 language=$(ynh_app_setting_get --app=$app --key=language)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
+db_user=$db_name

 #=================================================
 # CHECK VERSION
@ -41,15 +42,6 @@ upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..."

-# Fix is_public as a boolean value
-if [ "$is_public" = "Yes" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=1
-	is_public=1
-elif [ "$is_public" = "No" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=0
-	is_public=0
-fi
-
 # If db_name doesn't exist, create it
 if [ -z "$db_name" ]; then
 	db_name=$(ynh_sanitize_dbid --db_name=$app)
@ -124,6 +116,28 @@ ynh_script_progression --message="Upgrading php-fpm configuration..."
 # Create a dedicated php-fpm config
 ynh_add_fpm_config

+#=================================================
+# MODIFY A CONFIG FILE
+#=================================================
+
+### `ynh_replace_string` is used to replace a string in a file.
+### (It's compatible with sed regular expressions syntax)
+
+ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$final_path/.env"
+
+ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__DB_PASS__" --replace_string="$db_pwd" --target_file="$final_path/.env"
+
+ynh_replace_string --match_string="__API_SECRET__" --replace_string="$(ynh_app_setting_get --app=$app --key=api_secret)" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__APP_KEY__" --replace_string="$(ynh_app_setting_get --app=$app --key=app_key)" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__PHANTOMJS_KEY__" --replace_string="$(ynh_app_setting_get --app=$app --key=phantomjs_jey)" --target_file="$final_path/.env"
+
+ynh_replace_string --match_string="__MAIL_FROM_ADDRESS__" --replace_string="$(ynh_app_setting_get --app=$app --key=mail_from_address)" --target_file="$final_path/.env"
+ynh_replace_string --match_string="__MAIL_FROM_NAME__" --replace_string="$(ynh_app_setting_get --app=$app --key=mail_from_name)" --target_file="$final_path/.env"
+
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
@ -132,35 +146,18 @@ ynh_add_fpm_config
 ynh_script_progression --message="Upgrading the database..."

 # Put the application into maintenance mode
-$final_path/artisan down --no-interaction --verbose

-# Run the database migrations
-$final_path/artisan migrate --force --no-interaction --verbose
+sudo $final_path/artisan down --no-interaction --verbose

 # Optimize the framework for better performance
-$final_path/artisan optimize --force --no-interaction --verbose
+sudo $final_path/artisan optimize --force --no-interaction --verbose
+
+# Run the database migrations
+sudo $final_path/artisan migrate --no-interaction --verbose
+sudo $final_path/artisan db:seed --class=UpdateSeeder --force --no-interaction --verbose

 # Bring the application out of maintenance mode
-$final_path/artisan up --no-interaction --verbose
-
-
-#=================================================
-# SETUP LOGROTATE
-#=================================================
-ynh_script_progression --message="Upgrading logrotate configuration..."
-
-# Use logrotate to manage app-specific logfile(s)
-ynh_use_logrotate --non-append
-
-#=================================================
-# GENERIC FINALIZATION
-#=================================================
-# UPGRADE FAIL2BAN
-#=================================================
-ynh_script_progression --message="Reconfiguring fail2ban..."
-
-# Create a dedicated fail2ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
+sudo $final_path/artisan up --no-interaction --verbose

 #=================================================
 # SECURE FILES AND DIRECTORIES
@ -170,19 +167,7 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg
 chown -R root: $final_path

 chmod -R 755 $final_path/storage
-chown -R $app $final_path/storage $final_path/bootstrap $final_path/public/logo
-
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..."
-
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
+chown -R $app: $final_path/storage $final_path/bootstrap $final_path/public/logo $final_path/.env

 #=================================================
 # RELOAD NGINX