From 95f610b66c1d2f1e2008f6f4b687a0ebecebf7b5 Mon Sep 17 00:00:00 2001
From: Krakinou <misterl56@hotmail.com>
Date: Wed, 19 Jul 2023 23:45:52 +0200
Subject: [PATCH] Add nginx settings

---
 .project            | 11 +++++++++++
 conf/mosquitto.conf | 35 ++++++++++++++++++++++++++++++++++-
 conf/nginx.conf     | 10 ++++++++++
 manifest.toml       | 18 ++++++++++++++++--
 scripts/backup      |  6 ++++++
 scripts/install     |  3 +++
 scripts/remove      |  3 +++
 scripts/restore     |  2 ++
 scripts/upgrade     |  7 +++++++
 9 files changed, 92 insertions(+), 3 deletions(-)
 create mode 100644 .project
 create mode 100644 conf/nginx.conf

diff --git a/.project b/.project
new file mode 100644
index 0000000..85a244e
--- /dev/null
+++ b/.project
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>mosquitto_ynh</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+	</buildSpec>
+	<natures>
+	</natures>
+</projectDescription>
diff --git a/conf/mosquitto.conf b/conf/mosquitto.conf
index fe46dfa..17c69c8 100644
--- a/conf/mosquitto.conf
+++ b/conf/mosquitto.conf
@@ -1,4 +1,37 @@
-listener __PORT__
+log_timestamp_format %Y-%m-%dT%H:%M:%S
+
+################### Direct IP ###############################################
+#To use mosquitto with direct IP call and no websocket protocol, uncomment those lines and comment
+# those for websocket protocol
+#You will need to open the firewall port with command "sudo yunohost firewall allow TCP __PORT__ --no-upnp"
+
+#listener __PORT__
+
+###################SSL CONNECTION###########################################
+#To use mosquitto with direct IP and SSL connection, uncomment those lines
+#You will need to open the firewall port with command "sudo yunohost firewall allow TCP __SSL_PORT__ --no-upnp"
+
+#listener __PORT_SSL__
+#certfile /etc/yunohost/certs/__DOMAIN__/crt.pem
+#cafile /etc/yunohost/certs/__DOMAIN__/crt.pem
+#keyfile /etc/yunohost/certs/__DOMAIN__/key.pem
+
+##############################################################################
+
+
+#############################WEBSOCKET AND URL################################
+#To use mosquitto with websocket protocol and a direct URL call, uncomment those lines and comment
+#those for direct IP
+
+listener __PORT__ 127.0.0.1
+listener __PORT__ ::1
+
+listener __PORT_WEBSOCKET__
+protocol websockets
+
+#############################################################################
+
+
 
 allow_anonymous false
 password_file /etc/mosquitto/passwd
diff --git a/conf/nginx.conf b/conf/nginx.conf
new file mode 100644
index 0000000..03ee252
--- /dev/null
+++ b/conf/nginx.conf
@@ -0,0 +1,10 @@
+location / {
+
+  #Settings for mqtt server from outside
+  proxy_http_version 1.1;
+  proxy_pass http://127.0.0.1:__PORT__;
+  proxy_read_timeout 90;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection "upgrade";
+  proxy_set_header Host $host;
+}
diff --git a/manifest.toml b/manifest.toml
index 9cbd3e9..28166a9 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -7,7 +7,7 @@ name = "Mosquitto"
 description.en = "Interconnect your objects and applications with an open source MQTT broker"
 description.fr = "Interconnecter vos objets et vos applications grâce à un serveur MQTT open source"
 
-version = "2.0.14~ynh2"
+version = "2.0.14~ynh3"
 
 maintainers = ["Grena"]
 
@@ -30,6 +30,17 @@ ram.build = "100M"
 ram.runtime = "10M"
 
 [install]
+    [install.domain]
+    type = "domain"
+
+    [install.path]
+    type = "path"
+    default = "/example"
+
+    [install.init_main_permission]
+    type = "group"
+    default = "visitors"
+
     [install.username]
     ask.en = "Set the username for client authentication"
     ask.fr = "Définissez le nom d'utilisateur pour l'authentification du client"
@@ -52,6 +63,9 @@ ram.runtime = "10M"
     [resources.ports]
     main.default = 1883
     main.exposed = "TCP"
+    websocket.default = 8883
+    ssl.default = 8884
+
 
     [resources.apt]
     packages = "mosquitto"
@@ -59,4 +73,4 @@ ram.runtime = "10M"
     [resources.apt.extras.mosquitto]
     repo = "deb https://repo.mosquitto.org/debian bullseye main"
     key = "http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key"
-    packages = ["mosquitto"]
+    packages = ["mosquitto", "mosquitto-clients"]
diff --git a/scripts/backup b/scripts/backup
index 030a73e..f7650e5 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -15,6 +15,12 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_print_info --message="Declaring files to be backed up..."
 
+#=================================================
+# BACKUP THE NGINX CONFIGURATION
+#=================================================
+
+ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
+
 #=================================================
 # SPECIFIC BACKUP
 #=================================================
diff --git a/scripts/install b/scripts/install
index fe9c6e0..17be70d 100644
--- a/scripts/install
+++ b/scripts/install
@@ -37,6 +37,9 @@ chown -R "mosquitto" "/etc/mosquitto"
 #=================================================
 ynh_script_progression --message="Adding system configurations related to $app..." --weight=1
 
+# Create a dedicated NGINX config using the conf/nginx.conf template
+ynh_add_nginx_config
+
 # Use logrotate to manage application logfile(s)
 ynh_use_logrotate
 
diff --git a/scripts/remove b/scripts/remove
index 90333b3..2124c72 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -25,6 +25,8 @@ ynh_systemd_action --service_name="$app" --action="stop"
 pkill -u "$app" || true
 ynh_remove_systemd_config
 
+ynh_remove_nginx_config
+
 # Remove the app-specific logrotate config
 ynh_remove_logrotate
 
@@ -44,6 +46,7 @@ ynh_secure_remove --file="/etc/mosquitto/passwd"
 # Remove the config file
 ynh_secure_remove --file="/etc/mosquitto/conf.d/default.conf"
 
+
 #=================================================
 # END OF SCRIPT
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index efa60c8..105f5d1 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -15,6 +15,8 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
 
+ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
+
 ynh_restore_file --origin_path="/etc/logrotate.d/$app"
 
 yunohost service add "$app" --description="Allows MQTT clients to send/receive data" --log="/var/log/$app/$app.log" --needs_exposed_ports="$port"
diff --git a/scripts/upgrade b/scripts/upgrade
index 516bae8..af20d3c 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -30,6 +30,10 @@ if [ -z "${userpass:-}" ]; then
     ynh_app_setting_delete --app="$app" --key="password"
 fi
 
+if [ -z "${domain:-}" ]; then
+    ynh_die --message="This new version requires a domain, please remove and reinstall."
+fi
+
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
@@ -52,6 +56,9 @@ chown -R "mosquitto" "/etc/mosquitto"
 #=================================================
 ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1
 
+# Create a dedicated NGINX config using the conf/nginx.conf template
+ynh_add_nginx_config
+
 # Use logrotate to manage app-specific logfile(s)
 ynh_use_logrotate --non-append