[enh] Update the upgrade script and document how to migrate

README.md

@@ -3,13 +3,54 @@ Custom Webapp
 
 Empty application with SFTP access to the Web directory.
 
-It can also create a MySQL database. In that case, the connection details
+## Overview
-will be stored in the file `db_accesss.txt` located in the root folder of
-the SFTP user.
 
-## TODO
+This application allows you to easily install a custom Web application,
+providing files access with SFTP. It can also create a MySQL database
+which will be backed up and restored if your application. The connection
+details will be stored in the file `db_accesss.txt` located at the root
+directory.
 
- * Update `upgrade` script and manage upgrading from current official app
+Once installed, go to the chosen URL to know the user, domain and port
+you will have to use for the SFTP access. Under the Web directory, you
+will have a `www` folder which is the public and served one. You can
+put all the files of your custom Web application inside.
+
+## Upgrade
+
+Due to the SFTP access change, the upgrade can not be done from the last
+`my_webapp` application - provided with YunoHost 2.2. You will have to remove
+it first and install this new one, taking care of migrating your Web
+application.
+
+### Save your files and database
+
+You will have to save the content of the `/var/www/my_webapp/files`
+directory, either from the Web admin interface provided with the old app,
+connecting to your server using SSH or SFTP as `admin`.
+
+If you've created a MySQL database, you can also migrate it since the new
+version allows to manage it for you. To create a dump, you could use
+*phpMyAdmin* or connect to your server and execute:
+`mysqldump -u root -p$(cat /etc/yunohost/password --no-create-db "$dbname" > ./dump.sql`
+(do not forget to replace `$dbname` by your database name).
+
+### Restore your custom Webapp
+
+When you've take care of save your files - and optionally your database,
+you can remove the app and install this new one. You can set the same
+settings as the previous installation.
+
+To restore your files, connect to the Web directory using the SFTP account
+and put everything into the `www` directory.
+
+If you have chosen to migrate your database too, open the file `db_access.txt`
+to know the new database, user and password you will have to set in your app
+configuration. You can either restore the dump using *phpMyAdmin* or connect
+to your server and execute:
+`mysql -u "$dbuser" -p"$dbpass" "$dbname" < ./dump.sql`
+(do not forget to replace `$dbuser`, `$dbpass` and `$dbname` with the values
+given in the file).
 
 ## Links
 

scripts/upgrade

@@ -1,68 +1,72 @@
 #!/bin/bash
 
-set -e
+set -eu
 
-# Retrieve arguments
+# Get multi-instances specific variables
-domain=$(sudo yunohost app setting my_webapp domain)
+app=$YNH_APP_INSTANCE_NAME
-path=$(sudo yunohost app setting my_webapp path)
-user=$(sudo yunohost app setting my_webapp ftp_user \
-  || sudo yunohost app setting my_webapp allowed_users \
-  || echo "")
-is_public=$(sudo yunohost app setting my_webapp is_public)
-final_path=/var/www/my_webapp
 
-# Remove trailing "/" from the path
+# Source app helpers
+. /usr/share/yunohost/helpers
+
+# Retrieve app settings
+domain=$(ynh_app_setting_get "$app" domain)
+path=$(ynh_app_setting_get "$app" path)
 path=${path%/}
+is_public=$(ynh_app_setting_get "$app" is_public)
+mysql_db=$(ynh_app_setting_get "$app" mysql_db)
+password=$(ynh_app_setting_get "$app" password)
+user=$(ynh_app_setting_get "$app" user)
 
-# Reset permissions
+([[ -n "$mysql_db" ]] && [[ -n "$password" ]] && [[ -n "$user" ]]) \
-if [[ "$user" != "" ]]; then
+  || ynh_die "The app changed and can not be automatically upgraded. \
-  sudo yunohost app setting my_webapp allowed_users -v "$user"
+You will have to manually upgrade it following those instructions: \
-fi
+https://github.com/YunoHost-Apps/my_webapp_ynh#upgrade"
 
-# Update the salt in the admin.php file
+# Check destination directory
-salt=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p')
+DESTDIR="/var/www/$app"
-sed -i "s@SALTTOCHANGE@$salt@g" ../sources/admin.php
+[[ ! -d $DESTDIR ]] && ynh_die \
+"The destination directory '$DESTDIR' does not exist.\
+ The app is not correctly installed, you should remove it first."
 
-# Modify the index.html instruction file
+# Harden SSH connection for the user
-sed -i "s@USER@$user@g" ../sources/files/index.html
+sudo sed -i "/##-> ${app}/,/##<- ${app}/d" /etc/ssh/sshd_config
-sed -i "s@URL@https://$domain$path/admin/@g" ../sources/files/index.html
+echo "##-> ${app}
+# Hardening user connection
+Match User ${user}
+  ChrootDirectory %h
+  ForceCommand internal-sftp
+  AllowTcpForwarding no
+  PermitTunnel no
+  X11Forwarding no
+##<- ${app}" | sudo tee -a /etc/ssh/sshd_config >/dev/null
 
-# Copy files to the right place
+# Fix permissions
-sudo mkdir -p $final_path
+sudo chown -hR "${user}:" "$DESTDIR"
-sudo cp ../sources/admin.php $final_path/
-sudo cp -r ../sources/_assets $final_path/
 
-# Create directory and set permissions
+# Home directory of the user need to be owned by root to allow
-sudo mkdir -p $final_path/files
+# SFTP connections
-sudo chmod 775 -R $final_path/files
+sudo chown root: "$DESTDIR"
-sudo chown -hR www-data:www-data $final_path/files
 
-# Modify Nginx configuration file and copy it to Nginx conf directory
+# Set SSOwat rules
-if [[ "$path" == "" ]]; then
+[[ $is_public -eq 1 ]] \
-  sed -i "s@LOCATIONTOCHANGE@/@g" ../conf/nginx.conf
+  && ynh_app_setting_set "$app" skipped_uris "/"
-else
-  sed -i "s@LOCATIONTOCHANGE@$path@g" ../conf/nginx.conf
-fi
-sed -i "s@PATHTOCHANGE@$path@g" ../conf/nginx.conf
-sed -i "s@ALIASTOCHANGE@$final_path/@g" ../conf/nginx.conf
-sed -i "s@NAMETOCHANGE@my_webapp@g" ../conf/nginx.conf
-sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/my_webapp.conf
 
-# Same goes for PHP-FPM configuration
+# Copy and set nginx configuration
-sed -i "s@NAMETOCHANGE@my_webapp@g" ../conf/php-fpm.conf
+nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf"
-sudo cp ../conf/php-fpm.conf /etc/php5/fpm/pool.d/my_webapp.conf
+sed -i "s@{PATH}@${path}@g"        ../conf/nginx.conf
+sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf
+sed -i "s@{DESTDIR}@${DESTDIR}@g"  ../conf/nginx.conf
+sed -i "s@{POOLNAME}@${app}@g"     ../conf/nginx.conf
+sudo cp ../conf/nginx.conf "$nginx_conf"
 
-# Make app public if necessary
+# Copy and set php-fpm configuration
-if [ "$is_public" = "Yes" ];
+phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf"
-then
+sed -i "s@{USER}@${user}@g"       ../conf/php-fpm.conf
-    sudo yunohost app setting my_webapp unprotected_uris -v "/"
+sed -i "s@{POOLNAME}@${app}@g"    ../conf/php-fpm.conf
-fi
+sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/php-fpm.conf
+sudo cp ../conf/php-fpm.conf "$phpfpm_conf"
 
-# Protect the file manager
+# Reload services
-sudo yunohost app setting my_webapp protected_uris -v "/admin"
+sudo service php5-fpm reload
-
-# Reload Nginx, php5-fpm and regenerate SSOwat conf
 sudo service nginx reload
-sudo killall php5-fpm || echo "PHP-FPM already killed"
+sudo service sshd reload
-sudo service php5-fpm start
-sudo yunohost app ssowatconf