#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC password=$YNH_APP_ARG_PASSWORD with_mysql=$YNH_APP_ARG_WITH_MYSQL ### If it's a multi-instance app, meaning it can be installed several times independently ### The id of the app as stated in the manifest is available as $YNH_APP_ID ### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) ### The app instance name is available as $YNH_APP_INSTANCE_NAME ### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample ### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 ### - ynhexample__{N} for the subsequent installations, with N=3,4, ... ### The app instance name is probably what interests you most, since this is ### guaranteed to be unique. This is a good unique identifier to define installation path, ### db names, ... app=$YNH_APP_INSTANCE_NAME app_nb=$YNH_APP_INSTANCE_NUMBER #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". ### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" # Check password strength [[ ${#password} -gt 5 ]] || ynh_die \ "The password is too weak, it must be longer than 5 characters" # Normalize the url path syntax path_url=$(ynh_normalize_url_path $path_url) # Check web path availability ynh_webpath_available $domain $path_url # Register (book) web path ynh_webpath_register $app $domain $path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= user=webapp${app_nb} ynh_app_setting_set $app domain $domain ynh_app_setting_set $app path $path_url ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app with_mysql $with_mysql ynh_app_setting_set $app password "$password" ynh_app_setting_set $app user $user ynh_app_setting_set $app final_path $final_path #================================================= # STANDARD MODIFICATIONS #================================================= # CREATE A MYSQL DATABASE #================================================= ### Use these lines if you need a database for the application. ### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password. ### The password will be stored as 'mysqlpwd' into the app settings, ### and will be available as $db_pwd ### If you're not using these lines: ### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script ### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script ### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script if [ $with_mysql -eq 1 ]; then db_name=$(ynh_sanitize_dbid $app) ynh_app_setting_set $app db_name $db_name ynh_mysql_setup_db $db_name $db_name fi #================================================= # NGINX CONFIGURATION #================================================= ### `ynh_add_nginx_config` will use the file conf/nginx.conf # Create a dedicated nginx config ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= # Create a standard user (not a system user for sftp) ynh_system_user_exists "$user" || \ useradd -d "$final_path" -M --user-group "$user" # Add the password to this user chpasswd <<< "${user}:${password}" #================================================= # PHP-FPM CONFIGURATION #================================================= ### `ynh_add_fpm_config` is used to set up a PHP config. ### You can remove it if your app doesn't use PHP. ### `ynh_add_fpm_config` will use the files conf/php-fpm.conf and conf/php-fpm.ini ### If you're not using these lines: ### - You can remove these files in conf/. ### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script ### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script ### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script ### With the reload at the end of the script. ### - And the section "PHP-FPM CONFIGURATION" in the upgrade script # Create a dedicated php-fpm config ynh_replace_string "__USER__" "$user" "../conf/php-fpm.conf" ynh_add_fpm_config #================================================= # SPECIFIC SETUP #================================================= # CONFIGURE SSH #================================================= # Harden SSH connection for the user echo "##-> ${app} # Hardening user connection Match User ${user} ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no PermitTunnel no X11Forwarding no ##<- ${app}" | tee -a /etc/ssh/sshd_config >/dev/null systemctl reload ssh #================================================= # MODIFY A CONFIG FILE #================================================= ### `ynh_replace_string` is used to replace a string in a file. ### (It's compatible with sed regular expressions syntax) ynh_replace_string "{DOMAIN}" "$domain" ../sources/www/index.html ynh_replace_string "{USER}" "$user" ../sources/www/index.html if [ $with_mysql -eq 1 ]; then # Store the database access echo -e "# MySQL Database name: ${db_name}\nuser: ${db_name}\npass: ${db_pwd}" > ../sources/db_access.txt fi # Copy files to the right place cp -r ../sources "$final_path" #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= ### For security reason, any app should set the permissions to root: before anything else. ### Then, if write authorization is needed, any access should be given only to directories ### that really need such authorization. # Set permissions to app files chown -R root: $final_path #================================================= # ADVERTISE SERVICE IN ADMIN PANEL #================================================= ### `yunohost service add` is a CLI yunohost command to add a service in the admin panel. ### You'll find the service in the 'services' section of YunoHost admin panel. ### This CLI command would be useless if the app does not have any services (systemd or sysvinit) ### If you're not using these lines: ### - You can remove these files in conf/. ### - Remove the section "REMOVE SERVICE FROM ADMIN PANEL" in the remove script ### - As well as the section ADVERTISE SERVICE IN ADMIN PANEL" in the restore script yunohost service add $app --log "/var/log/$app/APP.log" # if using yunohost version 3.2 or more in the 'manifest.json', a description can be added #yunohost service add $app --description "$app daemon for XXX" --log "/var/log/$app/APP.log" #================================================= # SETUP SSOWAT #================================================= # Make app public if necessary if [ $is_public -eq 1 ] then ynh_app_setting_set $app skipped_uris "/" fi #================================================= # RELOAD NGINX #================================================= systemctl reload nginx