mirror of
https://github.com/YunoHost-Apps/my_webapp_ynh.git
synced 2024-09-03 19:46:26 +02:00
105 lines
3 KiB
Bash
105 lines
3 KiB
Bash
#!/bin/bash
|
|
|
|
# Exit on command errors and treat unset variables as an error
|
|
set -eu
|
|
|
|
# Get multi-instances specific variables
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
app_nb=$YNH_APP_INSTANCE_NUMBER
|
|
|
|
# Retrieve arguments
|
|
domain=$1
|
|
path=${2%/}
|
|
password=$3
|
|
is_public=$4
|
|
with_mysql=$5
|
|
|
|
# Source app helpers
|
|
. /usr/share/yunohost/helpers
|
|
|
|
# Check domain/path availability
|
|
sudo yunohost app checkurl "${domain}${path}" -a "$app" \
|
|
|| exit 1
|
|
|
|
# Check password strength
|
|
[[ ${#password} -gt 5 ]] || ynh_die \
|
|
"The password is too weak, it must be longer than 5 characters"
|
|
|
|
# Check destination directory
|
|
DESTDIR="/var/www/${app}"
|
|
[[ -d "$DESTDIR" ]] && ynh_die \
|
|
"The destination directory '${DESTDIR}' already exists.\
|
|
You should safely delete it before installing this app."
|
|
|
|
# Save app settings
|
|
user="webapp${app_nb}"
|
|
ynh_app_setting_set "$app" is_public "$is_public"
|
|
ynh_app_setting_set "$app" with_mysql "$with_mysql"
|
|
ynh_app_setting_set "$app" password "$password"
|
|
ynh_app_setting_set "$app" user "$user"
|
|
|
|
# Create the user account
|
|
sudo useradd -c "${app} user account" \
|
|
-d "$DESTDIR" -M -g www-data "$user" \
|
|
|| ynh_die "Unable to create user account"
|
|
sudo chpasswd <<< "${user}:${password}"
|
|
|
|
# Harden SSH connection for the user
|
|
echo "##-> ${app}
|
|
# Hardening user connection
|
|
Match User ${user}
|
|
ChrootDirectory %h
|
|
ForceCommand internal-sftp
|
|
AllowTcpForwarding no
|
|
PermitTunnel no
|
|
X11Forwarding no
|
|
##<- ${app}" | sudo tee -a /etc/ssh/sshd_config >/dev/null
|
|
|
|
# Specify the user and the domain in the home page
|
|
sed -i "s@{DOMAIN}@${domain}@g" ../sources/www/index.html
|
|
sed -i "s@{USER}@${user}@g" ../sources/www/index.html
|
|
|
|
# Initialize database as needed
|
|
if [[ $with_mysql -eq 1 ]]; then
|
|
dbname=$app
|
|
dbuser=$app
|
|
dbpass=$(ynh_string_random)
|
|
ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
|
|
|
|
# Store the database access
|
|
echo -e "# MySQL Database
|
|
name: ${dbname}\nuser: ${dbuser}\npass: ${dbpass}" > ../sources/db_access.txt
|
|
ynh_app_setting_set "$app" mysqlpwd "$dbpass"
|
|
fi
|
|
|
|
# Copy files to the right place and set permissions
|
|
sudo cp -r ../sources "$DESTDIR"
|
|
sudo chown -hR "${user}:" "$DESTDIR"
|
|
|
|
# Home directory of the user need to be owned by root to allow
|
|
# SFTP connections
|
|
sudo chown root: "$DESTDIR"
|
|
|
|
# Set SSOwat rules
|
|
[[ $is_public -eq 1 ]] \
|
|
&& ynh_app_setting_set "$app" skipped_uris "/"
|
|
|
|
# Copy and set nginx configuration
|
|
nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf"
|
|
sed -i "s@{PATH}@${path}@g" ../conf/nginx.conf
|
|
sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf
|
|
sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/nginx.conf
|
|
sed -i "s@{POOLNAME}@${app}@g" ../conf/nginx.conf
|
|
sudo cp ../conf/nginx.conf "$nginx_conf"
|
|
|
|
# Copy and set php-fpm configuration
|
|
phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf"
|
|
sed -i "s@{USER}@${user}@g" ../conf/php-fpm.conf
|
|
sed -i "s@{POOLNAME}@${app}@g" ../conf/php-fpm.conf
|
|
sed -i "s@{DESTDIR}@${DESTDIR}@g" ../conf/php-fpm.conf
|
|
sudo cp ../conf/php-fpm.conf "$phpfpm_conf"
|
|
|
|
# Reload services
|
|
sudo service php5-fpm reload
|
|
sudo service nginx reload
|
|
sudo systemctl reload sshd
|