mirror of
https://github.com/YunoHost-Apps/my_webapp_ynh.git
synced 2024-09-03 19:46:26 +02:00
160 lines
4.5 KiB
Bash
160 lines
4.5 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# MANAGE SCRIPT FAILURE
|
|
#=================================================
|
|
|
|
# Exit if an error occurs during the execution of the script
|
|
ynh_abort_if_errors
|
|
|
|
#=================================================
|
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
#=================================================
|
|
|
|
domain=$YNH_APP_ARG_DOMAIN
|
|
path_url=$YNH_APP_ARG_PATH
|
|
password=$YNH_APP_ARG_PASSWORD
|
|
is_public=$YNH_APP_ARG_IS_PUBLIC
|
|
|
|
with_mysql=$YNH_APP_ARG_WITH_MYSQL
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
app_nb=$YNH_APP_INSTANCE_NUMBER
|
|
|
|
#=================================================
|
|
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
|
#=================================================
|
|
|
|
final_path=/var/www/$app
|
|
test ! -e "$final_path" || ynh_die "This path already contains a folder"
|
|
|
|
# Check password strength
|
|
[[ ${#password} -gt 5 ]] || ynh_die \
|
|
"The password is too weak, it must be longer than 5 characters"
|
|
|
|
# Normalize the url path syntax
|
|
path_url=$(ynh_normalize_url_path $path_url)
|
|
|
|
# Register (book) web path
|
|
ynh_webpath_register $app $domain $path_url
|
|
|
|
#=================================================
|
|
# STORE SETTINGS FROM MANIFEST
|
|
#=================================================
|
|
|
|
user=webapp${app_nb}
|
|
ynh_app_setting_set $app domain $domain
|
|
ynh_app_setting_set $app path $path_url
|
|
ynh_app_setting_set $app is_public $is_public
|
|
ynh_app_setting_set $app with_mysql $with_mysql
|
|
ynh_app_setting_set $app password "$password"
|
|
ynh_app_setting_set $app user $user
|
|
ynh_app_setting_set $app final_path $final_path
|
|
|
|
#=================================================
|
|
# STANDARD MODIFICATIONS
|
|
#=================================================
|
|
# CREATE A MYSQL DATABASE
|
|
#=================================================
|
|
|
|
if [ $with_mysql -eq 1 ]; then
|
|
db_name=$(ynh_sanitize_dbid $app)
|
|
ynh_app_setting_set $app db_name $db_name
|
|
ynh_mysql_setup_db $db_name $db_name
|
|
fi
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
|
|
# Create a dedicated nginx config
|
|
ynh_add_nginx_config
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
|
|
# Create a standard user (not a system user for sftp)
|
|
ynh_system_user_exists "$user" || \
|
|
useradd -d "$final_path" -M --user-group "$user"
|
|
# Add the password to this user
|
|
chpasswd <<< "${user}:${password}"
|
|
|
|
#=================================================
|
|
# PHP-FPM CONFIGURATION
|
|
#=================================================
|
|
|
|
# Create a dedicated php-fpm config
|
|
ynh_replace_string "__USER__" "$user" "../conf/php-fpm.conf"
|
|
ynh_add_fpm_config
|
|
|
|
#=================================================
|
|
# SPECIFIC SETUP
|
|
#=================================================
|
|
# CONFIGURE SSH
|
|
#=================================================
|
|
|
|
# Harden SSH connection for the user
|
|
echo "##-> ${app}
|
|
# Hardening user connection
|
|
Match User ${user}
|
|
ChrootDirectory %h
|
|
ForceCommand internal-sftp
|
|
AllowTcpForwarding no
|
|
PermitTunnel no
|
|
X11Forwarding no
|
|
##<- ${app}" | tee -a /etc/ssh/sshd_config >/dev/null
|
|
|
|
systemctl reload ssh
|
|
|
|
#=================================================
|
|
# MODIFY A CONFIG FILE
|
|
#=================================================
|
|
|
|
ynh_replace_string "{DOMAIN}" "$domain" ../sources/www/index.html
|
|
ynh_replace_string "{USER}" "$user" ../sources/www/index.html
|
|
|
|
if [ $with_mysql -eq 1 ]; then
|
|
# Store the database access
|
|
echo -e "# MySQL Database
|
|
name: ${db_name}\nuser: ${db_name}\npass: ${db_pwd}" > ../sources/db_access.txt
|
|
fi
|
|
|
|
# Copy files to the right place
|
|
cp -r ../sources "$final_path"
|
|
|
|
#=================================================
|
|
# GENERIC FINALIZATION
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
|
|
chown -R $user: "$final_path"
|
|
# Home directory of the user needs to be owned by root to allow
|
|
# SFTP connections
|
|
chown root: "$final_path"
|
|
|
|
#=================================================
|
|
# SETUP SSOWAT
|
|
#=================================================
|
|
|
|
# Make app public if necessary
|
|
if [ $is_public -eq 1 ]
|
|
then
|
|
ynh_app_setting_set $app skipped_uris "/"
|
|
fi
|
|
|
|
#=================================================
|
|
# RELOAD NGINX
|
|
#=================================================
|
|
|
|
systemctl reload nginx
|