YunoHost-Apps/my_webapp_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/my_webapp_ynh.git synced 2024-09-03 19:46:26 +02:00
Code Issues Activity Actions
my_webapp_ynh/scripts/install
Yalh 18916f692b Fix installation
2019-01-19 04:31:01 +01:00

203 lines
7.1 KiB
Bash
Raw Blame History

#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
password=$YNH_APP_ARG_PASSWORD
with_mysql=$YNH_APP_ARG_WITH_MYSQL
### If it's a multi-instance app, meaning it can be installed several times independently
### The id of the app as stated in the manifest is available as $YNH_APP_ID
### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...)
### The app instance name is available as $YNH_APP_INSTANCE_NAME
### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
### - ynhexample__{N} for the subsequent installations, with N=3,4, ...
### The app instance name is probably what interests you most, since this is
### guaranteed to be unique. This is a good unique identifier to define installation path,
### db names, ...
app=$YNH_APP_INSTANCE_NAME
app_nb=$YNH_APP_INSTANCE_NUMBER
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app"
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder"
# Check password strength
[[ ${#password} -gt 5 ]] || ynh_die \
"The password is too weak, it must be longer than 5 characters"
# Normalize the url path syntax
path_url=$(ynh_normalize_url_path $path_url)
# Check web path availability
ynh_webpath_available $domain $path_url
# Register (book) web path
ynh_webpath_register $app $domain $path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
user=webapp${app_nb}
ynh_app_setting_set $app domain $domain
ynh_app_setting_set $app path $path_url
ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app with_mysql $with_mysql
ynh_app_setting_set $app password "$password"
ynh_app_setting_set $app user $user
ynh_app_setting_set $app final_path $final_path
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# CREATE A MYSQL DATABASE
#=================================================
### Use these lines if you need a database for the application.
### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password.
### The password will be stored as 'mysqlpwd' into the app settings,
### and will be available as $db_pwd
### If you're not using these lines:
### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script
### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script
### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script
if [ $with_mysql -eq 1 ]; then
db_name=$(ynh_sanitize_dbid $app)
ynh_app_setting_set $app db_name $db_name
ynh_mysql_setup_db $db_name $db_name
fi
#=================================================
# NGINX CONFIGURATION
#=================================================
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
# Create a standard user (not a system user for sftp)
ynh_system_user_exists "$user" || \
useradd -d "$final_path" -M --user-group "$user"
# Add the password to this user
chpasswd <<< "${user}:${password}"
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
### `ynh_add_fpm_config` is used to set up a PHP config.
### You can remove it if your app doesn't use PHP.
### `ynh_add_fpm_config` will use the files conf/php-fpm.conf and conf/php-fpm.ini
### If you're not using these lines:
### - You can remove these files in conf/.
### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script
### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script
### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script
### With the reload at the end of the script.
### - And the section "PHP-FPM CONFIGURATION" in the upgrade script
# Create a dedicated php-fpm config
ynh_replace_string "__USER__" "$user" "../conf/php-fpm.conf"
ynh_add_fpm_config
#=================================================
# SPECIFIC SETUP
#=================================================
# CONFIGURE SSH
#=================================================
# Harden SSH connection for the user
echo "##-> ${app}
# Hardening user connection
Match User ${user}
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
PermitTunnel no
X11Forwarding no
##<- ${app}" | tee -a /etc/ssh/sshd_config >/dev/null
systemctl reload ssh
#=================================================
# MODIFY A CONFIG FILE
#=================================================
### `ynh_replace_string` is used to replace a string in a file.
### (It's compatible with sed regular expressions syntax)
ynh_replace_string "{DOMAIN}" "$domain" ../sources/www/index.html
ynh_replace_string "{USER}" "$user" ../sources/www/index.html
if [ $with_mysql -eq 1 ]; then
# Store the database access
echo -e "# MySQL Database
name: ${db_name}\nuser: ${db_name}\npass: ${db_pwd}" > ../sources/db_access.txt
fi
# Copy files to the right place
cp -r ../sources "$final_path"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
### For security reason, any app should set the permissions to root: before anything else.
### Then, if write authorization is needed, any access should be given only to directories
### that really need such authorization.
# Set permissions to app files
chown -R root: $final_path
#=================================================
# SETUP SSOWAT
#=================================================
# Make app public if necessary
if [ $is_public -eq 1 ]
then
ynh_app_setting_set $app skipped_uris "/"
fi
#=================================================
# RELOAD NGINX
#=================================================
systemctl reload nginx
Reference in a new issue View git blame Copy permalink