YunoHost-Apps/my_webapp_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/my_webapp_ynh.git synced 2024-09-03 19:46:26 +02:00
Code Issues Activity Actions
my_webapp_ynh/scripts/upgrade
Maniack Crudelis 4a6fdbdfef Complete refactoring 
* Refactoring
* Fix typos and code spacing
* Change user group
2017-09-26 07:19:17 +02:00

171 lines
5.2 KiB
Bash
Raw Blame History

#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
is_public=$(ynh_app_setting_get $app is_public)
final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
with_mysql=$(ynh_app_setting_get $app with_mysql)
password=$(ynh_app_setting_get $app password)
user=$(ynh_app_setting_get $app user)
#=================================================
# CHECK IF THE UPGRADE CAN BE AUTOMATED
#=================================================
([[ -n "$with_mysql" ]] && [[ -n "$password" ]] && [[ -n "$user" ]]) \
|| ynh_die "The app changed and can not be automatically upgraded. \
You will have to manually upgrade it following these instructions: \
https://github.com/YunoHost-Apps/my_webapp_ynh#upgrade"
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
# If db_name doesn't exist, create it
if [ -z $db_name ]; then
db_name=$(ynh_sanitize_dbid $app)
ynh_app_setting_set $app db_name $db_name
fi
# If final_path doesn't exist, create it
if [ -z $final_path ]; then
final_path=/var/www/$app
ynh_app_setting_set $app final_path $final_path
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_backup_before_upgrade # Backup the current version of the app
ynh_clean_setup () {
ynh_restore_upgradebackup # restore it if the upgrade fails
}
ynh_abort_if_errors # Exit if an error occurs during the execution of the script
#=================================================
# CHECK THE PATH
#=================================================
# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path $path_url)
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# Check if a config file was modified
is_checksum_different () {
local file=$1
local checksum_setting_name=checksum_${file//[\/ ]/_} # Replace all '/' and ' ' by '_'
local checksum_value=$(ynh_app_setting_get $app $checksum_setting_name)
if [ -n "$checksum_value" ]
then # Proceed only if a value was stored into the app settings
if ! echo "$checksum_value $file" | sudo md5sum -c --status
then # If the checksum is now different
echo "File $file has been manually modified since the installation or last upgrade. So it will not be replaced." >&2
echo "1"
else
echo "0"
fi
else
echo "0"
fi
}
#=================================================
# NGINX CONFIGURATION
#=================================================
if [ $(is_checksum_different "/etc/nginx/conf.d/$domain.d/$app.conf") -eq 0 ]
then
# Create a dedicated nginx config
ynh_add_nginx_config
fi
#=================================================
# CREATE DEDICATED USER
#=================================================
# Create a standard user (not a system user for sftp)
ynh_system_user_exists "$user" || \
useradd -d "$final_path" -M --user-group "$user"
# Add the password to this user
chpasswd <<< "${user}:${password}"
# Change the user group for previous my_webapp install script
groupadd -f "$user"
usermod -g "$user" "$user"
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
if [ $(is_checksum_different "/etc/php5/fpm/pool.d/$app.conf") -eq 0 ]
then
# Create a dedicated php-fpm config
ynh_replace_string "__USER__" "$user" "../conf/php-fpm.conf"
ynh_add_fpm_config
fi
#=================================================
# SPECIFIC UPGRADE
#=================================================
# CONFIGURE SSH
#=================================================
# Remove the previous config for upgrading it
sudo sed -i "/##-> ${app}/,/##<- ${app}/d" /etc/ssh/sshd_config
# Harden SSH connection for the user
echo "##-> ${app}
# Hardening user connection
Match User ${user}
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
PermitTunnel no
X11Forwarding no
##<- ${app}" | tee -a /etc/ssh/sshd_config >/dev/null
systemctl reload ssh
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Home directory of the user needs to be owned by root to allow
# SFTP connections
chown root: "$final_path"
#=================================================
# SETUP SSOWAT
#=================================================
# Make app public if necessary
if [ $is_public -eq 1 ]
then
ynh_app_setting_set $app skipped_uris "/"
fi
#=================================================
# RELOAD NGINX
#=================================================
systemctl reload nginx
Reference in a new issue View git blame Copy permalink