diff --git a/README.md b/README.md index 8d429f4..8d063f1 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ @@ -29,7 +29,7 @@ In addition to Nextcloud core features, the following are made available with th * Serve `/.well-known` paths for CalDAV and CardDAV on the domain only if it's not already served - i.e. by Baïkal -**Shipped version:** 28.0.2~ynh1 +**Shipped version:** 28.0.3~ynh1 **Demo:** https://demo.nextcloud.com/ @@ -58,4 +58,4 @@ or sudo yunohost app upgrade nextcloud -u https://github.com/YunoHost-Apps/nextcloud_ynh/tree/testing --debug ``` -**More info regarding app packaging:** +**More info regarding app packaging:** \ No newline at end of file diff --git a/README_fr.md b/README_fr.md index daedd3d..f2e1700 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,5 +1,5 @@ @@ -29,7 +29,7 @@ En plus des fonctionnalités principales de Nextcloud, les fonctionnalités suiv * Utilise l'adresse `/.well-known` pour la synchronisation CalDAV et CardDAV du domaine si aucun autre service ne l'utilise déjà - par exemple, Baïkal -**Version incluse :** 28.0.2~ynh1 +**Version incluse :** 28.0.3~ynh1 **Démo :** https://demo.nextcloud.com/ diff --git a/conf/config.json b/conf/config.json index 1cd7f95..6e4790c 100644 --- a/conf/config.json +++ b/conf/config.json @@ -14,6 +14,7 @@ "hashing_default_password": true, "localstorage.allowsymlinks": true, "simpleSignUpLink.shown": false, + "maintenance_window_start": 1, "mail_smtpmode": "smtp", "mail_smtpport": "25", "mail_smtpauth": 1, diff --git a/conf/nginx.conf b/conf/nginx.conf index 369c117..3fc37b7 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -55,7 +55,7 @@ location ^~ __PATH__/ { client_body_buffer_size 512k; # HTTP response headers borrowed from Nextcloud `.htaccess` - more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;"; + #more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;"; more_set_headers "Referrer-Policy: no-referrer"; more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "X-Download-Options: noopen"; diff --git a/manifest.toml b/manifest.toml index 1ba8ce6..2610260 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Nextcloud" description.en = "Online storage, file sharing platform and various other applications" description.fr = "Stockage en ligne, plateforme de partage de fichiers et diverses autres applications" -version = "28.0.2~ynh1" +version = "28.0.3~ynh1" maintainers = ["kay0u"] @@ -59,8 +59,8 @@ ram.runtime = "512M" [resources.sources] [resources.sources.main] - url = 'https://download.nextcloud.com/server/releases/nextcloud-28.0.2.tar.bz2' - sha256 = 'de34d6baf3ecceacfdd138e85520cd85e1d2ce6798d9ffa478ac17eb1efa1d08' + url = 'https://download.nextcloud.com/server/releases/nextcloud-28.0.3.tar.bz2' + sha256 = '9ed413c0de16f5b033ceeffcca99c0d61fc698dbeb8db851ac9adf9eef951906' [resources.sources.27] url = 'https://download.nextcloud.com/server/releases/nextcloud-27.0.0.tar.bz2' diff --git a/scripts/backup b/scripts/backup index 924f0bd..da8f172 100755 --- a/scripts/backup +++ b/scripts/backup @@ -60,6 +60,12 @@ ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" ynh_backup --src_path="/etc/cron.d/$app" +#================================================= +# BACKUP LOGS +#================================================= + +ynh_backup --src_path="/var/log/$app" + #================================================= # BACKUP THE MYSQL DATABASE #================================================= diff --git a/scripts/install b/scripts/install index 1aaf177..24cd665 100755 --- a/scripts/install +++ b/scripts/install @@ -87,6 +87,9 @@ ynh_script_progression --message="Configuring $app..." --weight=8 # Set the mysql.utf8mb4 config to true in config.php exec_occ config:system:set mysql.utf8mb4 --type boolean --value="true" +# move the logs from the data_dir to the standard /var/log +exec_occ config:system:set logfile --value="/var/log/$app/nextcloud.log" + # Ensure that UpdateNotification app is disabled exec_occ app:disable updatenotification @@ -240,7 +243,7 @@ chmod 750 $install_dir ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) -ynh_use_logrotate --logfile="$data_dir/data/nextcloud.log" +ynh_use_logrotate #================================================= # SETUP FAIL2BAN @@ -248,7 +251,7 @@ ynh_use_logrotate --logfile="$data_dir/data/nextcloud.log" ynh_script_progression --message="Configuring Fail2Ban..." --weight=8 # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="$data_dir/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 +ynh_add_fail2ban_config --logpath="/var/log/$app/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index c39ac68..f8d582f 100755 --- a/scripts/remove +++ b/scripts/remove @@ -16,6 +16,9 @@ ynh_remove_nginx_config # Remove the dedicated PHP-FPM config ynh_remove_fpm_config +# remove logs +ynh_secure_remove --file="/var/log/$app" + # Remove the app-specific logrotate config ynh_remove_logrotate diff --git a/scripts/restore b/scripts/restore index cca5de4..1b0f63c 100755 --- a/scripts/restore +++ b/scripts/restore @@ -53,6 +53,12 @@ ynh_script_progression --message="Restoring cron job..." --weight=1 ynh_restore_file --origin_path="/etc/cron.d/$app" +#================================================= +# RESTORE LOGS +#================================================= + +ynh_restore_file --origin_path="/var/log/$app" + #================================================= # BACKUP THE LOGROTATE CONFIGURATION #================================================= @@ -109,10 +115,10 @@ ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" # Make sure a log file exists (mostly for CI tests) -logfile="$data_dir/data/nextcloud.log" +logfile="/var/log/$app/nextcloud.log" if [ ! -f "$logfile" ]; then touch "$logfile" - chown $app: "$logfile" + chown "$app:" "$logfile" fi ynh_systemd_action --action=restart --service_name=fail2ban diff --git a/scripts/upgrade b/scripts/upgrade index 7bce6fe..c6ea89a 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -24,7 +24,6 @@ then ynh_die --message="Upgrading from Nextcloud < 22.2 is not supported anymore. You should first upgrade to 22.2 using: yunohost app upgrade nextcloud -u https://github.com/YunoHost-Apps/nextcloud_ynh/tree/41f5f902e7c7cd3c30a6793020562ba98b9bf3e9" fi - #================================================= # SPECIFIC UPGRADE #================================================= @@ -239,6 +238,15 @@ then # Update all installed apps exec_occ app:update --all + # move the logs from the data_dir to the standard /var/log + # it would be better in the ENSURE DOWNWARD COMPATIBILITY section + # but it must be after the exec_occ() definition, so it's here + if [ -f "$data_dir/data/nextcloud.log" ]; then + mv "$data_dir"/data/nextcloud.log* "/var/log/$app" + # adapt the nextcloud config + exec_occ config:system:set logfile --value="/var/log/$app/nextcloud.log" + fi + # Load the config file in nextcloud exec_occ config:import "$nc_conf" @@ -340,9 +348,10 @@ fi # Create a dedicated NGINX config ynh_add_nginx_config -#------------------------------------------------- +#================================================= # CRON JOB -#------------------------------------------------- +#================================================= + cron_path="/etc/cron.d/$app" ynh_add_config --template="nextcloud.cron" --destination="$cron_path" chown root: "$cron_path" @@ -350,17 +359,18 @@ chmod 644 "$cron_path" exec_occ background:cron -#------------------------------------------------- +#================================================= # LOGROTATE -#------------------------------------------------- +#================================================= + ynh_use_logrotate --non-append -#------------------------------------------------- +#================================================= # FAIL2BAN -#------------------------------------------------- +#================================================= # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="$data_dir/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 +ynh_add_fail2ban_config --logpath="/var/log/$app/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 #================================================= # END OF SCRIPT