YunoHost-Apps/nextcloud_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/nextcloud_ynh.git synced 2024-09-03 19:55:57 +02:00
Code Issues Activity Actions

Merge pull request #184 from YunoHost-Apps/testing

Browse source 
Testing
This commit is contained in:
JimboJoe 2019-05-05 22:55:43 +02:00 committed by GitHub
commit 9d33e5aeb1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 311 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
conf/nginx.conf
View file

@ -5,7 +5,8 @@ location = /.well-known/caldav {
return 301 https://$server_name__PATH__/remote.php/dav; return 301 https://$server_name__PATH__/remote.php/dav;
} }
location ^~ __PATH__ { #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location ^~ __PATH__/ {
# Path to source # Path to source
alias __FINALPATH__/; alias __FINALPATH__/;
@ -45,7 +46,7 @@ location ^~ __PATH__ {
#rewrite ^/.well-known/host-meta __PATH__/public.php?service=host-meta last; #rewrite ^/.well-known/host-meta __PATH__/public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json __PATH__/public.php?service=host-meta-json last; #rewrite ^/.well-known/host-meta.json __PATH__/public.php?service=host-meta-json last;
location __PATH__ { location __PATH__/ {
rewrite ^ __PATH__/index.php$request_uri; rewrite ^ __PATH__/index.php$request_uri;
} }

3
conf/php-fpm.conf
View file

@ -392,7 +392,7 @@ chdir = __FINALPATH__
;env[TMP] = /tmp ;env[TMP] = /tmp
;env[TMPDIR] = /tmp ;env[TMPDIR] = /tmp
;env[TEMP] = /tmp ;env[TEMP] = /tmp
env[PATH] = $PATH
; Additional php.ini defines, specific to this pool of workers. These settings ; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the ; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI: ; same as the PHP SAPI:
@ -433,7 +433,6 @@ chdir = __FINALPATH__
php_value[upload_max_filesize] = 10G php_value[upload_max_filesize] = 10G
php_value[post_max_size] = 10G php_value[post_max_size] = 10G
php_value[default_charset] = UTF-8 php_value[default_charset] = UTF-8
php_value[always_populate_raw_post_data] = -1
php_value[opcache.enable]=1 php_value[opcache.enable]=1
php_value[opcache.enable_cli]=1 php_value[opcache.enable_cli]=1
php_value[opcache.interned_strings_buffer]=8 php_value[opcache.interned_strings_buffer]=8

7
conf/php-fpm.ini
View file

@ -1,7 +0,0 @@
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

2
pull_request_template.md
View file

@ -19,6 +19,6 @@
- [ ] **Approval (LGTM)** : - [ ] **Approval (LGTM)** :
- [ ] **Approval (LGTM)** : - [ ] **Approval (LGTM)** :
- **CI succeeded** : - **CI succeeded** :
[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-/) [![Build Status](https://ci-apps-hq.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-/badge/icon)](https://ci-apps-hq.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-/)
*Please replace '-NUM-' in this link by the PR number.* *Please replace '-NUM-' in this link by the PR number.*
When the PR is marked as ready to merge, you have to wait for 3 days before really merging it. When the PR is marked as ready to merge, you have to wait for 3 days before really merging it.

256
scripts/_common.sh
View file

@ -5,6 +5,256 @@
pkg_dependencies="php-gd php-json php-intl php-mcrypt php-curl php-apcu php-redis php-ldap php-imagick php-zip php-mbstring php-xml imagemagick acl tar smbclient at" pkg_dependencies="php-gd php-json php-intl php-mcrypt php-curl php-apcu php-redis php-ldap php-imagick php-zip php-mbstring php-xml imagemagick acl tar smbclient at"
#=================================================
# UNSTABLE HELPERS
#=================================================
# Start (or other actions) a service, print a log in case of failure and optionnaly wait until the service is completely started
#
# usage: ynh_systemd_action [-n service_name] [-a action] [ [-l "line to match"] [-p log_path] [-t timeout] [-e length] ]
# | arg: -n, --service_name= - Name of the service to start. Default : $app
# | arg: -a, --action= - Action to perform with systemctl. Default: start
# | arg: -l, --line_match= - Line to match - The line to find in the log to attest the service have finished to boot.
# If not defined it don't wait until the service is completely started.
# WARNING: When using --line_match, you should always add `ynh_clean_check_starting` into your
# `ynh_clean_setup` at the beginning of the script. Otherwise, tail will not stop in case of failure
# of the script. The script will then hang forever.
# | arg: -p, --log_path= - Log file - Path to the log file. Default : /var/log/$app/$app.log
# | arg: -t, --timeout= - Timeout - The maximum time to wait before ending the watching. Default : 300 seconds.
# | arg: -e, --length= - Length of the error log : Default : 20
ynh_systemd_action() {
# Declare an array to define the options of this helper.
declare -Ar args_array=( [n]=service_name= [a]=action= [l]=line_match= [p]=log_path= [t]=timeout= [e]=length= )
local service_name
local action
local line_match
local length
local log_path
local timeout
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
local service_name="${service_name:-$app}"
local action=${action:-start}
local log_path="${log_path:-/var/log/$service_name/$service_name.log}"
local length=${length:-20}
local timeout=${timeout:-300}
# Start to read the log
if [[ -n "${line_match:-}" ]]
then
local templog="$(mktemp)"
# Following the starting of the app in its log
if [ "$log_path" == "systemd" ] ; then
# Read the systemd journal
journalctl --unit=$service_name --follow --since=-0 --quiet > "$templog" &
# Get the PID of the journalctl command
local pid_tail=$!
else
# Read the specified log file
tail -F -n0 "$log_path" > "$templog" 2>&1 &
# Get the PID of the tail command
local pid_tail=$!
fi
fi
ynh_print_info --message="${action^} the service $service_name"
# Use reload-or-restart instead of reload. So it wouldn't fail if the service isn't running.
if [ "$action" == "reload" ]; then
action="reload-or-restart"
fi
systemctl $action $service_name \
|| ( journalctl --no-pager --lines=$length -u $service_name >&2 \
; test -e "$log_path" && echo "--" >&2 && tail --lines=$length "$log_path" >&2 \
; false )
# Start the timeout and try to find line_match
if [[ -n "${line_match:-}" ]]
then
local i=0
for i in $(seq 1 $timeout)
do
# Read the log until the sentence is found, that means the app finished to start. Or run until the timeout
if grep --quiet "$line_match" "$templog"
then
ynh_print_info --message="The service $service_name has correctly started."
break
fi
if [ $i -eq 3 ]; then
echo -n "Please wait, the service $service_name is ${action}ing" >&2
fi
if [ $i -ge 3 ]; then
echo -n "." >&2
fi
sleep 1
done
if [ $i -ge 3 ]; then
echo "" >&2
fi
if [ $i -eq $timeout ]
then
ynh_print_warn --message="The service $service_name didn't fully started before the timeout."
ynh_print_warn --message="Please find here an extract of the end of the log of the service $service_name:"
journalctl --no-pager --lines=$length -u $service_name >&2
test -e "$log_path" && echo "--" >&2 && tail --lines=$length "$log_path" >&2
fi
ynh_clean_check_starting
fi
}
# Create a dedicated fail2ban config (jail and filter conf files)
#
# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports]
# | arg: -l, --logpath= - Log file to be checked by fail2ban
# | arg: -r, --failregex= - Failregex to be looked for by fail2ban
# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3
# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https
#
# -----------------------------------------------------------------------------
#
# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
# | arg: -t, --use_template - Use this helper in template mode
# | arg: -v, --others_var= - List of others variables to replace separeted by a space
# | for example : 'var_1 var_2 ...'
#
# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf
# __APP__ by $app
#
# You can dynamically replace others variables by example :
# __VAR_1__ by $var_1
# __VAR_2__ by $var_2
#
# Generally your template will look like that by example (for synapse):
#
# f2b_jail.conf:
# [__APP__]
# enabled = true
# port = http,https
# filter = __APP__
# logpath = /var/log/__APP__/logfile.log
# maxretry = 3
#
# f2b_filter.conf:
# [INCLUDES]
# before = common.conf
# [Definition]
#
# # Part of regex definition (just used to make more easy to make the global regex)
# __synapse_start_line = .? \- synapse\..+ \-
#
# # Regex definition.
# failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- <HOST> \- \d+ \- Received request\: POST /_matrix/client/r0/login\??<SKIPLINES>%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'<SKIPLINES>%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$
#
# ignoreregex =
#
# -----------------------------------------------------------------------------
#
# Note about the "failregex" option:
# regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
#
# You can find some more explainations about how to make a regex here :
# https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
#
# Note that the logfile need to exist before to call this helper !!
#
# To validate your regex you can test with this command:
# fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf
#
# Requires YunoHost version 3.?.? or higher.
ynh_add_fail2ban_config () {
# Declare an array to define the options of this helper.
local legacy_args=lrmptv
declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
local logpath
local failregex
local max_retry
local ports
local others_var
local use_template
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
use_template="${use_template:-0}"
max_retry=${max_retry:-3}
ports=${ports:-http,https}
finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
ynh_backup_if_checksum_is_different "$finalfail2banjailconf"
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf"
if [ $use_template -eq 1 ]
then
# Usage 2, templates
cp ../conf/f2b_jail.conf $finalfail2banjailconf
cp ../conf/f2b_filter.conf $finalfail2banfilterconf
if [ -n "${app:-}" ]
then
ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf"
ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf"
fi
# Replace all other variable given as arguments
for var_to_replace in ${others_var:-}; do
# ${var_to_replace^^} make the content of the variable on upper-cases
# ${!var_to_replace} get the content of the variable named $var_to_replace
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf"
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf"
done
else
# Usage 1, no template. Build a config file from scratch.
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
tee $finalfail2banjailconf <<EOF
[$app]
enabled = true
port = $ports
filter = $app
logpath = $logpath
maxretry = $max_retry
EOF
tee $finalfail2banfilterconf <<EOF
[INCLUDES]
before = common.conf
[Definition]
failregex = $failregex
ignoreregex =
EOF
fi
# Common to usage 1 and 2.
ynh_store_file_checksum "$finalfail2banjailconf"
ynh_store_file_checksum "$finalfail2banfilterconf"
systemctl try-reload-or-restart fail2ban
local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
if [[ -n "$fail2ban_error" ]]; then
ynh_print_err --message="Fail2ban failed to load the jail for $app"
ynh_print_warn --message="${fail2ban_error#*WARNING}"
fi
}
# Remove the dedicated fail2ban config (jail and filter conf files)
#
# usage: ynh_remove_fail2ban_config
#
# Requires YunoHost version 3.?.? or higher.
ynh_remove_fail2ban_config () {
ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
systemctl try-reload-or-restart fail2ban
}
#================================================= #=================================================
# EXPERIMENTAL HELPERS # EXPERIMENTAL HELPERS
#================================================= #=================================================
@ -291,7 +541,7 @@ ynh_smart_mktemp () {
elif is_there_enough_space /var; then elif is_there_enough_space /var; then
local tmpdir=/var local tmpdir=/var
elif is_there_enough_space /; then elif is_there_enough_space /; then
local tmpdir=/ local tmpdir=/
elif is_there_enough_space /home; then elif is_there_enough_space /home; then
local tmpdir=/home local tmpdir=/home
else else
@ -317,7 +567,7 @@ ynh_multimedia_build_main_dir () {
local checksum="806a827ba1902d6911095602a9221181" local checksum="806a827ba1902d6911095602a9221181"
# Download yunohost.multimedia scripts # Download yunohost.multimedia scripts
wget -nv https://github.com/YunoHost-Apps/yunohost.multimedia/archive/${ynh_media_release}.tar.gz wget -nv https://github.com/YunoHost-Apps/yunohost.multimedia/archive/${ynh_media_release}.tar.gz
# Check the control sum # Check the control sum
echo "${checksum} ${ynh_media_release}.tar.gz" | md5sum -c --status \ echo "${checksum} ${ynh_media_release}.tar.gz" | md5sum -c --status \
@ -360,7 +610,7 @@ ynh_smart_mktemp () {
elif is_there_enough_space /var; then elif is_there_enough_space /var; then
local tmpdir=/var local tmpdir=/var
elif is_there_enough_space /; then elif is_there_enough_space /; then
local tmpdir=/ local tmpdir=/
elif is_there_enough_space /home; then elif is_there_enough_space /home; then
local tmpdir=/home local tmpdir=/home
else else

8
scripts/backup
View file

@ -66,6 +66,14 @@ ynh_print_info "Backing up logrotate configuration..."
ynh_backup "/etc/logrotate.d/$app" ynh_backup "/etc/logrotate.d/$app"
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
ynh_print_info "Backing up fail2ban configuration..."
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
#================================================= #=================================================
# BACKUP THE CRON FILE # BACKUP THE CRON FILE
#================================================= #=================================================

8
scripts/install
View file

@ -318,6 +318,14 @@ ynh_print_info "Configuring log rotation..."
# Use logrotate to manage application logfile(s) # Use logrotate to manage application logfile(s)
ynh_use_logrotate "$datadir/nextcloud.log" ynh_use_logrotate "$datadir/nextcloud.log"
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_print_info "Configuring fail2ban..."
# Create a dedicated fail2ban config
ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: '<HOST>'.*$" --max_retry=5
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================

8
scripts/remove
View file

@ -70,6 +70,14 @@ ynh_print_info "Removing logrotate configuration"
# Remove the app-specific logrotate config # Remove the app-specific logrotate config
ynh_remove_logrotate ynh_remove_logrotate
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_print_info "Remove fail2ban configuration"
# Remove the dedicated fail2ban config
ynh_remove_fail2ban_config
#================================================= #=================================================
# SPECIFIC REMOVE # SPECIFIC REMOVE
#================================================= #=================================================

17
scripts/restore
View file

@ -141,6 +141,23 @@ ynh_multimedia_build_main_dir
# Allow nextcloud to write into these directories # Allow nextcloud to write into these directories
ynh_multimedia_addaccess $app ynh_multimedia_addaccess $app
#=================================================
# RESTORE THE FAIL2BAN CONFIGURATION
#=================================================
ynh_print_info "Restoring the fail2ban configuration..."
ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
# Make sure a log file exists (mostly for CI tests)
logfile="/home/yunohost.app/$app/data/nextcloud.log"
if [ ! -f "$logfile" ]; then
touch "$logfile"
chown $app: "$logfile"
fi
ynh_systemd_action --action=restart --service_name=fail2ban
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================

12
scripts/upgrade
View file

@ -148,6 +148,10 @@ ynh_print_info "Upgrading php-fpm configuration..."
# Create a dedicated php-fpm config # Create a dedicated php-fpm config
ynh_add_fpm_config ynh_add_fpm_config
# Delete existing ini configuration file (backward compatibility)
if [ -f /etc/php/7.0/fpm/conf.d/20-$app.ini ]; then
ynh_secure_remove /etc/php/7.0/fpm/conf.d/20-$app.ini
fi
#================================================= #=================================================
# UPGRADE DEPENDENCIES # UPGRADE DEPENDENCIES
#================================================= #=================================================
@ -394,6 +398,14 @@ ynh_print_info "Upgrading logrotate configuration..."
# Use logrotate to manage app-specific logfile(s) # Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append ynh_use_logrotate --non-append
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_print_info "Reconfiguring fail2ban..."
# Create a dedicated fail2ban config
ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: '<HOST>'.*$" --max_retry=5
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================