From 3259e4abb5126fb4b4f6ab1ef1fd9c6d841b2b89 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> Date: Mon, 8 Jan 2024 19:34:02 +0100 Subject: [PATCH 1/9] Update change_url: properly reload php-fpm when changing trusted_domains --- scripts/change_url | 35 ++++++++++++++--------------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index 615883e..4ba48b3 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -29,24 +29,24 @@ exec_occ() { if [ $change_domain -eq 1 ] then - # Change the trusted domain - exec_occ config:system:set trusted_domains 1 --value=$new_domain + # Change the trusted domain + exec_occ config:system:set trusted_domains 1 --value=$new_domain - # Change hostname for activity notifications + # Change hostname for activity notifications exec_occ config:system:set overwrite.cli.url --value="https://${new_domain}${new_path}" -fi -if [ $change_domain -eq 1 ] -then - # Check if .well-known is available for this domain - if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav" - then - ynh_print_warn --message="Another app already uses the domain $new_domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book." + # Reload php fpm, necessary for force nextcloud to re-read config.php, cf opcache.revalidate_freq + ynh_systemd_action --service_name=php${phpversion}-fpm --action=reload - # Remove lines about .well-known/carddav and caldav with sed. - sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$new_domain.d/$app.conf" - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - fi + # Check if .well-known is available for this domain + if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav" + then + ynh_print_warn --message="Another app already uses the domain $new_domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book." + + # Remove lines about .well-known/carddav and caldav with sed. + sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$new_domain.d/$app.conf" + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + fi fi #================================================= @@ -62,10 +62,3 @@ ynh_permission_url --permission="api" --url="re:$new_domain\/.well-known\/.*" -- #================================================= ynh_script_progression --message="Change of URL completed for $app" --last - -# Tmp debug for the stupid trusted domain issue x_x -cat /var/www/nextcloud/config/config.php >&$YNH_STDINFO - -systemctl restart php${phpversion}-fpm - -sleep 5 From 5932bdc22ffc36d1f698634c14db69807967a3e8 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> Date: Mon, 8 Jan 2024 20:00:44 +0100 Subject: [PATCH 2/9] Update upgrade: fix inconsistent handling of the php version stuff between major upgrades --- scripts/upgrade | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 32c7001..c7fd701 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -107,7 +107,7 @@ exec_occ() { # Backward compatibility to upgrade from older versions if [ $current_major_version = "last" ] || [ $current_major_version -ge 26 ] then - NEXTCLOUD_PHP_VERSION=$phpversion + NEXTCLOUD_PHP_VERSION="8.2" elif [ $current_major_version -ge 24 ] then NEXTCLOUD_PHP_VERSION="8.1" @@ -117,7 +117,11 @@ exec_occ() { else NEXTCLOUD_PHP_VERSION="7.1" fi - if ! timeout 1 php$NEXTCLOUD_PHP_VERSION 2>/dev/null; then + + # NB : be super careful when designing this part of the code, because calling ynh_install_app_dependencies + # will do magic regarding php configuration and $phpversion when the php version of the dependencies changes ... + phpversion=$(ynh_app_setting_set --app=$app --key=phpversion) + if [[ "$NEXTCLOUD_PHP_VERSION" != "$phpversion" ]; then local pkg_dependencies="$(dpkg-query --show --showformat='${Depends}' ${app}-ynh-deps)" pkg_dependencies="${pkg_dependencies//$phpversion/$NEXTCLOUD_PHP_VERSION}" ynh_install_app_dependencies "$pkg_dependencies" From e1651583be54bee2d276a150d29211fedb04c119 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> Date: Mon, 8 Jan 2024 21:54:18 +0100 Subject: [PATCH 3/9] Update upgrade: stupid typo --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index c7fd701..6950f48 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -121,7 +121,7 @@ exec_occ() { # NB : be super careful when designing this part of the code, because calling ynh_install_app_dependencies # will do magic regarding php configuration and $phpversion when the php version of the dependencies changes ... phpversion=$(ynh_app_setting_set --app=$app --key=phpversion) - if [[ "$NEXTCLOUD_PHP_VERSION" != "$phpversion" ]; then + if [[ "$NEXTCLOUD_PHP_VERSION" != "$phpversion" ]]; then local pkg_dependencies="$(dpkg-query --show --showformat='${Depends}' ${app}-ynh-deps)" pkg_dependencies="${pkg_dependencies//$phpversion/$NEXTCLOUD_PHP_VERSION}" ynh_install_app_dependencies "$pkg_dependencies" From 10c7976d054d1b17d884185c4a1e35dc7b2d0350 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 8 Jan 2024 23:00:49 +0100 Subject: [PATCH 4/9] During upgrade, the backup of config.php should occurr before the maintenance mode is set to on, otherwise the restored version will have maintenance=true and appear as manually modified.. --- scripts/upgrade | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 6950f48..ac1c1e1 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -221,12 +221,12 @@ EOF # Install the next nextcloud version in $tmpdir ynh_setup_source --dest_dir="$tmpdir" - # Enable maintenance mode - exec_occ maintenance:mode --on - # Backup the config file in the temp dir cp -a "$install_dir/config/config.php" "$tmpdir/config/config.php" + # Enable maintenance mode + exec_occ maintenance:mode --on + # Backup 3rd party applications from the current Nextcloud # But do not overwrite if there is any upgrade # (apps directory already exists in Nextcloud archive) From f2829d02bc69b59249133053760d807f5e6cf58f Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 8 Jan 2024 23:02:58 +0100 Subject: [PATCH 5/9] Zgrompf --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index ac1c1e1..fd7a5f6 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -120,7 +120,7 @@ exec_occ() { # NB : be super careful when designing this part of the code, because calling ynh_install_app_dependencies # will do magic regarding php configuration and $phpversion when the php version of the dependencies changes ... - phpversion=$(ynh_app_setting_set --app=$app --key=phpversion) + phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) if [[ "$NEXTCLOUD_PHP_VERSION" != "$phpversion" ]]; then local pkg_dependencies="$(dpkg-query --show --showformat='${Depends}' ${app}-ynh-deps)" pkg_dependencies="${pkg_dependencies//$phpversion/$NEXTCLOUD_PHP_VERSION}" From bee14c89729b694f0953ece8f9143f1721ff6821 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 8 Jan 2024 23:10:11 +0100 Subject: [PATCH 6/9] Simplify the overly complex mess about fpm_usage, fpm_footprint ... and fpm_free_footprint doesn't seem to even be something used anywhere --- scripts/config | 2 +- scripts/install | 25 +++---------------------- scripts/remove | 6 ------ scripts/restore | 8 +------- scripts/upgrade | 30 +----------------------------- 5 files changed, 6 insertions(+), 65 deletions(-) diff --git a/scripts/config b/scripts/config index 5a7a2ac..35e9cd0 100644 --- a/scripts/config +++ b/scripts/config @@ -120,7 +120,7 @@ ynh_app_config_validate() { ynh_app_config_apply() { _ynh_app_config_apply - ynh_add_fpm_config --phpversion=$phpversion --usage=$fpm_usage --footprint=$fpm_footprint + ynh_add_fpm_config } ynh_app_config_run $1 diff --git a/scripts/install b/scripts/install index c1b9599..fe87cb8 100755 --- a/scripts/install +++ b/scripts/install @@ -1,33 +1,13 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers source _ynh_mysql_connect_as.sh -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= - maintenance_mode=0 -fpm_footprint="high" -fpm_free_footprint=0 -fpm_usage="medium" phpflags="--define apc.enable_cli=1" -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= - ynh_app_setting_set --app=$app --key=maintenance_mode --value=$maintenance_mode -ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint -ynh_app_setting_set --app=$app --key=fpm_free_footprint --value=$fpm_free_footprint -ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage ynh_app_setting_set --app=$app --key=phpflags --value=$phpflags #================================================= @@ -65,8 +45,9 @@ ynh_setup_source --dest_dir="$install_dir" #================================================= ynh_script_progression --message="Configuring PHP-FPM..." --weight=5 -# Create a dedicated PHP-FPM config -ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint +ynh_app_setting_set --app=$app --key=fpm_footprint --value=high +ynh_app_setting_set --app=$app --key=fpm_usage --value=medium +ynh_add_fpm_config #================================================= # NGINX CONFIGURATION diff --git a/scripts/remove b/scripts/remove index d09cafe..c39ac68 100755 --- a/scripts/remove +++ b/scripts/remove @@ -1,11 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers diff --git a/scripts/restore b/scripts/restore index 90d8fba..fe6be1e 100755 --- a/scripts/restore +++ b/scripts/restore @@ -1,11 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers source ../settings/scripts/_ynh_mysql_connect_as.sh @@ -35,7 +29,7 @@ ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=50 ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" # Recreate a dedicated php-fpm config -ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint --phpversion=$phpversion +ynh_add_fpm_config #================================================= # RESTORE THE NGINX CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index fd7a5f6..f84cb99 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,18 +1,8 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers -#================================================= -# CHECK VERSION -#================================================= - upgrade_type=$(ynh_check_app_version_changed) #================================================= @@ -29,24 +19,6 @@ if [ -z "${maintenance_mode:-}" ]; then ynh_app_setting_set --app=$app --key=maintenance_mode --value=$maintenance_mode fi -# If fpm_footprint doesn't exist, create it -if [ -z "${fpm_footprint:-}" ]; then - fpm_footprint=high - ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint -fi - -# If fpm_free_footprint doesn't exist, create it -if [ -z "${fpm_free_footprint:-}" ]; then - fpm_free_footprint=0 - ynh_app_setting_set --app=$app --key=fpm_free_footprint --value=$fpm_free_footprint -fi - -# If fpm_usage doesn't exist, create it -if [ -z "${fpm_usage:-}" ]; then - fpm_usage=medium - ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage -fi - # If phpflags doesn't exist, create it if [ -z "${phpflags:-}" ]; then phpflags="--define apc.enable_cli=1" @@ -64,7 +36,7 @@ fi ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2 # Recreate a dedicated PHP-FPM config -ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint +ynh_add_fpm_config #================================================= # NGINX CONFIGURATION From fe63ef6dfc01132a654a65a50d8f825d0b51823a Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 8 Jan 2024 23:33:05 +0100 Subject: [PATCH 7/9] Fix custom getter for fpm_free_footprint >_> --- scripts/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config b/scripts/config index 35e9cd0..1b5e26b 100644 --- a/scripts/config +++ b/scripts/config @@ -49,7 +49,7 @@ get__fpm_footprint() { fi } -get__free_footprint() { +get__fpm_free_footprint() { # Free footprint value for php-fpm # Check if current_fpm_footprint is an integer if [ "$current_fpm_footprint" -eq "$current_fpm_footprint" ] 2> /dev/null From 07ed2f2ecd56041e56117a5ba331dc9b47b01e82 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 9 Jan 2024 19:45:52 +0100 Subject: [PATCH 8/9] No need to create the 'maintenance_mode' thing because there's a custom getter ... --- scripts/install | 2 -- scripts/upgrade | 6 ------ 2 files changed, 8 deletions(-) diff --git a/scripts/install b/scripts/install index fe87cb8..6e5858a 100755 --- a/scripts/install +++ b/scripts/install @@ -4,10 +4,8 @@ source _common.sh source /usr/share/yunohost/helpers source _ynh_mysql_connect_as.sh -maintenance_mode=0 phpflags="--define apc.enable_cli=1" -ynh_app_setting_set --app=$app --key=maintenance_mode --value=$maintenance_mode ynh_app_setting_set --app=$app --key=phpflags --value=$phpflags #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index f84cb99..6e082f1 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -13,12 +13,6 @@ ynh_script_progression --message="Ensuring downward compatibility..." # Remove the option backup_core_only if it's in the settings.yml file ynh_app_setting_delete --app=$app --key=backup_core_only -# If maintenance_mode doesn't exist, create it -if [ -z "${maintenance_mode:-}" ]; then - maintenance_mode=0 - ynh_app_setting_set --app=$app --key=maintenance_mode --value=$maintenance_mode -fi - # If phpflags doesn't exist, create it if [ -z "${phpflags:-}" ]; then phpflags="--define apc.enable_cli=1" From 862ee4f08f02be9dee1debaacfa7ff5b8b1dd8df Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 9 Jan 2024 19:53:18 +0100 Subject: [PATCH 9/9] Rework upgrade script to move the fpm config, nginx and all system configurations at the end --- scripts/upgrade | 114 +++++++++++++++++++++--------------------------- 1 file changed, 50 insertions(+), 64 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 6e082f1..280eb7d 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -24,40 +24,6 @@ if [ -f /etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini ]; then ynh_secure_remove --file=/etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini fi -#================================================= -# PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2 - -# Recreate a dedicated PHP-FPM config -ynh_add_fpm_config - -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2 - -ynh_backup_if_checksum_is_different --file="/etc/nginx/conf.d/$domain.d/$app.conf" - -# Delete current NGINX configuration to be able to check if .well-known is already served. -ynh_remove_nginx_config -ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$app.conf" - -# Wait untils NGINX has fully reloaded -ynh_systemd_action --service_name=nginx --action=reload --line_match="Reloaded" --log_path="systemd" - -# Check if .well-known is available for this domain -if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" -then - ynh_print_warn --message="Another app already uses the domain $domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book." - - # Remove lines about .well-known/carddav and caldav with sed. - sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf" -fi - -# Create a dedicated NGINX config -ynh_add_nginx_config - #================================================= # SPECIFIC UPGRADE #================================================= @@ -309,21 +275,9 @@ EOF fi #================================================= -# UPDATE THE CRON JOB -#================================================= - -cron_path="/etc/cron.d/$app" -ynh_add_config --template="../conf/nextcloud.cron" --destination="$cron_path" -chown root: "$cron_path" -chmod 644 "$cron_path" - -exec_occ background:cron - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES +# REGEN SYSTEM CONFIGURATIONS #================================================= +ynh_script_progression --message="Reapplying file permissions..." --weight=2 # Fix app ownerships & permissions chown -R $app:www-data "$install_dir" @@ -337,30 +291,62 @@ chmod 755 /home/yunohost.app chmod 750 $install_dir #================================================= -# SETUP LOGROTATE +# REGEN SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." +ynh_script_progression --message="Regenerating system configurations for $app..." --weight=2 -# Use logrotate to manage app-specific logfile(s) +# ------- +# PHP-FPM +# ------- + +ynh_add_fpm_config + +# ------- +# NGINX +# ------- + +# Delete current NGINX configuration to be able to check if .well-known is already served. +ynh_backup_if_checksum_is_different --file="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_remove_nginx_config +ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$app.conf" + +# Wait untils NGINX has fully reloaded +ynh_systemd_action --service_name=nginx --action=reload --line_match="Reloaded" --log_path="systemd" + +# Check if .well-known is available for this domain +if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" +then + ynh_print_warn --message="Another app already uses the domain $domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book." + + # Remove lines about .well-known/carddav and caldav with sed. + sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf" +fi + +# Create a dedicated NGINX config +ynh_add_nginx_config + +# ------- +# CRON JOB +# ------- +cron_path="/etc/cron.d/$app" +ynh_add_config --template="../conf/nextcloud.cron" --destination="$cron_path" +chown root: "$cron_path" +chmod 644 "$cron_path" + +exec_occ background:cron + +# ------- +# LOGROTATE +# ------- ynh_use_logrotate --non-append -#================================================= -# SETUP FAIL2BAN -#================================================= -ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=7 +# ------- +# FAIL2BAN +# ------- # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 -#================================================= -# GENERIC FINALIZATION -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading PHP-FPM..." --weight=2 - -ynh_systemd_action --service_name="php${phpversion}-fpm" --action=reload - #================================================= # END OF SCRIPT #=================================================