diff --git a/README.md b/README.md index 4aa69b8..c491a97 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ntfy (pronounce: *notify*) is a simple HTTP-based pub-sub notification service. It allows you to send notifications to your phone or desktop via scripts from any computer, entirely without signup, cost or setup. It's also open source if you want to run your own. -**Shipped version:** 2.8.0~ynh1 +**Shipped version:** 2.8.0~ynh2 **Demo:** https://ntfy.sh/app ## Documentation and resources diff --git a/README_fr.md b/README_fr.md index 5be4e20..03579b6 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po ntfy (prononcer : *notify*) est un simple service de notification pub-sub basé sur HTTP. Il vous permet d'envoyer des notifications sur votre téléphone ou votre ordinateur via des scripts depuis n'importe quel ordinateur, sans inscription, sans frais ni configuration. Il est également open source si vous souhaitez exécuter le vôtre. -**Version incluse :** 2.8.0~ynh1 +**Version incluse :** 2.8.0~ynh2 **Démo :** https://ntfy.sh/app ## Documentations et ressources diff --git a/conf/nginx.conf b/conf/nginx.conf index f9431e9..c6ec61b 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -9,7 +9,7 @@ location __PATH__/ { proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Authorization $http_authorization; - proxy_pass_header Authorization; + proxy_pass_header Authorization; proxy_connect_timeout 3m; proxy_send_timeout 3m; diff --git a/conf/server.yml b/conf/server.yml index be808c0..c47da2f 100644 --- a/conf/server.yml +++ b/conf/server.yml @@ -3,6 +3,9 @@ # Please refer to the documentation at https://ntfy.sh/docs/config/ for details. # All options also support underscores (_) instead of dashes (-) to comply with the YAML spec. +base-url: "https://__DOMAIN__" +listen-http: "127.0.0.1:__PORT__" + cache-file: __INSTALL_DIR__/data/cache.db cache-startup-queries: | pragma journal_mode = WAL; @@ -15,6 +18,9 @@ auth-file: __INSTALL_DIR__/data/user.db auth-default-access: "deny-all" enable-login: true +# Tell ntfy to use "X-Forwarded-For" to identify visitors +behind-proxy: true + attachment-cache-dir: __INSTALL_DIR__/data/attachments upstream-base-url: "https://ntfy.sh" diff --git a/conf/systemd.service b/conf/systemd.service index 793ff90..6695ed8 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -3,9 +3,6 @@ Description=ntfy server After=network.target [Service] -Environment="NTFY_LISTEN_HTTP=localhost:__PORT__" -Environment="NTFY_BASE_URL=https://__DOMAIN__" -Environment="NTFY_BEHIND_PROXY=1" Environment="NTFY_CONFIG_FILE=__INSTALL_DIR__/server.yml" Type=simple diff --git a/manifest.toml b/manifest.toml index 5de5c19..c21e57d 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "ntfy" description.en = "Open Source Push Notification Server" description.fr = "Serveur open source de notification" -version = "2.8.0~ynh1" +version = "2.8.0~ynh2" maintainers = ["Alexander Wühr"] @@ -32,44 +32,42 @@ ram.build = "50M" ram.runtime = "50M" [install] - [install.domain] - type = "domain" +[install.domain] +type = "domain" - [install.init_main_permission] - type = "group" - default = "visitors" +[install.admin] +type = "user" - [install.admin] - type = "user" - - [install.password] - type = "password" +[install.password] +type = "password" [resources] - [resources.sources] - [resources.sources.main] - autoupdate.strategy = "latest_github_release" +[resources.sources] +[resources.sources.main] +autoupdate.strategy = "latest_github_release" - autoupdate.asset.amd64 = '.*_linux_amd64\.tar\.gz' - autoupdate.asset.arm64 = '.*_linux_arm64\.tar\.gz' - autoupdate.asset.armhf = '.*_linux_armv7\.tar\.gz' +autoupdate.asset.amd64 = '.*_linux_amd64\.tar\.gz' +autoupdate.asset.arm64 = '.*_linux_arm64\.tar\.gz' +autoupdate.asset.armhf = '.*_linux_armv7\.tar\.gz' - amd64.url = "https://github.com/binwiederhier/ntfy/releases/download/v2.8.0/ntfy_2.8.0_linux_amd64.tar.gz" - amd64.sha256 = "7158312a9f6e49daf94355e63a8fa73e04f3c2d5defc2bba0cbf3e35fdf7bf9a" +amd64.url = "https://github.com/binwiederhier/ntfy/releases/download/v2.8.0/ntfy_2.8.0_linux_amd64.tar.gz" +amd64.sha256 = "7158312a9f6e49daf94355e63a8fa73e04f3c2d5defc2bba0cbf3e35fdf7bf9a" - arm64.url = "https://github.com/binwiederhier/ntfy/releases/download/v2.8.0/ntfy_2.8.0_linux_arm64.tar.gz" - arm64.sha256 = "918d0a81355288ef60e8ef0d0587630f069c5c75909a12d6abbdb2e1628dbc52" +arm64.url = "https://github.com/binwiederhier/ntfy/releases/download/v2.8.0/ntfy_2.8.0_linux_arm64.tar.gz" +arm64.sha256 = "918d0a81355288ef60e8ef0d0587630f069c5c75909a12d6abbdb2e1628dbc52" - armhf.url = "https://github.com/binwiederhier/ntfy/releases/download/v2.8.0/ntfy_2.8.0_linux_armv7.tar.gz" - armhf.sha256 ="bf63f969b64889158bb0daa2f55f2e3356516a0c4ff2f57d0392a0c7df0abefc" +armhf.url = "https://github.com/binwiederhier/ntfy/releases/download/v2.8.0/ntfy_2.8.0_linux_armv7.tar.gz" +armhf.sha256 = "bf63f969b64889158bb0daa2f55f2e3356516a0c4ff2f57d0392a0c7df0abefc" - [resources.system_user] +[resources.system_user] - [resources.install_dir] +[resources.install_dir] - [resources.permissions] - main.url = "/" - main.auth_header = false +[resources.permissions] +main.url = "/" +main.auth_header = false +main.protected = true +main.allowed = "visitors" - [resources.ports] - main.default = 8080 +[resources.ports] +main.default = 8080 diff --git a/scripts/backup b/scripts/backup index f887e84..b47e55d 100755 --- a/scripts/backup +++ b/scripts/backup @@ -21,11 +21,15 @@ ynh_print_info --message="Declaring files to be backed up..." ynh_backup --src_path="$install_dir" #================================================= -# BACKUP THE NGINX CONFIGURATION +# BACKUP SYSTEM CONFIGURATION #================================================= ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +# Backup the Fail2Ban config +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + #================================================= # BACKUP SYSTEMD #================================================= diff --git a/scripts/change_url b/scripts/change_url index 572b377..6084121 100755 --- a/scripts/change_url +++ b/scripts/change_url @@ -16,7 +16,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/$app.log" #================================================= # MODIFY URL IN NGINX CONF @@ -39,7 +39,7 @@ ynh_add_systemd_config #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 1041919..c7e949b 100755 --- a/scripts/install +++ b/scripts/install @@ -21,7 +21,7 @@ ynh_setup_source --dest_dir="$install_dir" mkdir -p "$install_dir/data" chmod -R 750 "$install_dir/data" -chown -R $app:$app "$install_dir" +chown -R "$app:$app" "$install_dir" ynh_secure_remove "$install_dir/client" ynh_secure_remove "$install_dir/server" @@ -44,7 +44,10 @@ ynh_add_nginx_config ynh_add_systemd_config -yunohost service add $app --description="Open Source Push Notification Server" --log="/var/log/$app/$app.log" +yunohost service add "$app" --description="Open Source Push Notification Server" --log="/var/log/$app/$app.log" + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="limiting requests, excess:.* by zone.*client: " #================================================= # ADD A CONFIGURATION @@ -52,7 +55,7 @@ yunohost service add $app --description="Open Source Push Notification Server" - ynh_script_progression --message="Adding a configuration file..." --weight=1 ynh_add_config -t "ntfy.sh" -d "$install_dir/ntfy.sh" -chown $app:$app "$install_dir/ntfy.sh" +chown "$app:$app" "$install_dir/ntfy.sh" chmod u+x "$install_dir/ntfy.sh" #================================================= @@ -62,14 +65,14 @@ chmod u+x "$install_dir/ntfy.sh" #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" #================================================= # ADD ADMIN #================================================= ynh_script_progression --message="Adding admin user..." --weight=1 -ynh_exec_as $app NTFY_PASSWORD="$password" $install_dir/ntfy.sh user add --role=admin $admin +ynh_exec_as "$app" NTFY_PASSWORD="$password" "$install_dir/ntfy.sh" user add --role=admin "$admin" #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 6dc0d3b..dc4bfb6 100755 --- a/scripts/remove +++ b/scripts/remove @@ -9,10 +9,10 @@ source /usr/share/yunohost/helpers # REMOVE SYSTEMD SERVICE #================================================= # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status $app >/dev/null +if ynh_exec_warn_less yunohost service status "$app" >/dev/null then ynh_script_progression --message="Removing $app service integration..." --weight=1 - yunohost service remove $app + yunohost service remove "$app" fi ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 @@ -21,6 +21,8 @@ ynh_remove_systemd_config ynh_remove_nginx_config +ynh_remove_fail2ban_config + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 1566077..50ba918 100755 --- a/scripts/restore +++ b/scripts/restore @@ -17,30 +17,32 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" -chown -R $app:www-data "$install_dir" +chown -R "$app:www-data" "$install_dir" #================================================= # RESTORE SYSTEM CONFIGURATIONS #================================================= -# RESTORE THE PHP-FPM CONFIGURATION -#================================================= ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/systemd/system/$app.service" -systemctl enable $app.service --quiet +systemctl enable "$app.service" --quiet -yunohost service add $app --description="Open Source Push Notification Server" --log="/var/log/$app/$app.log" +yunohost service add "$app" --description="Open Source Push Notification Server" --log="/var/log/$app/$app.log" + +ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban #================================================= # GENERIC FINALIZATION #================================================= -# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE +# RELOAD NGINX AND THE APP SERVICE #================================================= ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index aa1b779..d19fadb 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -16,7 +16,7 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/$app.log" #================================================= # "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...) @@ -33,7 +33,7 @@ then mkdir -p "$install_dir/data" chmod -R 750 "$install_dir/data" - chown -R $app:$app "$install_dir" + chown -R "$app:$app" "$install_dir" ynh_secure_remove "$install_dir/client" ynh_secure_remove "$install_dir/server" @@ -48,7 +48,7 @@ ynh_add_nginx_config ynh_add_systemd_config -yunohost service add $app --description="Open Source Push Notification Server" --log="/var/log/$app/$app.log" +yunohost service add "$app" --description="Open Source Push Notification Server" --log="/var/log/$app/$app.log" #================================================= # RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...) @@ -59,6 +59,9 @@ ynh_script_progression --message="Updating a configuration file..." --weight=1 ynh_add_config --template="server.yml" --destination="$install_dir/server.yml" +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="limiting requests, excess:.* by zone.*client: " + #================================================= # ADD A CONFIGURATION #================================================= @@ -66,7 +69,7 @@ ynh_script_progression --message="Updating simple command wrapper..." --weight=1 ynh_add_config --template="ntfy.sh" --destination="$install_dir/ntfy.sh" -chown $app:$app "$install_dir/ntfy.sh" +chown "$app:$app" "$install_dir/ntfy.sh" chmod u+x "$install_dir/ntfy.sh" #================================================= @@ -74,7 +77,7 @@ chmod u+x "$install_dir/ntfy.sh" #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" #================================================= # END OF SCRIPT diff --git a/tests.toml b/tests.toml index cded3e3..287383f 100644 --- a/tests.toml +++ b/tests.toml @@ -1,6 +1,14 @@ test_format = 1.0 [default] - test_upgrade_from.727dfd9.name = "Upgrade from 2.6.2~ynh1" - test_upgrade_from.e89c0fb.name = "Upgrade from 2.5.0~ynh1" - #test_upgrade_from.5b729db.name = "Upgrade from 2.4.0~ynh1" + +# ntfy needs to be publicly exposed to properly work, see #34 +exclude = "install.private" + +# ------------------------------- +# Commits to test upgrade from +# ------------------------------- + +test_upgrade_from.727dfd9.name = "Upgrade from 2.6.2~ynh1" +test_upgrade_from.e89c0fb.name = "Upgrade from 2.5.0~ynh1" +#test_upgrade_from.5b729db.name = "Upgrade from 2.4.0~ynh1"