YunoHost-Apps/osada_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/osada_ynh.git synced 2024-09-03 19:46:30 +02:00
Code Issues Activity Actions

Fix

Browse source
This commit is contained in:
ericgaspar 2021-07-15 07:41:29 +02:00
parent 81e4171aca
commit 6a8616c699
11 changed files with 267 additions and 199 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
conf/app.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://codeberg.org/zot/osada/archive/0c22781a2271170d0557881ac58a202148351c64.tar.gz
SOURCE_SUM=0cdd761aac0f1a382f6593868bd66d9919333fda4edeb1f2904d13a01febbeed
SOURCE_SUM=
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=

2
conf/cron Executable file
View file

@ -0,0 +1,2 @@
# Run poller periodically to update Osada
*/10 * * * * __APP__ cd __FINALPATH__; /usr/bin/php__PHPVERSION__ Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1

95
conf/htconfig.sample.php Normal file
View file

@ -0,0 +1,95 @@
<?php
// If automatic system installation fails:
// Copy or rename this file to .htconfig.php in the top level
// Hubzilla directory
// Why .htconfig.php? Because it contains sensitive information which could
// give somebody complete control of your database. Apache's default
// configuration denies access to and refuses to serve any file beginning
// with .ht
// Then set the following for your MySQL installation
$db_host = 'localhost'; // Use 'localhost' if you aren't using a remote server
$db_port = 0; // leave 0 for default or set your port
$db_user = '__DB_NAME__';
$db_pass = '__DB_PWD__';
$db_data = '__DB_NAME__';
$db_type = 0; // use 1 for postgres, 0 for mysql
/*
* Notice: Many of the following settings will be available in the admin panel
* after a successful site install. Once they are set in the admin panel, they
* are stored in the DB - and the DB setting will over-ride any corresponding
* setting in this file
*
* The command-line tool util/config is able to query and set the DB items
* directly if for some reason the admin panel is not available and a system
* setting requires modification.
*
*/
// Choose a legal default timezone. If you are unsure, use "America/Los_Angeles".
// It can be changed later and only applies to timestamps for anonymous viewers.
App::$config['system']['timezone'] = 'America/Los_Angeles';
// What is your site name? DO NOT ADD A TRAILING SLASH!
App::$config['system']['baseurl'] = 'https://__DOMAIN__';
App::$config['system']['sitename'] = "Zap";
App::$config['system']['location_hash'] = '__RANDOM_STRING__';
// These lines set additional security headers to be sent with all responses
// You may wish to set transport_security_header to 0 if your server already sends
// this header. content_security_policy may need to be disabled if you wish to
// run the piwik analytics plugin or include other offsite resources on a page
App::$config['system']['transport_security_header'] = 1;
App::$config['system']['content_security_policy'] = 1;
App::$config['system']['ssl_cookie_protection'] = 1;
// Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED.
// Be certain to create your own personal account before setting
// REGISTER_CLOSED. 'register_text' (if set) will be displayed prominently on
// the registration page. REGISTER_APPROVE requires you set 'admin_email'
// to the email address of an already registered person who can authorise
// and/or approve/deny the request.
// In order to perform system administration via the admin panel, admin_email
// must precisely match the email address of the person logged in.
App::$config['system']['register_policy'] = REGISTER_OPEN;
App::$config['system']['register_text'] = '';
App::$config['system']['admin_email'] = '__EMAIL__';
// Location of PHP command line processor
App::$config['system']['php_path'] = '/usr/bin/php__PHPVERSION__';
// Configure how we communicate with directory servers.
// DIRECTORY_MODE_NORMAL = directory client, we will find a directory (all of your member's queries will be directed elsewhere)
// DIRECTORY_MODE_SECONDARY = caching directory or mirror (keeps in sync with realm primary [adds significant cron execution time])
// DIRECTORY_MODE_PRIMARY = main directory server (you do not want this unless you are operating your own realm. one per realm.)
// DIRECTORY_MODE_STANDALONE = "off the grid" or private directory services (only local site members in directory)
App::$config['system']['directory_mode'] = DIRECTORY_MODE_NORMAL;
// PHP error logging setup
// Before doing this ensure that the webserver has permission
// to create and write to php.out in the top level Red directory,
// or change the name (below) to a file/path where this is allowed.
ini_set('display_errors', '0');
// Uncomment the following 4 lines to turn on PHP error logging.
error_reporting(E_ERROR | E_PARSE );
ini_set('error_log','php.out');
ini_set('log_errors','1');

45
conf/nginx.conf
View file

@ -1,16 +1,14 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
alias __FINALPATH__/;
# Force https
if ($scheme = http)
{
rewrite ^ https://$server_name$request_uri? permanent;
}
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
if (!-e $request_filename)
{
if (!-e $request_filename){
rewrite ^(.*)$ /index.php?req=$1;
}
@ -21,21 +19,17 @@ location __PATH__/ {
index index.php;
charset utf-8;
# Example PHP configuration
location ~* \.php$
{
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
location ~* \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# make sure webfinger and other well known services aren't blocked
# by denying dot files and rewrite request to the front controller
location ^~ /.well-known/
{
location ^~ /.well-known/ {
allow all;
if (!-e $request_filename)
{
@ -53,20 +47,17 @@ location __PATH__/ {
# }
# block these file types
location ~* \.(tpl|md|tgz|log|out)$
{
location ~* \.(tpl|md|tgz|log|out)$ {
deny all;
}
# deny access to all dot files
location ~ /\.
{
location ~ /\. {
deny all;
}
#deny access to store
location ~ /store
{
location ~ /store {
deny all;
}
@ -74,5 +65,5 @@ location __PATH__/ {
location ~ /util {
deny all;
}
}
}

108
conf/php-fpm.conf
View file

@ -1,10 +1,11 @@
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[__NAMETOCHANGE__]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
@ -24,28 +25,35 @@ group = __USER__
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock
listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock
; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: 128 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 128
; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = www-data
listen.group = www-data
;listen.mode = 0660
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
@ -59,7 +67,13 @@ listen.group = www-data
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; priority = -19
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
; or group is differrent than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
@ -96,7 +110,7 @@ pm = dynamic
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 10
pm.max_children = 5
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
@ -117,12 +131,12 @@ pm.max_spare_servers = 3
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 500
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
@ -170,7 +184,7 @@ pm.max_requests = 500
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
@ -215,7 +229,7 @@ pm.max_requests = 500
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: ${prefix}/share/fpm/status.html
; It's available in: /usr/share/php/7.0/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
@ -275,7 +289,7 @@ pm.max_requests = 500
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: ouput header
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
@ -283,7 +297,7 @@ pm.max_requests = 500
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
@ -291,47 +305,51 @@ pm.max_requests = 500
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_slowlog_timeout = 5s
;request_slowlog_timeout = 0
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_terminate_timeout = 1d
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
@ -347,16 +365,25 @@ chdir = __FINALPATH__
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
catch_workers_output = yes
;catch_workers_output = yes
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
@ -370,7 +397,7 @@ catch_workers_output = yes
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
@ -392,13 +419,12 @@ catch_workers_output = yes
;php_admin_value[memory_limit] = 32M
; Common values to change to increase file upload limit
; upload_max_filesize = 50M
; post_max_size = 50M
; mail.add_x_header = Off
; php_admin_value[upload_max_filesize] = 50M
; php_admin_value[post_max_size] = 50M
; php_admin_flag[mail.add_x_header] = Off
; Other common parameters
; max_execution_time = 600
; max_input_time = 300
; memory_limit = 256M
; short_open_tag = On
; cgi.fix_pathinfo = 0;
; php_admin_value[max_execution_time] = 600
; php_admin_value[max_input_time] = 300
; php_admin_value[memory_limit] = 256M
; php_admin_flag[short_open_tag] = On

2
conf/poller-cron
View file

@ -1,2 +0,0 @@
# Run poller periodically to update Osada
*/10 * * * * __USER__ cd YNH_WWW_PATH; /usr/bin/php Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1

18
manifest.json
View file

@ -3,8 +3,8 @@
"id": "osada",
"name": "osada",
"description": {
"en": "Osada is a decentralized publication platform and social network.",
"fr": "Osada est une plateforme de publication décentralisée et un réseau social."
"en": "Decentralized publication platform and social network",
"fr": "Plateforme de publication décentralisée et un réseau social"
},
"url": "http://zotlabs.com/osada/",
"license": "MIT",
@ -15,12 +15,12 @@
},
"services": [
"nginx",
"php7.0-fpm",
"php7.3-fpm",
"mysql",
"postgresql"
],
"requirements": {
"yunohost": ">= 4.0.0"
"yunohost": ">= 4.2.4"
},
"multi_instance": true,
"arguments": {
@ -28,18 +28,12 @@
{
"name": "domain",
"type": "domain",
"ask": {
"en": "Choose a domain for your Osada. Osada must run in the root of this domain. It means no other app can be accessed/run from this domain. We advise to use a dedicated subdomain such as osada.domain.tld",
"fr": "Indiquez un domain pour Osada. Osada doit être installé à la racine du domaine. Cela implique qu'aucune autre app ne pourra être installée ou accessible sur ce domain. Nous conseillons un sous-domaine dédié par exemple osada.domain.tld."
}
"example": "example.com"
},
{
"name": "admin",
"type": "user",
"ask": {
"en": "Choose the Osada administrator (must be an existing YunoHost user)",
"fr": "Choisissez l'administrateur de Osada (doit être un utilisateur YunoHost existant)"
}
"example": "johndoe"
},
{
"name": "database",

3
scripts/backup
View file

@ -23,7 +23,8 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)

97
scripts/install
View file

@ -27,7 +27,7 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN
path_url="/"
admin=$YNH_APP_ARG_ADMIN
email=$(yunohost user info $admin | grep "mail:" | cut -d' ' -f2)
email=$(ynh_user_get_info --username=$admin --key=mail)
upload="256M"
random_string="$(ynh_string_random)$(ynh_string_random)$(ynh_string_random)"
database=`expr $YNH_APP_ARG_DATABASE`
@ -69,6 +69,14 @@ if [ $database -eq 2 ]; then
ynh_install_app_dependencies $pkg_dependencies
fi
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -114,7 +122,6 @@ pushd "$final_path"
ln -s ../extend/addon/zaddons/$base $base
done
popd
@ -123,17 +130,17 @@ ynh_script_progression --message="Creating smarty3 folder for personal data..."
mkdir -p "${final_path}/store"
mkdir -p "${final_path}/cache/smarty3"
chmod -R 777 $final_path/store $final_path/cache
# Copy the template install/htconfig.sample.php to .htconfig.php
ynh_script_progression --message="Moving .htconfig.php to root of Osada ..."
config="$final_path/.htconfig.php"
cp $final_path/install/htconfig.sample.php $config
# Create php.log inside Osada for logs
ynh_script_progression --message="Create php.log for the Osada debuging..."
touch "$final_path/php.log"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
chmod -R 755 $final_path/store $final_path/cache
#=================================================
# CREATE A DATABASE
#=================================================
@ -161,46 +168,6 @@ else
ynh_die --message="Some problem occured in creating the database, contact maintainer"
fi
#=================================================
# MODIFY A CONFIG FILE
#=================================================
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
ynh_replace_string --match_string="your.mysqlhost.com" --replace_string="localhost" --target_file="$config"
ynh_replace_string --match_string= "mysqlpassword" --replace_string="$db_pwd" --target_file="$config"
ynh_replace_string --match_string="mysqlusername" --replace_string="$db_name" --target_file="$config"
ynh_replace_string --match_string= "mysqldatabasename" --replace_string="$db_name" --target_file="$config"
ynh_replace_string --match_string= "mysite.example" --replace_string="$domain" --target_file="$config"
ynh_replace_string --match_string= "if the auto install failed, put a unique random string here" --replace_string="$random_string" --target_file="$config"
sed -i "s/\['admin_email'\] = '';/\['admin_email'\] = '$email';/g" "$config"
ynh_replace_string --match_string= "//error_reporting(E_ERROR | E_WARNING | E_PARSE );" --replace_string="error_reporting(E_ERROR | E_WARNING | E_PARSE );" --target_file="$config"
ynh_replace_string --match_string= "//ini_set('error_log','php.out');" --replace_string="ini_set('error_log','php.log');" --target_file="$config"
ynh_replace_string --match_string= "//ini_set('log_errors','1');" --replace_string="ini_set('log_errors','1');" --target_file="$config"
ynh_replace_string --match_string= "//ini_set('display_errors', '0');" --replace_string="ini_set('display_errors', '0');" --target_file="$config"
sed -i "s/\['php_path'\] = 'php';/\['php_path'\] = 'php$phpversion';/g" "$config"
# addon ldap config
ynh_script_progression --message="Push LDAP configuration to .htconfig.php..."
cat ../conf/ldap_conf.php >> $final_path/.htconfig.php
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..."
### `ynh_add_nginx_config` will use the file conf/nginx.conf
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
@ -208,17 +175,31 @@ ynh_script_progression --message="Configuring PHP-FPM..."
# Create a dedicated PHP-FPM config
ynh_add_fpm_config --package="$extra_php_dependencies"
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
# Set right permissions for Osada
ynh_script_progression --message="Set right for Osada..."
chown -R $app: $final_path
#=================================================
# MODIFY A CONFIG FILE
#=================================================
# Set up cron job
ynh_add_config --template="../conf/htconfig.sample.php" --destination="$final_path/.htconfig.php"
# addon ldap config
ynh_add_config --template="../conf/ldap_conf.php" --destination="$final_path/.htconfig.php"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..."
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SETUP CRON JOB
#=================================================
ynh_script_progression --message="Setting up cron job..."
ynh_replace_string --match_string="YNH_WWW_PATH" --replace_string="$final_path" --target_file="../conf/poller-cron"
ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="../conf/poller-cron"
ynh_replace_string --match_string="__PHP_VERSION__" --replace_string="$phpversion" --target_file="../conf/poller-cron"
cp ../conf/poller-cron /etc/cron.d/$app
ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app"
#=================================================
# STORE THE CONFIG FILE CHECKSUM
@ -239,13 +220,15 @@ ynh_use_logrotate "$final_path/php.log"
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Add Fail2Ban..."
ynh_add_fail2ban_config --logpath="$final_path/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP <HOST>.*$" --max_retry="5"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..."
# As Osada is social network and have its own permission there is no need to keep Osada behind SSO
ynh_script_progression --message="Configuring SSOwat..."
ynh_permission_update --permission="main" --add="visitors"
#=================================================

19
scripts/restore
View file

@ -55,6 +55,14 @@ test ! -d $final_path \
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_print_info "Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
@ -84,14 +92,6 @@ elif [ $database -eq 2 ]; then
ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
fi
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_print_info "Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create $app
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
@ -125,9 +125,6 @@ ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
ynh_systemd_action --action=restart --service_name=fail2ban
# Make app public
ynh_app_setting_set $app skipped_uris "/"
#=================================================
# GENERIC FINALIZATION
#=================================================

75
scripts/upgrade
View file

@ -25,14 +25,10 @@ database=$(ynh_app_setting_get --app=$app --key=database)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
# CHECK VERSION
#=================================================
# If db_name doesn't exist, create it
if [ -z "$db_name" ]; then
db_name=$(ynh_sanitize_dbid --db_name=$app)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
fi
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
@ -49,21 +45,14 @@ ynh_clean_setup () {
ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_print_info "Upgrading source files..."
# Create a temporary directory
# tmpdir="$(ynh_smart_mktemp 6000)"
# Backup the config file in the temp dir
# cp -a "$final_path/.htconfig.php" "$tmpdir/.htconfig.php"
# cp -a "$final_path/store" "$tmpdir/store"
# cp -a "$final_path/php.log" "$tmpdir/php.log"
# Remove the app directory securely
# ynh_secure_remove "$final_path"
# If db_name doesn't exist, create it
if [ -z "$db_name" ]; then
db_name=$(ynh_sanitize_dbid --db_name=$app)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
fi
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
@ -71,6 +60,14 @@ if [ -z "$final_path" ]; then
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
@ -123,7 +120,7 @@ if [ `cd $final_path && git rev-parse --is-inside-work-tree` ]; then
fi;
done
popd
chmod -R 777 $final_path/store
chmod -R 775 $final_path/store
else
# Create a temporary directory
@ -151,6 +148,10 @@ else
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
@ -159,17 +160,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
# Set right permissions for curl install
chown -R $app: $final_path
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
@ -192,27 +182,25 @@ ynh_script_progression --message="Upgrading logrotate configuration..."
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#=================================================
# UPGRADE FAIL2BAN
#=================================================
ynh_script_progression --message="Re-configure Fail2Ban..."
ynh_add_fail2ban_config --logpath="$final_path/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP <HOST>.*$" --max_retry="5"
# Set cron job
ynh_print_info "Setting up cron job..."
ynh_replace_string --match_string="YNH_WWW_PATH" --replace_string="$final_path" --target_file="../conf/poller-cron"
ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="../conf/poller-cron"
ynh_replace_string --match_string="__PHP_VERSION__" --replace_string="$phpversion" --target_file="../conf/poller-cron"
cp -f ../conf/poller-cron /etc/cron.d/$app
#=================================================
# SETUP CRON JOB
#=================================================
ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app"
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..."
if [ $database -eq 1 ]; then
#=================================================
# CHECK VERSION FOR SPECIFIC MYSQL UPDATE
#=================================================
# Check version and if this version was a fresh install push mysql query
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
@ -222,13 +210,6 @@ elif [ $database -eq 2 ]; then
ynh_install_app_dependencies $pkg_dependencies
fi
#=================================================
# SETUP SSOWAT
#=================================================
# As Osada is social network and have its own permission there is no need to keep Osada behind SSO
ynh_script_progression --message="Upgrading SSOwat configuration..."
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
#=================================================
# RELOAD NGINX
#=================================================