YunoHost-Apps/osada_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/osada_ynh.git synced 2024-09-03 19:46:30 +02:00
Code Issues Activity Actions

Fix

Browse source
This commit is contained in:
ericgaspar 2021-07-15 07:41:29 +02:00
parent 81e4171aca
commit 6a8616c699
11 changed files with 267 additions and 199 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
conf/app.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://codeberg.org/zot/osada/archive/0c22781a2271170d0557881ac58a202148351c64.tar.gz SOURCE_URL=https://codeberg.org/zot/osada/archive/0c22781a2271170d0557881ac58a202148351c64.tar.gz
SOURCE_SUM=0cdd761aac0f1a382f6593868bd66d9919333fda4edeb1f2904d13a01febbeed SOURCE_SUM=
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR= SOURCE_IN_SUBDIR=

2
conf/cron Executable file
View file

@ -0,0 +1,2 @@
# Run poller periodically to update Osada
*/10 * * * * __APP__ cd __FINALPATH__; /usr/bin/php__PHPVERSION__ Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1

95
conf/htconfig.sample.php Normal file
View file

@ -0,0 +1,95 @@
<?php
// If automatic system installation fails:
// Copy or rename this file to .htconfig.php in the top level
// Hubzilla directory
// Why .htconfig.php? Because it contains sensitive information which could
// give somebody complete control of your database. Apache's default
// configuration denies access to and refuses to serve any file beginning
// with .ht
// Then set the following for your MySQL installation
$db_host = 'localhost'; // Use 'localhost' if you aren't using a remote server
$db_port = 0; // leave 0 for default or set your port
$db_user = '__DB_NAME__';
$db_pass = '__DB_PWD__';
$db_data = '__DB_NAME__';
$db_type = 0; // use 1 for postgres, 0 for mysql
/*
* Notice: Many of the following settings will be available in the admin panel
* after a successful site install. Once they are set in the admin panel, they
* are stored in the DB - and the DB setting will over-ride any corresponding
* setting in this file
*
* The command-line tool util/config is able to query and set the DB items
* directly if for some reason the admin panel is not available and a system
* setting requires modification.
*
*/
// Choose a legal default timezone. If you are unsure, use "America/Los_Angeles".
// It can be changed later and only applies to timestamps for anonymous viewers.
App::$config['system']['timezone'] = 'America/Los_Angeles';
// What is your site name? DO NOT ADD A TRAILING SLASH!
App::$config['system']['baseurl'] = 'https://__DOMAIN__';
App::$config['system']['sitename'] = "Zap";
App::$config['system']['location_hash'] = '__RANDOM_STRING__';
// These lines set additional security headers to be sent with all responses
// You may wish to set transport_security_header to 0 if your server already sends
// this header. content_security_policy may need to be disabled if you wish to
// run the piwik analytics plugin or include other offsite resources on a page
App::$config['system']['transport_security_header'] = 1;
App::$config['system']['content_security_policy'] = 1;
App::$config['system']['ssl_cookie_protection'] = 1;
// Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED.
// Be certain to create your own personal account before setting
// REGISTER_CLOSED. 'register_text' (if set) will be displayed prominently on
// the registration page. REGISTER_APPROVE requires you set 'admin_email'
// to the email address of an already registered person who can authorise
// and/or approve/deny the request.
// In order to perform system administration via the admin panel, admin_email
// must precisely match the email address of the person logged in.
App::$config['system']['register_policy'] = REGISTER_OPEN;
App::$config['system']['register_text'] = '';
App::$config['system']['admin_email'] = '__EMAIL__';
// Location of PHP command line processor
App::$config['system']['php_path'] = '/usr/bin/php__PHPVERSION__';
// Configure how we communicate with directory servers.
// DIRECTORY_MODE_NORMAL = directory client, we will find a directory (all of your member's queries will be directed elsewhere)
// DIRECTORY_MODE_SECONDARY = caching directory or mirror (keeps in sync with realm primary [adds significant cron execution time])
// DIRECTORY_MODE_PRIMARY = main directory server (you do not want this unless you are operating your own realm. one per realm.)
// DIRECTORY_MODE_STANDALONE = "off the grid" or private directory services (only local site members in directory)
App::$config['system']['directory_mode'] = DIRECTORY_MODE_NORMAL;
// PHP error logging setup
// Before doing this ensure that the webserver has permission
// to create and write to php.out in the top level Red directory,
// or change the name (below) to a file/path where this is allowed.
ini_set('display_errors', '0');
// Uncomment the following 4 lines to turn on PHP error logging.
error_reporting(E_ERROR | E_PARSE );
ini_set('error_log','php.out');
ini_set('log_errors','1');

45
conf/nginx.conf
View file

@ -1,16 +1,14 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ { location __PATH__/ {
alias __FINALPATH__/; alias __FINALPATH__/;
# Force https
if ($scheme = http)
{ # Force usage of https
rewrite ^ https://$server_name$request_uri? permanent; if ($scheme = http) {
} rewrite ^ https://$server_name$request_uri? permanent;
}
if (!-e $request_filename) if (!-e $request_filename){
{
rewrite ^(.*)$ /index.php?req=$1; rewrite ^(.*)$ /index.php?req=$1;
} }
@ -21,21 +19,17 @@ location __PATH__/ {
index index.php; index index.php;
charset utf-8; charset utf-8;
location ~* \.php$ {
# Example PHP configuration try_files $uri =404;
location ~* \.php$ fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
{ fastcgi_index index.php;
try_files $uri =404; include fastcgi_params;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
} }
# make sure webfinger and other well known services aren't blocked # make sure webfinger and other well known services aren't blocked
# by denying dot files and rewrite request to the front controller # by denying dot files and rewrite request to the front controller
location ^~ /.well-known/ location ^~ /.well-known/ {
{
allow all; allow all;
if (!-e $request_filename) if (!-e $request_filename)
{ {
@ -53,20 +47,17 @@ location __PATH__/ {
# } # }
# block these file types # block these file types
location ~* \.(tpl|md|tgz|log|out)$ location ~* \.(tpl|md|tgz|log|out)$ {
{
deny all; deny all;
} }
# deny access to all dot files # deny access to all dot files
location ~ /\. location ~ /\. {
{
deny all; deny all;
} }
#deny access to store #deny access to store
location ~ /store location ~ /store {
{
deny all; deny all;
} }
@ -74,5 +65,5 @@ location __PATH__/ {
location ~ /util { location ~ /util {
deny all; deny all;
} }
}
}

108
conf/php-fpm.conf
View file

@ -1,10 +1,11 @@
; Start a new pool named 'www'. ; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the ; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here) ; pool name ('www' here)
[__NAMETOCHANGE__] [__NAMETOCHANGE__]
; Per pool prefix ; Per pool prefix
; It only applies on the following directives: ; It only applies on the following directives:
; - 'access.log'
; - 'slowlog' ; - 'slowlog'
; - 'listen' (unixsocket) ; - 'listen' (unixsocket)
; - 'chroot' ; - 'chroot'
@ -24,28 +25,35 @@ group = __USER__
; The address on which to accept FastCGI requests. ; The address on which to accept FastCGI requests.
; Valid syntaxes are: ; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port; ; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; specific port; ; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket. ; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory. ; Note: This value is mandatory.
listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock
; Set listen(2) backlog. A value of '-1' means unlimited. ; Set listen(2) backlog.
; Default Value: 128 (-1 on FreeBSD and OpenBSD) ; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 128 ;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write ; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many ; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. ; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user ; Default Values: user and group are set as the running user
; mode is set to 0660 ; mode is set to 0660
listen.owner = www-data listen.owner = www-data
listen.group = www-data listen.group = www-data
;listen.mode = 0660 ;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; List of ipv4 addresses of FastCGI clients which are allowed to connect. ; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be ; must be separated by a comma. If this value is left blank, connections will be
@ -59,7 +67,13 @@ listen.group = www-data
; - The pool processes will inherit the master process priority ; - The pool processes will inherit the master process priority
; unless it specified otherwise ; unless it specified otherwise
; Default Value: no set ; Default Value: no set
; priority = -19 ; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
; or group is differrent than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes. ; Choose how the process manager will control the number of child processes.
; Possible Values: ; Possible Values:
@ -96,7 +110,7 @@ pm = dynamic
; forget to tweak pm.* to fit your needs. ; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory. ; Note: This value is mandatory.
pm.max_children = 10 pm.max_children = 5
; The number of child processes created on startup. ; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic' ; Note: Used only when pm is set to 'dynamic'
@ -117,12 +131,12 @@ pm.max_spare_servers = 3
; Note: Used only when pm is set to 'ondemand' ; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s ; Default Value: 10s
;pm.process_idle_timeout = 10s; ;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning. ; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For ; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0 ; Default Value: 0
pm.max_requests = 500 ;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be ; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations: ; recognized as a status page. It shows the following informations:
@ -170,7 +184,7 @@ pm.max_requests = 500
; ;
; By default the status page only outputs short status. Passing 'full' in the ; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process. ; query string will also return status for each pool process.
; Example: ; Example:
; http://www.foo.bar/status?full ; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full ; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full ; http://www.foo.bar/status?html&full
@ -215,7 +229,7 @@ pm.max_requests = 500
; last request memory: 0 ; last request memory: 0
; ;
; Note: There is a real-time FPM status monitoring sample web page available ; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: ${prefix}/share/fpm/status.html ; It's available in: /usr/share/php/7.0/fpm/status.html
; ;
; Note: The value must start with a leading slash (/). The value can be ; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it ; anything, but it may not be a good idea to use the .php extension or it
@ -275,7 +289,7 @@ pm.max_requests = 500
; - %{megabytes}M ; - %{megabytes}M
; - %{mega}M ; - %{mega}M
; %n: pool name ; %n: pool name
; %o: ouput header ; %o: output header
; it must be associated with embraces to specify the name of the header: ; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o ; - %{Content-Type}o
; - %{X-Powered-By}o ; - %{X-Powered-By}o
@ -283,7 +297,7 @@ pm.max_requests = 500
; - .... ; - ....
; %p: PID of the child that serviced the request ; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request ; %P: PID of the parent of the child that serviced the request
; %q: the query string ; %q: the query string
; %Q: the '?' character if query string exists ; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q) ; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address ; %R: remote IP address
@ -291,47 +305,51 @@ pm.max_requests = 500
; %t: server time the request was received ; %t: server time the request was received
; it can accept a strftime(3) format: ; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default) ; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished) ; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format: ; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default) ; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user ; %u: remote user
; ;
; Default: "%R - %u %t \"%m %r\" %s" ; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests ; The log file for slow requests
; Default Value: not set ; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set ; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log ;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be ; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0 ; Default Value: 0
request_slowlog_timeout = 5s ;request_slowlog_timeout = 0
; The timeout for serving a single request after which the worker process will ; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option ; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'. ; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0 ; Default Value: 0
request_terminate_timeout = 1d request_terminate_timeout = 1d
; Set open file descriptor rlimit. ; Set open file descriptor rlimit.
; Default Value: system defined value ; Default Value: system defined value
;rlimit_files = 1024 ;rlimit_files = 1024
; Set max core size rlimit. ; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value ; Default Value: system defined value
;rlimit_core = 0 ;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an ; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used. ; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix ; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead. ; will be used instead.
; Note: chrooting is a great security feature and should be used whenever ; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot ; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...). ; (error_log, sessions.save_path, ...).
; Default Value: not set ; Default Value: not set
@ -347,16 +365,25 @@ chdir = __FINALPATH__
; Note: on highloaded environement, this can cause some delay in the page ; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms). ; process time (several ms).
; Default Value: no ; Default Value: no
catch_workers_output = yes ;catch_workers_output = yes
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can ; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit ; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to ; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code. ; execute php code.
; Note: set an empty value to allow all extensions. ; Note: set an empty value to allow all extensions.
; Default Value: .php ; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 ;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment. ; the current environment.
; Default Value: clean env ; Default Value: clean env
@ -370,7 +397,7 @@ catch_workers_output = yes
; overwrite the values previously defined in the php.ini. The directives are the ; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI: ; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can ; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'. ; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by ; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set' ; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
@ -392,13 +419,12 @@ catch_workers_output = yes
;php_admin_value[memory_limit] = 32M ;php_admin_value[memory_limit] = 32M
; Common values to change to increase file upload limit ; Common values to change to increase file upload limit
; upload_max_filesize = 50M ; php_admin_value[upload_max_filesize] = 50M
; post_max_size = 50M ; php_admin_value[post_max_size] = 50M
; mail.add_x_header = Off ; php_admin_flag[mail.add_x_header] = Off
; Other common parameters ; Other common parameters
; max_execution_time = 600 ; php_admin_value[max_execution_time] = 600
; max_input_time = 300 ; php_admin_value[max_input_time] = 300
; memory_limit = 256M ; php_admin_value[memory_limit] = 256M
; short_open_tag = On ; php_admin_flag[short_open_tag] = On
; cgi.fix_pathinfo = 0;

2
conf/poller-cron
View file

@ -1,2 +0,0 @@
# Run poller periodically to update Osada
*/10 * * * * __USER__ cd YNH_WWW_PATH; /usr/bin/php Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1

18
manifest.json
View file

@ -3,8 +3,8 @@
"id": "osada", "id": "osada",
"name": "osada", "name": "osada",
"description": { "description": {
"en": "Osada is a decentralized publication platform and social network.", "en": "Decentralized publication platform and social network",
"fr": "Osada est une plateforme de publication décentralisée et un réseau social." "fr": "Plateforme de publication décentralisée et un réseau social"
}, },
"url": "http://zotlabs.com/osada/", "url": "http://zotlabs.com/osada/",
"license": "MIT", "license": "MIT",
@ -15,12 +15,12 @@
}, },
"services": [ "services": [
"nginx", "nginx",
"php7.0-fpm", "php7.3-fpm",
"mysql", "mysql",
"postgresql" "postgresql"
], ],
"requirements": { "requirements": {
"yunohost": ">= 4.0.0" "yunohost": ">= 4.2.4"
}, },
"multi_instance": true, "multi_instance": true,
"arguments": { "arguments": {
@ -28,18 +28,12 @@
{ {
"name": "domain", "name": "domain",
"type": "domain", "type": "domain",
"ask": { "example": "example.com"
"en": "Choose a domain for your Osada. Osada must run in the root of this domain. It means no other app can be accessed/run from this domain. We advise to use a dedicated subdomain such as osada.domain.tld",
"fr": "Indiquez un domain pour Osada. Osada doit être installé à la racine du domaine. Cela implique qu'aucune autre app ne pourra être installée ou accessible sur ce domain. Nous conseillons un sous-domaine dédié par exemple osada.domain.tld."
}
}, },
{ {
"name": "admin", "name": "admin",
"type": "user", "type": "user",
"ask": { "example": "johndoe"
"en": "Choose the Osada administrator (must be an existing YunoHost user)",
"fr": "Choisissez l'administrateur de Osada (doit être un utilisateur YunoHost existant)"
}
}, },
{ {
"name": "database", "name": "database",

3
scripts/backup
View file

@ -23,7 +23,8 @@ ynh_abort_if_errors
#================================================= #=================================================
# LOAD SETTINGS # LOAD SETTINGS
#================================================= #=================================================
ynh_script_progression --message="Loading installation settings..." ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)

97
scripts/install
View file

@ -27,7 +27,7 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path_url="/" path_url="/"
admin=$YNH_APP_ARG_ADMIN admin=$YNH_APP_ARG_ADMIN
email=$(yunohost user info $admin | grep "mail:" | cut -d' ' -f2) email=$(ynh_user_get_info --username=$admin --key=mail)
upload="256M" upload="256M"
random_string="$(ynh_string_random)$(ynh_string_random)$(ynh_string_random)" random_string="$(ynh_string_random)$(ynh_string_random)$(ynh_string_random)"
database=`expr $YNH_APP_ARG_DATABASE` database=`expr $YNH_APP_ARG_DATABASE`
@ -69,6 +69,14 @@ if [ $database -eq 2 ]; then
ynh_install_app_dependencies $pkg_dependencies ynh_install_app_dependencies $pkg_dependencies
fi fi
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
@ -114,7 +122,6 @@ pushd "$final_path"
ln -s ../extend/addon/zaddons/$base $base ln -s ../extend/addon/zaddons/$base $base
done done
popd popd
@ -123,17 +130,17 @@ ynh_script_progression --message="Creating smarty3 folder for personal data..."
mkdir -p "${final_path}/store" mkdir -p "${final_path}/store"
mkdir -p "${final_path}/cache/smarty3" mkdir -p "${final_path}/cache/smarty3"
chmod -R 777 $final_path/store $final_path/cache
# Copy the template install/htconfig.sample.php to .htconfig.php
ynh_script_progression --message="Moving .htconfig.php to root of Osada ..."
config="$final_path/.htconfig.php"
cp $final_path/install/htconfig.sample.php $config
# Create php.log inside Osada for logs # Create php.log inside Osada for logs
ynh_script_progression --message="Create php.log for the Osada debuging..." ynh_script_progression --message="Create php.log for the Osada debuging..."
touch "$final_path/php.log" touch "$final_path/php.log"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
chmod -R 755 $final_path/store $final_path/cache
#================================================= #=================================================
# CREATE A DATABASE # CREATE A DATABASE
#================================================= #=================================================
@ -161,46 +168,6 @@ else
ynh_die --message="Some problem occured in creating the database, contact maintainer" ynh_die --message="Some problem occured in creating the database, contact maintainer"
fi fi
#=================================================
# MODIFY A CONFIG FILE
#=================================================
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
ynh_replace_string --match_string="your.mysqlhost.com" --replace_string="localhost" --target_file="$config"
ynh_replace_string --match_string= "mysqlpassword" --replace_string="$db_pwd" --target_file="$config"
ynh_replace_string --match_string="mysqlusername" --replace_string="$db_name" --target_file="$config"
ynh_replace_string --match_string= "mysqldatabasename" --replace_string="$db_name" --target_file="$config"
ynh_replace_string --match_string= "mysite.example" --replace_string="$domain" --target_file="$config"
ynh_replace_string --match_string= "if the auto install failed, put a unique random string here" --replace_string="$random_string" --target_file="$config"
sed -i "s/\['admin_email'\] = '';/\['admin_email'\] = '$email';/g" "$config"
ynh_replace_string --match_string= "//error_reporting(E_ERROR | E_WARNING | E_PARSE );" --replace_string="error_reporting(E_ERROR | E_WARNING | E_PARSE );" --target_file="$config"
ynh_replace_string --match_string= "//ini_set('error_log','php.out');" --replace_string="ini_set('error_log','php.log');" --target_file="$config"
ynh_replace_string --match_string= "//ini_set('log_errors','1');" --replace_string="ini_set('log_errors','1');" --target_file="$config"
ynh_replace_string --match_string= "//ini_set('display_errors', '0');" --replace_string="ini_set('display_errors', '0');" --target_file="$config"
sed -i "s/\['php_path'\] = 'php';/\['php_path'\] = 'php$phpversion';/g" "$config"
# addon ldap config
ynh_script_progression --message="Push LDAP configuration to .htconfig.php..."
cat ../conf/ldap_conf.php >> $final_path/.htconfig.php
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..."
### `ynh_add_nginx_config` will use the file conf/nginx.conf
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app
#================================================= #=================================================
# PHP-FPM CONFIGURATION # PHP-FPM CONFIGURATION
#================================================= #=================================================
@ -208,17 +175,31 @@ ynh_script_progression --message="Configuring PHP-FPM..."
# Create a dedicated PHP-FPM config # Create a dedicated PHP-FPM config
ynh_add_fpm_config --package="$extra_php_dependencies" ynh_add_fpm_config --package="$extra_php_dependencies"
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
# Set right permissions for Osada #=================================================
ynh_script_progression --message="Set right for Osada..." # MODIFY A CONFIG FILE
chown -R $app: $final_path #=================================================
# Set up cron job ynh_add_config --template="../conf/htconfig.sample.php" --destination="$final_path/.htconfig.php"
# addon ldap config
ynh_add_config --template="../conf/ldap_conf.php" --destination="$final_path/.htconfig.php"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..."
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SETUP CRON JOB
#=================================================
ynh_script_progression --message="Setting up cron job..." ynh_script_progression --message="Setting up cron job..."
ynh_replace_string --match_string="YNH_WWW_PATH" --replace_string="$final_path" --target_file="../conf/poller-cron"
ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="../conf/poller-cron" ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app"
ynh_replace_string --match_string="__PHP_VERSION__" --replace_string="$phpversion" --target_file="../conf/poller-cron"
cp ../conf/poller-cron /etc/cron.d/$app
#================================================= #=================================================
# STORE THE CONFIG FILE CHECKSUM # STORE THE CONFIG FILE CHECKSUM
@ -239,13 +220,15 @@ ynh_use_logrotate "$final_path/php.log"
# SETUP FAIL2BAN # SETUP FAIL2BAN
#================================================= #=================================================
ynh_script_progression --message="Add Fail2Ban..." ynh_script_progression --message="Add Fail2Ban..."
ynh_add_fail2ban_config --logpath="$final_path/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP <HOST>.*$" --max_retry="5" ynh_add_fail2ban_config --logpath="$final_path/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP <HOST>.*$" --max_retry="5"
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================
ynh_script_progression --message="Configuring permissions..."
# As Osada is social network and have its own permission there is no need to keep Osada behind SSO # As Osada is social network and have its own permission there is no need to keep Osada behind SSO
ynh_script_progression --message="Configuring SSOwat..."
ynh_permission_update --permission="main" --add="visitors" ynh_permission_update --permission="main" --add="visitors"
#================================================= #=================================================

19
scripts/restore
View file

@ -55,6 +55,14 @@ test ! -d $final_path \
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_print_info "Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#================================================= #=================================================
# RESTORE THE APP MAIN DIR # RESTORE THE APP MAIN DIR
#================================================= #=================================================
@ -84,14 +92,6 @@ elif [ $database -eq 2 ]; then
ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
fi fi
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_print_info "Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create $app
#================================================= #=================================================
# RESTORE THE PHP-FPM CONFIGURATION # RESTORE THE PHP-FPM CONFIGURATION
#================================================= #=================================================
@ -125,9 +125,6 @@ ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
ynh_systemd_action --action=restart --service_name=fail2ban ynh_systemd_action --action=restart --service_name=fail2ban
# Make app public
ynh_app_setting_set $app skipped_uris "/"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================

75
scripts/upgrade
View file

@ -25,14 +25,10 @@ database=$(ynh_app_setting_get --app=$app --key=database)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#================================================= #=================================================
# ENSURE DOWNWARD COMPATIBILITY # CHECK VERSION
#================================================= #=================================================
# If db_name doesn't exist, create it upgrade_type=$(ynh_check_app_version_changed)
if [ -z "$db_name" ]; then
db_name=$(ynh_sanitize_dbid --db_name=$app)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
fi
#================================================= #=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
@ -49,21 +45,14 @@ ynh_clean_setup () {
ynh_abort_if_errors ynh_abort_if_errors
#================================================= #=================================================
# STANDARD UPGRADE STEPS # ENSURE DOWNWARD COMPATIBILITY
#================================================= #=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_print_info "Upgrading source files..."
# Create a temporary directory # If db_name doesn't exist, create it
# tmpdir="$(ynh_smart_mktemp 6000)" if [ -z "$db_name" ]; then
# Backup the config file in the temp dir db_name=$(ynh_sanitize_dbid --db_name=$app)
# cp -a "$final_path/.htconfig.php" "$tmpdir/.htconfig.php" ynh_app_setting_set --app=$app --key=db_name --value=$db_name
# cp -a "$final_path/store" "$tmpdir/store" fi
# cp -a "$final_path/php.log" "$tmpdir/php.log"
# Remove the app directory securely
# ynh_secure_remove "$final_path"
# If final_path doesn't exist, create it # If final_path doesn't exist, create it
if [ -z "$final_path" ]; then if [ -z "$final_path" ]; then
@ -71,6 +60,14 @@ if [ -z "$final_path" ]; then
ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi fi
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#================================================= #=================================================
# STANDARD UPGRADE STEPS # STANDARD UPGRADE STEPS
#================================================= #=================================================
@ -123,7 +120,7 @@ if [ `cd $final_path && git rev-parse --is-inside-work-tree` ]; then
fi; fi;
done done
popd popd
chmod -R 777 $final_path/store chmod -R 775 $final_path/store
else else
# Create a temporary directory # Create a temporary directory
@ -151,6 +148,10 @@ else
fi fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#================================================= #=================================================
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
@ -159,17 +160,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated NGINX config # Create a dedicated NGINX config
ynh_add_nginx_config ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
# Set right permissions for curl install
chown -R $app: $final_path
#================================================= #=================================================
# PHP-FPM CONFIGURATION # PHP-FPM CONFIGURATION
#================================================= #=================================================
@ -192,27 +182,25 @@ ynh_script_progression --message="Upgrading logrotate configuration..."
# Use logrotate to manage app-specific logfile(s) # Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append ynh_use_logrotate --non-append
#=================================================
# UPGRADE FAIL2BAN # UPGRADE FAIL2BAN
#================================================= #=================================================
ynh_script_progression --message="Re-configure Fail2Ban..." ynh_script_progression --message="Re-configure Fail2Ban..."
ynh_add_fail2ban_config --logpath="$final_path/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP <HOST>.*$" --max_retry="5" ynh_add_fail2ban_config --logpath="$final_path/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP <HOST>.*$" --max_retry="5"
# Set cron job #=================================================
ynh_print_info "Setting up cron job..." # SETUP CRON JOB
ynh_replace_string --match_string="YNH_WWW_PATH" --replace_string="$final_path" --target_file="../conf/poller-cron" #=================================================
ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="../conf/poller-cron"
ynh_replace_string --match_string="__PHP_VERSION__" --replace_string="$phpversion" --target_file="../conf/poller-cron" ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app"
cp -f ../conf/poller-cron /etc/cron.d/$app
#================================================= #=================================================
# UPGRADE DEPENDENCIES # UPGRADE DEPENDENCIES
#================================================= #=================================================
ynh_script_progression --message="Upgrading dependencies..." ynh_script_progression --message="Upgrading dependencies..."
if [ $database -eq 1 ]; then if [ $database -eq 1 ]; then
#=================================================
# CHECK VERSION FOR SPECIFIC MYSQL UPDATE
#=================================================
# Check version and if this version was a fresh install push mysql query # Check version and if this version was a fresh install push mysql query
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
@ -222,13 +210,6 @@ elif [ $database -eq 2 ]; then
ynh_install_app_dependencies $pkg_dependencies ynh_install_app_dependencies $pkg_dependencies
fi fi
#=================================================
# SETUP SSOWAT
#=================================================
# As Osada is social network and have its own permission there is no need to keep Osada behind SSO
ynh_script_progression --message="Upgrading SSOwat configuration..."
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================