YunoHost-Apps/outline_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/outline_ynh.git synced 2024-09-03 19:56:12 +02:00
Code Issues Activity Actions

Fix MinIO bucket access policy for better safety

Browse source
This commit is contained in:
Limezy 2023-02-16 23:19:39 +07:00
parent 1187226eba
commit 36eff0b786
4 changed files with 42 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
conf/policy.json Normal file
View file

@ -0,0 +1,20 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::outlinestorage/public/*"
]
}
]
}

5
scripts/install
View file

@ -194,9 +194,12 @@ chown -R $app:www-data "$final_path"
#=================================================
ynh_script_progression --message="Setting up MinIO bucket for Outline..." --weight=1
ynh_add_config --template="../conf/policy.json" --destination="$mc_path/policy.json"
pushd "$mc_path"
ynh_exec_warn_less sudo -u minio ./mc mb minio/outlinestorage --region "fr-ynh-1"
ynh_exec_warn_less sudo -u minio ./mc policy set public minio/outlinestorage
ynh_exec_warn_less sudo -u minio ./mc admin policy add minio outline ./policy.json
ynh_exec_warn_less sudo -u minio ./mc admin policy set outline minio/outlinestorage
popd
#=================================================

8
scripts/restore
View file

@ -122,11 +122,15 @@ chown -R $app:www-data "$final_path"
mv "$final_path/outlinestorage" "$mc_path/outlinestorage"
chown -R minio:www-data "$mc_path/outlinestorage"
ynh_add_config --template="../conf/policy.json" --destination="$mc_path/policy.json"
pushd "$mc_path"
ynh_exec_warn_less sudo -u minio ./mc mb minio/outlinestorage --region "fr-ynh-1"
ynh_exec_warn_less sudo -u minio ./mc policy set public minio/outlinestorage
ynh_exec_warn_less sudo -u minio ./mc mirror --a ./outlinestorage/ minio/outlinestorage
ynh_exec_warn_less sudo -u minio ./mc admin policy add minio outline ./policy.json
ynh_exec_warn_less sudo -u minio ./mc admin policy set outline minio/outlinestorage
popd
ynh_secure_remove --file="$mc_path/outlinestorage"
#=================================================

12
scripts/upgrade
View file

@ -95,6 +95,18 @@ chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# UPDATE MINIO BUCKET
#=================================================
ynh_script_progression --message="Updating outlinestorage MinIO bucket access policy..." --weight=1
ynh_add_config --template="../conf/policy.json" --destination="$mc_path/policy.json"
pushd "$mc_path"
ynh_exec_warn_less sudo -u minio ./mc admin policy add minio outline ./policy.json
ynh_exec_warn_less sudo -u minio ./mc admin policy set outline minio/outlinestorage
popd
#=================================================
# NGINX CONFIGURATION
#=================================================