From f477c1877d63db568991b6524e1afad843934e49 Mon Sep 17 00:00:00 2001 From: Inrepublica Date: Thu, 26 Mar 2020 11:27:03 +0100 Subject: [PATCH] Rework from example_app Complete rework from example_app --- README.md | 7 +-- manifest.json | 11 +++- scripts/_common.sh | 18 ++++++- scripts/backup | 23 +++++++-- scripts/change_url | 25 ++++++++-- scripts/install | 122 ++++++++++++++++++++++++++++++++++----------- scripts/remove | 22 +++++--- scripts/restore | 32 +++++++++--- scripts/upgrade | 85 +++++++++++++++++++------------ 9 files changed, 256 insertions(+), 89 deletions(-) diff --git a/README.md b/README.md index 9fa928d..ed728b3 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # PHPSysInfo for Yunohost -[![Integration level](https://dash.yunohost.org/integration/phpsysinfo_ynh.svg)](https://dash.yunohost.org/appci/app/phpsysinfo_ynh) +[![Integration level](https://dash.yunohost.org/appci/app/phpsysinfo_ynh.svg)](https://dash.yunohost.org/appci/app/phpsysinfo_ynh) [![Install Custom Webapp with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=phpsysinfo_ynh) > *This package allow you to install PHPSysInfo quickly and simply on a YunoHost server. @@ -26,6 +26,7 @@ Edit `phpsysinfo.ini` in `/var/www/phpsysinfo/phpsysinfo.ini`. ## YunoHost specific features #### Multi-users support +No support for multi-users. #### Supported architectures @@ -49,7 +50,7 @@ Please do your pull request to the [testing branch](https://github.com/inrepubli To try the testing branch, please proceed like that. ``` -sudo yunohost app install https://github.com/inrepublica/phpsysinfo_ynh/tree/testing --debug +sudo yunohost app install https://github.com/YunoHost-Apps/phpsysinfo_ynh/tree/testing --debug or -sudo yunohost app upgrade my_webapp -u https://github.com/inrepublica/phpsysinfo_ynh/tree/testing --debug +sudo yunohost app upgrade my_webapp -u https://github.com/YunoHost-Apps/phpsysinfo_ynh/tree/testing --debug ``` diff --git a/manifest.json b/manifest.json index 57ce960..cfab75c 100644 --- a/manifest.json +++ b/manifest.json @@ -41,6 +41,15 @@ }, "example": "/phpsysinfo", "default": "/phpsysinfo" + }, + { + "name": "admin", + "type": "user", + "ask": { + "en": "Choose an admin user", + "fr": "Choisissez l’administrateur" + }, + "example": "johndoe" }, { "name": "is_public", @@ -73,7 +82,7 @@ "fr": "Mode d'affichage ?" }, "choices": ["auto", "dynamic", "static", "bootstrap"], - "default": "bootstrap" + "default": "auto" } ] } diff --git a/scripts/_common.sh b/scripts/_common.sh index cc1f786..69c72c9 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1 +1,17 @@ -#!/bin/bash \ No newline at end of file +#!/bin/bash + +#================================================= +# COMMON VARIABLES +#================================================= + +#================================================= +# PERSONAL HELPERS +#================================================= + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index 83eb601..58cfde0 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -13,13 +14,17 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." +ynh_script_progression --message="Loading installation settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME @@ -31,26 +36,34 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_script_progression --message="Backing up the main app directory..." +ynh_script_progression --message="Backing up the main app directory..." --time --weight=1 ynh_backup --src_path="$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Backing up nginx web server configuration..." +ynh_script_progression --message="Backing up nginx web server configuration..." --time --weight=1 ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Backing up php-fpm configuration..." +ynh_script_progression --message="Backing up php-fpm configuration..." --time --weight=1 ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf" +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Backing up fail2ban configuration..." --time --weight=1 + +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last \ No newline at end of file +ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --time --last \ No newline at end of file diff --git a/scripts/change_url b/scripts/change_url index 3aeea70..ce99034 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -24,11 +24,28 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." +ynh_script_progression --message="Loading installation settings..." --time --weight=1 # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." --time --weight=1 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. + ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # CHECK WHICH PARTS SHOULD BE CHANGED #================================================= @@ -50,7 +67,7 @@ fi #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating nginx web server configuration..." --weight=2 +ynh_script_progression --message="Updating nginx web server configuration..." --time --weight=1 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -81,7 +98,7 @@ fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading nginx web server..." --time --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -89,4 +106,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --last \ No newline at end of file +ynh_script_progression --message="Change of URL completed for $app" --time --last \ No newline at end of file diff --git a/scripts/install b/scripts/install index 5b21be4..a9a8574 100644 --- a/scripts/install +++ b/scripts/install @@ -13,6 +13,10 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -22,18 +26,26 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH +admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC language=$YNH_APP_ARG_LANGUAGE display_mode=$YNH_APP_ARG_DISPLAY_MODE -app=$YNH_APP_INSTANCE_NAME -app_nb=$YNH_APP_INSTANCE_NUMBER - #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=2 +### About --weight and --time +### ynh_script_progression will show to your final users the progression of each scripts. +### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script. +### --time is a packager option, it will show you the execution time since the previous call. +### This option should be removed before releasing your app. +### Use the execution time, given by --time, to estimate the weight of a step. +### A common way to do it is to set a weight equal to the execution time in second +1. +### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call. +ynh_script_progression --message="Validating installation parameters..." --time --weight=1 +### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". +### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" @@ -43,47 +55,39 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." +ynh_script_progression --message="Storing installation settings..." --time --weight=1 -user=webapp${app_nb} ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_set --app=$app --key=display_mode --value=$display_mode -ynh_app_setting_set --app=$app --key=user --value=$user -ynh_app_setting_set --app=$app --key=final_path --value=$final_path #================================================= # STANDARD MODIFICATIONS #================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Configuring nginx web server..." --weight=2 - -# Create a dedicated nginx config -ynh_add_nginx_config - -#================================================= -# SPECIFIC SETUP -#================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --weight=3 +ynh_script_progression --message="Setting up source files..." --time --weight=1 + +### `ynh_setup_source` is used to install an app from a zip or tar.gz file, +### downloaded from an upstream source, like a git repository. +### `ynh_setup_source` use the file conf/app.src ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" #================================================= -# MODIFY A CONFIG FILE +# NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Configuring nginx web server..." --time --weight=1 -ynh_replace_string --match_string="__DISPLAY_MODE__" --replace_string="$display_mode" --target_file=../conf/phpsysinfo.ini -ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file=../conf/phpsysinfo.ini +### `ynh_add_nginx_config` will use the file conf/nginx.conf -# Copy files to the right place -cp -r ../conf/phpsysinfo.ini "$final_path" +# Create a dedicated nginx config +ynh_add_nginx_config #================================================= # CREATE DEDICATED USER @@ -96,32 +100,90 @@ ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Configuring php-fpm..." --weight=2 +ynh_script_progression --message="Configuring php-fpm..." --time --weight=1 + +### `ynh_add_fpm_config` is used to set up a PHP config. +### You can remove it if your app doesn't use PHP. +### `ynh_add_fpm_config` will use the files conf/php-fpm.conf +### If you're not using these lines: +### - You can remove these files in conf/. +### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script +### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script +### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script +### With the reload at the end of the script. +### - And the section "PHP-FPM CONFIGURATION" in the upgrade script # Create a dedicated php-fpm config -ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file="../conf/php-fpm.conf" ynh_add_fpm_config +#================================================= +# SPECIFIC SETUP +#================================================= +# MODIFY A CONFIG FILE +#================================================= + +### `ynh_replace_string` is used to replace a string in a file. +### (It's compatible with sed regular expressions syntax) + +ynh_replace_string --match_string="__DISPLAY_MODE__" --replace_string="$display_mode" --target_file=../conf/phpsysinfo.ini +ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file=../conf/phpsysinfo.ini + +# Copy files to the right place +cp -r ../conf/phpsysinfo.ini "$final_path" + +#================================================= +# STORE THE CONFIG FILE CHECKSUM +#================================================= + +### `ynh_store_file_checksum` is used to store the checksum of a file. +### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`, +### you can make a backup of this file before modifying it again if the admin had modified it. + +# Calculate and store the config file checksum into the app settings +ynh_store_file_checksum --file="$final_path/phpsysinfo.ini" + #================================================= # GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +### For security reason, any app should set the permissions to root: before anything else. +### Then, if write authorization is needed, any access should be given only to directories +### that really need such authorization. + +# Set permissions to app files +chown -R root: $final_path + +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring fail2ban..." --time --weight=1 + +# Create a dedicated fail2ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" + #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." +ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 # Make app public if necessary if [ $is_public -eq 1 ] then - ynh_app_setting_set --app=$app --key=skipped_uris --value="/" + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading nginx web server..." --time --weight=1 ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT -#================================================= \ No newline at end of file +#================================================= + +ynh_script_progression --message="Installation of $app completed" --time --last \ No newline at end of file diff --git a/scripts/remove b/scripts/remove index 7243194..7737ea8 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,12 +12,11 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=2 +ynh_script_progression --message="Loading installation settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) -user=$(ynh_app_setting_get --app=$app --key=user) final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= @@ -25,7 +24,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory..." +ynh_script_progression --message="Removing app main directory..." --time --weight=1 # Remove the app directory securely ynh_secure_remove --file="$final_path" @@ -33,7 +32,7 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing nginx web server configuration..." --weight=2 +ynh_script_progression --message="Removing nginx web server configuration..." --time --weight=1 # Remove the dedicated nginx config ynh_remove_nginx_config @@ -41,17 +40,25 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Removing php-fpm configuration..." +ynh_script_progression --message="Removing php-fpm configuration..." --time --weight=1 # Remove the dedicated php-fpm config ynh_remove_fpm_config +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Removing fail2ban configuration..." --time --weight=1 + +# Remove the dedicated fail2ban config +ynh_remove_fail2ban_config + #================================================= # GENERIC FINALIZATION #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Removing the dedicated system user..." +ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1 # Delete a system user ynh_system_user_delete --username=$app @@ -59,4 +66,5 @@ ynh_system_user_delete --username=$app #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --last \ No newline at end of file + +ynh_script_progression --message="Removal of $app completed" --time --last \ No newline at end of file diff --git a/scripts/restore b/scripts/restore index 06998c5..286aa90 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -13,25 +14,28 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + #### Remove this function if there's nothing to clean before calling the remove script. + true +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading settings..." --weight=2 +ynh_script_progression --message="Loading settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -user=$(ynh_app_setting_get --app=$app --key=user) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=2 +ynh_script_progression --message="Validating restoration parameters..." --time --weight=1 ynh_webpath_available --domain=$domain --path_url=$path_url \ || ynh_die --message="Path not available: ${domain}${path_url}" @@ -49,7 +53,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." +ynh_script_progression --message="Restoring the app main directory..." --time --weight=1 ynh_restore_file --origin_path="$final_path" @@ -61,18 +65,34 @@ ynh_script_progression --message="Recreating the dedicated system user..." --tim # Create the dedicated user (if not existing) ynh_system_user_create --username=$app +#================================================= +# RESTORE USER RIGHTS +#================================================= + +# Restore permissions on app files +chown -R root: $final_path + #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" +#================================================= +# RESTORE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the fail2ban configuration..." --time --weight=1 + +ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + #================================================= # GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading nginx web server and php-fpm..." +ynh_script_progression --message="Reloading nginx web server and php-fpm..." --time --weight=1 ynh_systemd_action --service_name=php7.0-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload @@ -81,4 +101,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --last \ No newline at end of file +ynh_script_progression --message="Restoration completed for $app" --time --last \ No newline at end of file diff --git a/scripts/upgrade b/scripts/upgrade index 1f4a986..7c4d209 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,12 +12,13 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=2 +ynh_script_progression --message="Loading installation settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) +admin=$(ynh_app_setting_get --app=$app --key=admin) is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) language=$(ynh_app_setting_get --app=$app --key=language) @@ -26,12 +27,19 @@ display_mode=$(ynh_app_setting_get --app=$app --key=display_mode) #================================================= # CHECK VERSION #================================================= + +### This helper will compare the version of the currently installed app and the version of the upstream package. +### $upgrade_type can have 2 different values +### - UPGRADE_APP if the upstream app version has changed +### - UPGRADE_PACKAGE if only the YunoHost package has changed +### ynh_check_app_version_changed will stop the upgrade if the app is up to date. +### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_script_progression --message="Ensuring downward compatibility..." +ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 # Fix is_public as a boolean value if [ "$is_public" = "Yes" ]; then @@ -51,7 +59,7 @@ fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=3 +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1 # Backup the current version of the app ynh_backup_before_upgrade @@ -67,6 +75,11 @@ ynh_abort_if_errors #================================================= # Normalize the URL path syntax +# N.B. : this is for app installations before YunoHost 2.7 +# where this value might be something like /foo/ or foo/ +# instead of /foo .... +# If nobody installed your app before 2.7, then you may +# safely remove this line path_url=$(ynh_normalize_url_path --path_url=$path_url) #================================================= @@ -77,29 +90,19 @@ path_url=$(ynh_normalize_url_path --path_url=$path_url) if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_script_progression --message="Upgrading source files..." --weight=6 + ynh_script_progression --message="Upgrading source files..." --time --weight=1 # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" - - # Clear cache - ynh_secure_remove --file="$final_path/var/cache" - mkdir "$final_path/var/cache" fi #================================================= # NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Upgrading nginx web server configuration..." --time --weight=1 -modified_config=$(ynh_backup_if_checksum_is_different --file="/etc/nginx/conf.d/$domain.d/$app.conf") -# Replace nginx config only if it wasn't modified. -if [ -z "$modified_config" ] -then - ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=2 - - # Create a dedicated nginx config - ynh_add_nginx_config -fi +# Create a dedicated nginx config +ynh_add_nginx_config #================================================= # CREATE DEDICATED USER @@ -112,20 +115,23 @@ ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Upgrading php-fpm configuration..." --time --weight=1 -modified_config=$(ynh_backup_if_checksum_is_different --file="/etc/php/7.0/fpm/pool.d/$app.conf") -# Replace nginx config only if it wasn't modified. -if [ -z "$modified_config" ] -then - ynh_script_progression --message="Upgrading php-fpm configuration..." --weight=2 - - # Create a dedicated php-fpm config - ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file="../conf/php-fpm.conf" - ynh_add_fpm_config -fi +# Create a dedicated php-fpm config +ynh_add_fpm_config #================================================= # SPECIFIC UPGRADE +#================================================= +# STORE THE CONFIG FILE CHECKSUM +#================================================= + +### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. +### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. +ynh_backup_if_checksum_is_different --file="$final_path/phpsysinfo.ini" +# Recalculate and store the checksum of the file for the next upgrade. +ynh_store_file_checksum --file="$final_path/phpsysinfo.ini" + #================================================= # CONFIGURE PHPSYSINFO #================================================= @@ -140,24 +146,39 @@ then cp -r ../conf/phpsysinfo.ini "$final_path" fi - #================================================= # GENERIC FINALIZATION +#================================================= +# UPGRADE FAIL2BAN +#================================================= +ynh_script_progression --message="Reconfiguring fail2ban..." --time --weight=1 + +# Create a dedicated fail2ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" + +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions on app files +chown -R root: $final_path + #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." +ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1 # Make app public if necessary if [ $is_public -eq 1 ] then - ynh_app_setting_set --app=$app --key=skipped_uris --value="/" + # unprotected_uris allows SSO credentials to be passed anyway + ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading nginx web server..." --time --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -165,4 +186,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --last \ No newline at end of file +ynh_script_progression --message="Upgrade of $app completed" --time --last \ No newline at end of file