mirror of
https://github.com/YunoHost-Apps/piwigo_ynh.git
synced 2024-09-03 20:06:03 +02:00
Merge pull request #33 from YunoHost-Apps/package_upgrade
Package upgrade
This commit is contained in:
commit
31b85ca9d0
16 changed files with 709 additions and 328 deletions
50
README.md
50
README.md
|
@ -1,19 +1,35 @@
|
|||
Piwigo for YunoHost
|
||||
---------------------
|
||||
# Piwigo for YunoHost
|
||||
|
||||
[![Integration level](https://dash.yunohost.org/integration/piwigo.svg)](https://dash.yunohost.org/appci/app/piwigo)
|
||||
[![Install Piwigo with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=piwigo)
|
||||
|
||||
[![Integration level](https://dash.yunohost.org/integration/piwigo.svg)](https://ci-apps.yunohost.org/jenkins/job/piwigo%20%28Community%29/lastBuild/consoleFull)
|
||||
> *This package allow you to install Piwigo quickly and simply on a YunoHost server.
|
||||
If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
|
||||
|
||||
[Piwigo](http://piwigo.org) is a photo gallery software for the web, built by an active community of users and developers.
|
||||
## Overview
|
||||
|
||||
[Piwigo](http://piwigo.org) is a photo gallery software for the web, built by an active community of users and developers
|
||||
Extensions make Piwigo easily customizable. Icing on the cake, Piwigo is free and opensource.
|
||||
|
||||
**Shipped version:** 2.9.4
|
||||
|
||||
## Screenshots
|
||||
|
||||
![](http://piwigo.org/screenshots/homepage/piwigo-batch-manager.png)
|
||||
|
||||
## Features
|
||||
## Demo
|
||||
|
||||
* [YunoHost demo](https://demo.yunohost.org/piwigo/)
|
||||
* [Official demo](http://piwigo.org/demo/)
|
||||
|
||||
## Configuration
|
||||
|
||||
## Documentation
|
||||
|
||||
* Official documentation: https://piwigo.org/doc/doku.php
|
||||
* YunoHost documentation: https://yunohost.org/#/app_piwigo
|
||||
|
||||
## YunoHost specific features
|
||||
|
||||
In addition to Piwigo core features, the following are made available with
|
||||
this package:
|
||||
|
@ -25,14 +41,32 @@ this package:
|
|||
* allow other users management, and guest mode
|
||||
* Allow one YunoHost user to be the administrator (set at the installation)
|
||||
|
||||
#### Supported architectures
|
||||
|
||||
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/piwigo%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/piwigo/)
|
||||
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/piwigo%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/piwigo/)
|
||||
* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/piwigo%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/piwigo/)
|
||||
|
||||
## Limitations
|
||||
|
||||
No limitation known.
|
||||
|
||||
It has been tested on x86_64 and ARM.
|
||||
## Additionnal informations
|
||||
|
||||
## Links
|
||||
|
||||
* Report a bug: https://github.com/YunoHost-Apps/piwigo_ynh/issues
|
||||
* Piwigo website: http://piwigo.org/
|
||||
* YunoHost website: https://yunohost.org/
|
||||
|
||||
---
|
||||
|
||||
Developers infos
|
||||
----------------
|
||||
|
||||
Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/piwigo_ynh/tree/testing).
|
||||
|
||||
To try the testing branch, please proceed like that.
|
||||
```
|
||||
sudo yunohost app install https://github.com/YunoHost-Apps/piwigo_ynh/tree/testing --debug
|
||||
or
|
||||
sudo yunohost app upgrade piwigo -u https://github.com/YunoHost-Apps/piwigo_ynh/tree/testing --debug
|
||||
```
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
SOURCE_URL=http://piwigo.org/download/dlcounter.php?code=2.9.4
|
||||
SOURCE_SUM=00fafe6887af62e34ee97dc9b8e4be0720af9f27ea1cdb16ab6217f462574a3c
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=zip
|
||||
SOURCE_IN_SUBDIR=true
|
||||
SOURCE_FILENAME=
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
<?php
|
||||
$conf['dblayer'] = 'mysqli';
|
||||
$conf['db_base'] = 'DBTOCHANGE';
|
||||
$conf['db_user'] = 'USERTOCHANGE';
|
||||
$conf['db_password'] = 'PASSTOCHANGE';
|
||||
$conf['db_base'] = '__DBTOCHANGE__';
|
||||
$conf['db_user'] = '__USERTOCHANGE__';
|
||||
$conf['db_password'] = '__PASSTOCHANGE__';
|
||||
$conf['db_host'] = 'localhost';
|
||||
|
||||
$prefixeTable = '';
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
SOURCE_URL=https://github.com/VSLCatena/ldap_login/archive/92fa2fc1abc7cd18e8005583855e468b57689616.zip
|
||||
SOURCE_SUM=9fe8d2fe3be234939a5dd3a92836202400a38a6d8b8a9b4250a8a522fe53d437
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=zip
|
||||
SOURCE_IN_SUBDIR=true
|
||||
SOURCE_FILENAME=
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
SOURCE_URL=http://piwigo.org/ext/download.php?rid=5525
|
||||
SOURCE_SUM=85b9a06f2c7ca8ae9698e6151c7631f519c945f696b02da72f9ff53243d7e4ca
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=zip
|
||||
SOURCE_IN_SUBDIR=false
|
||||
|
||||
SOURCE_FILENAME=
|
||||
|
|
|
@ -1,14 +1,20 @@
|
|||
location __PATH__ {
|
||||
alias __FINALPATH__/;
|
||||
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
|
||||
location __PATH__/ {
|
||||
|
||||
# Path to source
|
||||
alias __FINALPATH__/ ;
|
||||
|
||||
# Force usage of https
|
||||
if ($scheme = http) {
|
||||
rewrite ^ https://$server_name$request_uri? permanent;
|
||||
}
|
||||
|
||||
client_max_body_size 100M;
|
||||
index index.php;
|
||||
default_type text/html;
|
||||
location ~ [^/]\.php(/|$) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
|
||||
fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param REMOTE_USER $remote_user if_not_empty;
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
; Start a new pool named 'www'.
|
||||
; the variable $pool can we used in any directive and will be replaced by the
|
||||
; the variable $pool can be used in any directive and will be replaced by the
|
||||
; pool name ('www' here)
|
||||
[__NAMETOCHANGE__]
|
||||
|
||||
; Per pool prefix
|
||||
; It only applies on the following directives:
|
||||
; - 'access.log'
|
||||
; - 'slowlog'
|
||||
; - 'listen' (unixsocket)
|
||||
; - 'chroot'
|
||||
|
@ -24,17 +25,19 @@ group = __USER__
|
|||
|
||||
; The address on which to accept FastCGI requests.
|
||||
; Valid syntaxes are:
|
||||
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
|
||||
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
|
||||
; a specific port;
|
||||
; 'port' - to listen on a TCP socket to all addresses on a
|
||||
; specific port;
|
||||
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
|
||||
; a specific port;
|
||||
; 'port' - to listen on a TCP socket to all addresses
|
||||
; (IPv6 and IPv4-mapped) on a specific port;
|
||||
; '/path/to/unix/socket' - to listen on a unix socket.
|
||||
; Note: This value is mandatory.
|
||||
listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock
|
||||
listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock
|
||||
|
||||
; Set listen(2) backlog.
|
||||
; Default Value: 128 (-1 on FreeBSD and OpenBSD)
|
||||
;listen.backlog = 128
|
||||
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
|
||||
;listen.backlog = 511
|
||||
|
||||
; Set permissions for unix socket, if one is used. In Linux, read/write
|
||||
; permissions must be set in order to allow connections from a web server. Many
|
||||
|
@ -44,8 +47,13 @@ listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock
|
|||
listen.owner = www-data
|
||||
listen.group = www-data
|
||||
;listen.mode = 0660
|
||||
; When POSIX Access Control Lists are supported you can set them using
|
||||
; these options, value is a comma separated list of user/group names.
|
||||
; When set, listen.owner and listen.group are ignored
|
||||
;listen.acl_users =
|
||||
;listen.acl_groups =
|
||||
|
||||
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
|
||||
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
|
||||
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
|
||||
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
|
||||
; must be separated by a comma. If this value is left blank, connections will be
|
||||
|
@ -59,7 +67,13 @@ listen.group = www-data
|
|||
; - The pool processes will inherit the master process priority
|
||||
; unless it specified otherwise
|
||||
; Default Value: no set
|
||||
; priority = -19
|
||||
; process.priority = -19
|
||||
|
||||
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
|
||||
; or group is differrent than the master process user. It allows to create process
|
||||
; core dump and ptrace the process for the pool user.
|
||||
; Default Value: no
|
||||
; process.dumpable = yes
|
||||
|
||||
; Choose how the process manager will control the number of child processes.
|
||||
; Possible Values:
|
||||
|
@ -96,7 +110,7 @@ pm = dynamic
|
|||
; forget to tweak pm.* to fit your needs.
|
||||
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
|
||||
; Note: This value is mandatory.
|
||||
pm.max_children = 10
|
||||
pm.max_children = 5
|
||||
|
||||
; The number of child processes created on startup.
|
||||
; Note: Used only when pm is set to 'dynamic'
|
||||
|
@ -122,7 +136,7 @@ pm.max_spare_servers = 3
|
|||
; This can be useful to work around memory leaks in 3rd party libraries. For
|
||||
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
|
||||
; Default Value: 0
|
||||
pm.max_requests = 500
|
||||
;pm.max_requests = 500
|
||||
|
||||
; The URI to view the FPM status page. If this value is not set, no URI will be
|
||||
; recognized as a status page. It shows the following informations:
|
||||
|
@ -215,7 +229,7 @@ pm.max_requests = 500
|
|||
; last request memory: 0
|
||||
;
|
||||
; Note: There is a real-time FPM status monitoring sample web page available
|
||||
; It's available in: ${prefix}/share/fpm/status.html
|
||||
; It's available in: /usr/share/php/7.0/fpm/status.html
|
||||
;
|
||||
; Note: The value must start with a leading slash (/). The value can be
|
||||
; anything, but it may not be a good idea to use the .php extension or it
|
||||
|
@ -275,7 +289,7 @@ pm.max_requests = 500
|
|||
; - %{megabytes}M
|
||||
; - %{mega}M
|
||||
; %n: pool name
|
||||
; %o: ouput header
|
||||
; %o: output header
|
||||
; it must be associated with embraces to specify the name of the header:
|
||||
; - %{Content-Type}o
|
||||
; - %{X-Powered-By}o
|
||||
|
@ -291,9 +305,13 @@ pm.max_requests = 500
|
|||
; %t: server time the request was received
|
||||
; it can accept a strftime(3) format:
|
||||
; %d/%b/%Y:%H:%M:%S %z (default)
|
||||
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
|
||||
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
|
||||
; %T: time the log has been written (the request has finished)
|
||||
; it can accept a strftime(3) format:
|
||||
; %d/%b/%Y:%H:%M:%S %z (default)
|
||||
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
|
||||
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
|
||||
; %u: remote user
|
||||
;
|
||||
; Default: "%R - %u %t \"%m %r\" %s"
|
||||
|
@ -302,13 +320,13 @@ pm.max_requests = 500
|
|||
; The log file for slow requests
|
||||
; Default Value: not set
|
||||
; Note: slowlog is mandatory if request_slowlog_timeout is set
|
||||
slowlog = /var/log/nginx/{POOLNAME}.slow.log
|
||||
;slowlog = log/$pool.log.slow
|
||||
|
||||
; The timeout for serving a single request after which a PHP backtrace will be
|
||||
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
|
||||
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
|
||||
; Default Value: 0
|
||||
request_slowlog_timeout = 5s
|
||||
;request_slowlog_timeout = 0
|
||||
|
||||
; The timeout for serving a single request after which the worker process will
|
||||
; be killed. This option should be used when the 'max_execution_time' ini option
|
||||
|
@ -347,15 +365,24 @@ chdir = __FINALPATH__
|
|||
; Note: on highloaded environement, this can cause some delay in the page
|
||||
; process time (several ms).
|
||||
; Default Value: no
|
||||
catch_workers_output = yes
|
||||
;catch_workers_output = yes
|
||||
|
||||
; Clear environment in FPM workers
|
||||
; Prevents arbitrary environment variables from reaching FPM worker processes
|
||||
; by clearing the environment in workers before env vars specified in this
|
||||
; pool configuration are added.
|
||||
; Setting to "no" will make all environment variables available to PHP code
|
||||
; via getenv(), $_ENV and $_SERVER.
|
||||
; Default Value: yes
|
||||
;clear_env = no
|
||||
|
||||
; Limits the extensions of the main script FPM will allow to parse. This can
|
||||
; prevent configuration mistakes on the web server side. You should only limit
|
||||
; FPM to .php extensions to prevent malicious users to use other extensions to
|
||||
; exectute php code.
|
||||
; execute php code.
|
||||
; Note: set an empty value to allow all extensions.
|
||||
; Default Value: .php
|
||||
;security.limit_extensions = .php .php3 .php4 .php5
|
||||
;security.limit_extensions = .php .php3 .php4 .php5 .php7
|
||||
|
||||
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
|
||||
; the current environment.
|
||||
|
@ -389,6 +416,19 @@ catch_workers_output = yes
|
|||
;php_flag[display_errors] = off
|
||||
;php_admin_value[error_log] = /var/log/fpm-php.www.log
|
||||
;php_admin_flag[log_errors] = on
|
||||
;php_admin_value[memory_limit] = 32M
|
||||
|
||||
; Common values to change to increase file upload limit
|
||||
; php_admin_value[upload_max_filesize] = 50M
|
||||
; php_admin_value[post_max_size] = 50M
|
||||
; php_admin_flag[mail.add_x_header] = Off
|
||||
|
||||
; Other common parameters
|
||||
; php_admin_value[max_execution_time] = 600
|
||||
; php_admin_value[max_input_time] = 300
|
||||
; php_admin_value[memory_limit] = 256M
|
||||
; php_admin_flag[short_open_tag] = On
|
||||
|
||||
php_admin_value[memory_limit] = 64M
|
||||
|
||||
; Common values to change to increase file upload limit
|
||||
|
|
|
@ -15,12 +15,12 @@
|
|||
"url": ""
|
||||
},
|
||||
"requirements": {
|
||||
"yunohost": ">= 2.7.2"
|
||||
"yunohost": ">= 3.4"
|
||||
},
|
||||
"multi_instance": true,
|
||||
"services": [
|
||||
"nginx",
|
||||
"php5-fpm",
|
||||
"php7.0-fpm",
|
||||
"mysql"
|
||||
],
|
||||
"arguments": {
|
||||
|
@ -64,6 +64,7 @@
|
|||
},
|
||||
{
|
||||
"name": "language",
|
||||
"type": "string",
|
||||
"ask": {
|
||||
"en": "Choose the application language",
|
||||
"fr": "Choisissez la langue de l'application"
|
||||
|
|
|
@ -1,35 +1,122 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Common variables
|
||||
#
|
||||
|
||||
pkg_dependencies="php5-gd php5-imagick imagemagick"
|
||||
#=================================================
|
||||
# COMMON VARIABLES
|
||||
#=================================================
|
||||
|
||||
# ============= FUTURE YUNOHOST HELPERS =============
|
||||
pkg_dependencies="php-gd php-imagick imagemagick"
|
||||
|
||||
#=================================================
|
||||
# FUTURE OFFICIAL HELPERS
|
||||
#=================================================
|
||||
|
||||
# Create a dedicated fail2ban config (jail and filter conf files)
|
||||
#
|
||||
# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]]
|
||||
# | arg: log_file - Log file to be checked by fail2ban
|
||||
# | arg: failregex - Failregex to be looked for by fail2ban
|
||||
# | arg: max_retry - Maximum number of retries allowed before banning IP address - default: 3
|
||||
# | arg: ports - Ports blocked for a banned IP address - default: http,https
|
||||
# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports]
|
||||
# | arg: -l, --logpath= - Log file to be checked by fail2ban
|
||||
# | arg: -r, --failregex= - Failregex to be looked for by fail2ban
|
||||
# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3
|
||||
# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https
|
||||
#
|
||||
# -----------------------------------------------------------------------------
|
||||
#
|
||||
# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
|
||||
# | arg: -t, --use_template - Use this helper in template mode
|
||||
# | arg: -v, --others_var= - List of others variables to replace separeted by a space
|
||||
# | for example : 'var_1 var_2 ...'
|
||||
#
|
||||
# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf
|
||||
# __APP__ by $app
|
||||
#
|
||||
# You can dynamically replace others variables by example :
|
||||
# __VAR_1__ by $var_1
|
||||
# __VAR_2__ by $var_2
|
||||
#
|
||||
# Generally your template will look like that by example (for synapse):
|
||||
#
|
||||
# f2b_jail.conf:
|
||||
# [__APP__]
|
||||
# enabled = true
|
||||
# port = http,https
|
||||
# filter = __APP__
|
||||
# logpath = /var/log/__APP__/logfile.log
|
||||
# maxretry = 3
|
||||
#
|
||||
# f2b_filter.conf:
|
||||
# [INCLUDES]
|
||||
# before = common.conf
|
||||
# [Definition]
|
||||
#
|
||||
# # Part of regex definition (just used to make more easy to make the global regex)
|
||||
# __synapse_start_line = .? \- synapse\..+ \-
|
||||
#
|
||||
# # Regex definition.
|
||||
# failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- <HOST> \- \d+ \- Received request\: POST /_matrix/client/r0/login\??<SKIPLINES>%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'<SKIPLINES>%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$
|
||||
#
|
||||
# ignoreregex =
|
||||
#
|
||||
# -----------------------------------------------------------------------------
|
||||
#
|
||||
# Note about the "failregex" option:
|
||||
# regex to match the password failure messages in the logfile. The
|
||||
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||
# be used for standard IP/hostname matching and is only an alias for
|
||||
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||
#
|
||||
# You can find some more explainations about how to make a regex here :
|
||||
# https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
|
||||
#
|
||||
# Note that the logfile need to exist before to call this helper !!
|
||||
#
|
||||
# To validate your regex you can test with this command:
|
||||
# fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf
|
||||
#
|
||||
ynh_add_fail2ban_config () {
|
||||
# Process parameters
|
||||
logpath=$1
|
||||
failregex=$2
|
||||
max_retry=${3:-3}
|
||||
ports=${4:-http,https}
|
||||
|
||||
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
|
||||
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
|
||||
# Declare an array to define the options of this helper.
|
||||
declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
|
||||
local logpath
|
||||
local failregex
|
||||
local max_retry
|
||||
local ports
|
||||
local others_var
|
||||
local use_template
|
||||
# Manage arguments with getopts
|
||||
ynh_handle_getopts_args "$@"
|
||||
use_template="${use_template:-0}"
|
||||
max_retry=${max_retry:-3}
|
||||
ports=${ports:-http,https}
|
||||
|
||||
finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
|
||||
finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
|
||||
ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1
|
||||
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1
|
||||
ynh_backup_if_checksum_is_different "$finalfail2banjailconf"
|
||||
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf"
|
||||
|
||||
sudo tee $finalfail2banjailconf <<EOF
|
||||
if [ $use_template -eq 1 ]
|
||||
then
|
||||
# Usage 2, templates
|
||||
cp ../conf/f2b_jail.conf $finalfail2banjailconf
|
||||
cp ../conf/f2b_filter.conf $finalfail2banfilterconf
|
||||
|
||||
if [ -n "${app:-}" ]
|
||||
then
|
||||
ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf"
|
||||
ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf"
|
||||
fi
|
||||
|
||||
# Replace all other variable given as arguments
|
||||
for var_to_replace in ${others_var:-}; do
|
||||
# ${var_to_replace^^} make the content of the variable on upper-cases
|
||||
# ${!var_to_replace} get the content of the variable named $var_to_replace
|
||||
ynh_replace_string "__${var_to_replace^^}__" "${!var_to_replace}" "$finalfail2banjailconf"
|
||||
ynh_replace_string "__${var_to_replace^^}__" "${!var_to_replace}" "$finalfail2banfilterconf"
|
||||
done
|
||||
|
||||
else
|
||||
# Usage 1, no template. Build a config file from scratch.
|
||||
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
|
||||
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
|
||||
|
||||
tee $finalfail2banjailconf <<EOF
|
||||
[$app]
|
||||
enabled = true
|
||||
port = $ports
|
||||
|
@ -38,23 +125,25 @@ logpath = $logpath
|
|||
maxretry = $max_retry
|
||||
EOF
|
||||
|
||||
sudo tee $finalfail2banfilterconf <<EOF
|
||||
tee $finalfail2banfilterconf <<EOF
|
||||
[INCLUDES]
|
||||
before = common.conf
|
||||
[Definition]
|
||||
failregex = $failregex
|
||||
ignoreregex =
|
||||
EOF
|
||||
fi
|
||||
|
||||
# Common to usage 1 and 2.
|
||||
ynh_store_file_checksum "$finalfail2banjailconf"
|
||||
ynh_store_file_checksum "$finalfail2banfilterconf"
|
||||
|
||||
systemctl restart fail2ban
|
||||
systemctl try-reload-or-restart fail2ban
|
||||
|
||||
local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
|
||||
if [ -n "$fail2ban_error" ]
|
||||
then
|
||||
echo "[ERR] Fail2ban failed to load the jail for $app" >&2
|
||||
echo "WARNING${fail2ban_error#*WARNING}" >&2
|
||||
if [[ -n "$fail2ban_error" ]]; then
|
||||
ynh_print_err "Fail2ban failed to load the jail for $app"
|
||||
ynh_print_warn "${fail2ban_error#*WARNING}"
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -64,16 +153,44 @@ EOF
|
|||
ynh_remove_fail2ban_config () {
|
||||
ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
|
||||
sudo systemctl restart fail2ban
|
||||
systemctl try-reload-or-restart fail2ban
|
||||
}
|
||||
|
||||
# Delete a file checksum from the app settings
|
||||
#=================================================
|
||||
|
||||
# Check available space before creating a temp directory.
|
||||
#
|
||||
# $app should be defined when calling this helper
|
||||
# usage: ynh_smart_mktemp --min_size="Min size"
|
||||
#
|
||||
# usage: ynh_remove_file_checksum file
|
||||
# | arg: file - The file for which the checksum will be deleted
|
||||
ynh_delete_file_checksum () {
|
||||
local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_'
|
||||
ynh_app_setting_delete $app $checksum_setting_name
|
||||
# | arg: -s, --min_size= - Minimal size needed for the temporary directory, in Mb
|
||||
ynh_smart_mktemp () {
|
||||
# Declare an array to define the options of this helper.
|
||||
declare -Ar args_array=( [s]=min_size= )
|
||||
local min_size
|
||||
# Manage arguments with getopts
|
||||
ynh_handle_getopts_args "$@"
|
||||
|
||||
min_size="${min_size:-300}"
|
||||
# Transform the minimum size from megabytes to kilobytes
|
||||
min_size=$(( $min_size * 1024 ))
|
||||
|
||||
# Check if there's enough free space in a directory
|
||||
is_there_enough_space () {
|
||||
local free_space=$(df --output=avail "$1" | sed 1d)
|
||||
test $free_space -ge $min_size
|
||||
}
|
||||
|
||||
if is_there_enough_space /tmp; then
|
||||
local tmpdir=/tmp
|
||||
elif is_there_enough_space /var; then
|
||||
local tmpdir=/var
|
||||
elif is_there_enough_space /; then
|
||||
local tmpdir=/
|
||||
elif is_there_enough_space /home; then
|
||||
local tmpdir=/home
|
||||
else
|
||||
ynh_die "Insufficient free space to continue..."
|
||||
fi
|
||||
|
||||
echo "$(sudo mktemp --directory --tmpdir="$tmpdir")"
|
||||
}
|
||||
|
|
|
@ -1,16 +1,12 @@
|
|||
#!/bin/bash
|
||||
|
||||
|
||||
#=================================================
|
||||
# GENERIC START
|
||||
#=================================================
|
||||
# IMPORT GENERIC HELPERS
|
||||
#=================================================
|
||||
|
||||
if [ ! -e _common.sh ]; then
|
||||
# Fetch helpers file if not in current directory
|
||||
cp ../settings/scripts/_common.sh ./_common.sh
|
||||
chmod a+rx _common.sh
|
||||
fi
|
||||
source _common.sh
|
||||
source ../settings/scripts/_common.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
#=================================================
|
||||
|
@ -23,6 +19,7 @@ ynh_abort_if_errors
|
|||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_print_info "Loading installation settings..."
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
|
@ -33,42 +30,55 @@ db_name=$(ynh_app_setting_get $app db_name)
|
|||
#=================================================
|
||||
# STANDARD BACKUP STEPS
|
||||
#=================================================
|
||||
# BACKUP APP MAIN DIR
|
||||
# BACKUP THE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_print_info "Backing up the main app directory..."
|
||||
|
||||
ynh_backup "$final_path"
|
||||
|
||||
# Copy the data directory
|
||||
backup_core_only=$(ynh_app_setting_get "$app" backup_core_only)
|
||||
if [ -z $backup_core_only ] # If backup_core_only setting set, don't backup data directory
|
||||
then
|
||||
ynh_backup /home/yunohost.app/${app}/upload
|
||||
else
|
||||
echo "Data dir won't be saved, because backup_core_only is set." >&2
|
||||
# Remove the option so that next regular backup will be complete
|
||||
ynh_app_setting_delete $app backup_core_only
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# BACKUP FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# BACKUP NGINX CONFIGURATION
|
||||
# BACKUP THE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_print_info "Backing up nginx web server configuration..."
|
||||
|
||||
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# BACKUP PHP-FPM CONFIGURATION
|
||||
# BACKUP THE PHP-FPM CONFIGURATION
|
||||
#=================================================
|
||||
ynh_print_info "Backing up php-fpm configuration..."
|
||||
|
||||
ynh_backup "/etc/php5/fpm/pool.d/$app.conf"
|
||||
ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# BACKUP MYSQL DB
|
||||
# BACKUP THE MYSQL DATABASE
|
||||
#=================================================
|
||||
ynh_print_info "Backing up the MySQL database..."
|
||||
|
||||
ynh_mysql_dump_db "$db_name" > db.sql
|
||||
|
||||
#=================================================
|
||||
# BACKUP FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
ynh_print_info "Backing up fail2ban configuration..."
|
||||
|
||||
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC BACKUP
|
||||
#=================================================
|
||||
# BACKUP THE DATA DIRECTORY
|
||||
#=================================================
|
||||
ynh_print_info "Backing up data directory..."
|
||||
|
||||
# The 1 parameter indicates the directory is "big",
|
||||
# so that it won't be backed up before upgrade
|
||||
# This argument has to be the third one.
|
||||
ynh_backup "/home/yunohost.app/${app}/upload" "/home/yunohost.app/${app}/upload" 1
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
|
||||
|
|
|
@ -21,6 +21,14 @@ new_path=$YNH_APP_NEW_PATH
|
|||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_print_info "Loading installation settings..."
|
||||
|
||||
# Needed for helper "ynh_add_nginx_config"
|
||||
final_path=$(ynh_app_setting_get $app final_path)
|
||||
|
||||
#=================================================
|
||||
# CHECK PATHS SYNTAX
|
||||
#=================================================
|
||||
|
@ -51,6 +59,7 @@ fi
|
|||
#=================================================
|
||||
# MODIFY URL IN NGINX CONF FILE
|
||||
#=================================================
|
||||
ynh_print_info "Updating nginx web server configuration..."
|
||||
|
||||
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
|
||||
|
||||
|
@ -59,18 +68,17 @@ if [ $change_path -eq 1 ]
|
|||
then
|
||||
# Make a backup of the original nginx config file if modified
|
||||
ynh_backup_if_checksum_is_different "$nginx_conf_path"
|
||||
# Replace locations starting with old_path
|
||||
# Look for every location possible patterns (see https://nginx.org/en/docs/http/ngx_http_core_module.html#location)
|
||||
ynh_replace_string "location\( \(=\|~\|~\*\|\^~\)\)\? $old_path" "location\1 $new_path" "$nginx_conf_path"
|
||||
# Replace path in "return" directives
|
||||
ynh_replace_string "return \([[:digit:]]\{3\}\) $old_path" "return \1 $new_path" "$nginx_conf_path"
|
||||
# Calculate and store the nginx config file checksum
|
||||
ynh_store_file_checksum "$nginx_conf_path"
|
||||
# Set global variables for nginx helper
|
||||
domain="$old_domain"
|
||||
path_url="$new_path"
|
||||
# Create a dedicated nginx config
|
||||
ynh_add_nginx_config
|
||||
fi
|
||||
|
||||
# Change the domain for nginx
|
||||
if [ $change_domain -eq 1 ]
|
||||
then
|
||||
# Delete file checksum for the old conf file location
|
||||
ynh_delete_file_checksum "$nginx_conf_path"
|
||||
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
|
||||
# Store file checksum for the new config file location
|
||||
|
@ -82,5 +90,12 @@ fi
|
|||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
ynh_print_info "Reloading nginx web server..."
|
||||
|
||||
systemctl reload nginx
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_print_info "Change of url completed for $app"
|
||||
|
|
166
scripts/install
166
scripts/install
|
@ -1,5 +1,4 @@
|
|||
#!/bin/bash
|
||||
shopt -s extglob # sets extended pattern matching options in the bash shell
|
||||
|
||||
#=================================================
|
||||
# GENERIC STARTING
|
||||
|
@ -14,79 +13,75 @@ source /usr/share/yunohost/helpers
|
|||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
ynh_abort_if_errors # Stop script if an error is detected
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
||||
#=================================================
|
||||
|
||||
# Retrieve app id
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
# Retrieve arguments
|
||||
domain=$YNH_APP_ARG_DOMAIN
|
||||
path_url=$YNH_APP_ARG_PATH
|
||||
admin=$YNH_APP_ARG_ADMIN
|
||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
||||
language=$YNH_APP_ARG_LANGUAGE
|
||||
|
||||
if [ "$language" = "fr" ] ; then
|
||||
applanguage="fr_FR"
|
||||
else
|
||||
applanguage="en_UK"
|
||||
fi
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
#=================================================
|
||||
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
||||
#=================================================
|
||||
|
||||
path_url=$(ynh_normalize_url_path $path_url) # Check and normalize path
|
||||
ynh_print_info "Validating installation parameters..."
|
||||
|
||||
final_path=/var/www/$app
|
||||
test ! -e "$final_path" || ynh_die "This path already contains a folder"
|
||||
|
||||
# Check web path availability
|
||||
ynh_webpath_available $domain $path_url
|
||||
# Normalize the url path syntax
|
||||
path_url=$(ynh_normalize_url_path $path_url)
|
||||
|
||||
# Register (book) web path
|
||||
ynh_webpath_register $app $domain $path_url
|
||||
|
||||
#=================================================
|
||||
# STORE SETTINGS FROM MANIFEST
|
||||
#=================================================
|
||||
ynh_print_info "Storing installation settings..."
|
||||
|
||||
ynh_app_setting_set $app domain "$domain"
|
||||
ynh_app_setting_set $app path_url "$path_url"
|
||||
ynh_app_setting_set $app admin "$admin"
|
||||
ynh_app_setting_set $app is_public "$is_public"
|
||||
ynh_app_setting_set $app language "$language"
|
||||
ynh_app_setting_set $app domain $domain
|
||||
ynh_app_setting_set $app path $path_url
|
||||
ynh_app_setting_set $app admin $admin
|
||||
ynh_app_setting_set $app is_public $is_public
|
||||
ynh_app_setting_set $app language $language
|
||||
|
||||
#=================================================
|
||||
# STANDARD MODIFICATIONS
|
||||
#=================================================
|
||||
# INSTALL DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_print_info "Installing dependencies..."
|
||||
|
||||
ynh_install_app_dependencies "$pkg_dependencies"
|
||||
|
||||
#=================================================
|
||||
# CREATE A MYSQL DB
|
||||
#=================================================
|
||||
ynh_print_info "Creating a MySQL database..."
|
||||
|
||||
db_name=$(ynh_sanitize_dbid $app)
|
||||
db_user="$db_name"
|
||||
ynh_app_setting_set "$app" db_name "$db_name"
|
||||
|
||||
# Initialize database
|
||||
ynh_mysql_setup_db "$db_user" "$db_name"
|
||||
ynh_app_setting_set $app db_name $db_name
|
||||
ynh_mysql_setup_db $db_name $db_name
|
||||
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
#=================================================
|
||||
ynh_print_info "Setting up source files..."
|
||||
|
||||
ynh_app_setting_set $app final_path $final_path
|
||||
|
||||
ynh_app_setting_set $app final_path "$final_path"
|
||||
# Create tmp directory and fetch app inside
|
||||
tmpdir=$(mktemp -d)
|
||||
tmpdir="$(ynh_smart_mktemp --min_size=300)"
|
||||
ynh_setup_source "$tmpdir"
|
||||
|
||||
# Fetch needed plugins
|
||||
mkdir -p $tmpdir/plugins/Ldap_Login
|
||||
ynh_setup_source "$tmpdir/plugins/Ldap_Login" ldap_plugin
|
||||
|
@ -95,12 +90,27 @@ ynh_setup_source "$tmpdir/plugins" log_failed_logins_plugin
|
|||
#=================================================
|
||||
# CREATE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_print_info "Configuring system user..."
|
||||
|
||||
ynh_system_user_create $app # Create a dedicated system user
|
||||
# Create a system user
|
||||
ynh_system_user_create $app
|
||||
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_print_info "Configuring nginx web server..."
|
||||
|
||||
# Create a dedicated nginx config
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC SETUP
|
||||
#=================================================
|
||||
# COPY FILES TO $FINAL_PATH
|
||||
#=================================================
|
||||
|
||||
# sets extended pattern matching options in the bash shell
|
||||
shopt -s extglob
|
||||
|
||||
# Install files and set permissions
|
||||
mkdir $final_path
|
||||
|
@ -123,69 +133,111 @@ chown -R $app: $final_path
|
|||
chown -R $app: $datapath
|
||||
chmod 755 -R $final_path/_data
|
||||
|
||||
#=================================================
|
||||
# NGINX AND PHP-FPM CONFIGURATION
|
||||
#=================================================
|
||||
ynh_secure_remove "$tmpdir"
|
||||
|
||||
ynh_add_nginx_config
|
||||
#=================================================
|
||||
# PHP-FPM CONFIGURATION
|
||||
#=================================================
|
||||
ynh_print_info "Configuring php-fpm..."
|
||||
|
||||
# Copy and set php-fpm configuration
|
||||
# Create a dedicated php-fpm config
|
||||
ynh_add_fpm_config
|
||||
|
||||
#=================================================
|
||||
# SETUP APPLICATION WITH CURL
|
||||
#=================================================
|
||||
ynh_print_info "Installing piwigo with Curl..."
|
||||
|
||||
ynh_app_setting_set $app unprotected_uris "/"
|
||||
# Reload SSOwat config
|
||||
yunohost app ssowatconf
|
||||
|
||||
# Reload Nginx
|
||||
systemctl reload nginx
|
||||
|
||||
# Generate random password for admin
|
||||
adm_pwd=$(ynh_string_random 24)
|
||||
ynh_app_setting_set $app admin_pwd "$adm_pwd"
|
||||
|
||||
if [ "$language" = "fr" ] ; then
|
||||
applanguage="fr_FR"
|
||||
else
|
||||
applanguage="en_UK"
|
||||
fi
|
||||
|
||||
# Configure piwigo via curl
|
||||
mail="$(ynh_user_get_info $admin mail)"
|
||||
|
||||
# Installation with curl
|
||||
ynh_local_curl "/install.php?language=$applanguage" "install=true" "dbuser=$db_name" "dbpasswd=$db_pwd" "dbname=$db_name" "admin_name=$admin" "admin_pass1=$adm_pwd" "admin_pass2=$adm_pwd" "admin_mail=$mail"
|
||||
|
||||
#=================================================
|
||||
# CONFIGURE PIWIGO
|
||||
#=================================================
|
||||
|
||||
ynh_app_setting_set "$app" unprotected_uris "/"
|
||||
yunohost app ssowatconf
|
||||
|
||||
# Generate random password for admin
|
||||
|
||||
adm_pwd=$(ynh_string_random 24)
|
||||
ynh_app_setting_set $app admin_pwd "$adm_pwd"
|
||||
|
||||
# Configure piwigo via curl
|
||||
mail="$(ynh_user_get_info $admin mail)"
|
||||
ynh_local_curl "/install.php?language=$applanguage" "install=true" "dbuser=$db_user" "dbpasswd=$db_pwd" "dbname=$db_name" "admin_name=$admin" "admin_pass1=$adm_pwd" "admin_pass2=$adm_pwd" "admin_mail=$mail"
|
||||
ynh_print_info "Configuring piwigo..."
|
||||
|
||||
# Change local config
|
||||
cp ../conf/config.inc.php $final_path/local/config/
|
||||
|
||||
# Calculate and store the config file checksum
|
||||
ynh_store_file_checksum "$final_path/local/config/config.inc.php"
|
||||
|
||||
# Setup database in local/config/database.inc.php
|
||||
ynh_replace_string "DBTOCHANGE" "$db_name" ../conf/database.inc.php
|
||||
ynh_replace_string "USERTOCHANGE" "$db_user" ../conf/database.inc.php
|
||||
ynh_replace_string "PASSTOCHANGE" "$db_pwd" ../conf/database.inc.php
|
||||
ynh_replace_string "__DBTOCHANGE__" "$db_name" ../conf/database.inc.php
|
||||
ynh_replace_string "__USERTOCHANGE__" "$db_name" ../conf/database.inc.php
|
||||
ynh_replace_string "__PASSTOCHANGE__" "$db_pwd" ../conf/database.inc.php
|
||||
|
||||
cp ../conf/database.inc.php $final_path/local/config/database.inc.php
|
||||
|
||||
# Calculate and store the database config file checksum
|
||||
ynh_store_file_checksum "$final_path/local/config/database.inc.php"
|
||||
|
||||
#=================================================
|
||||
# ADD LDAP & FAIL2BAN PLUGINS
|
||||
# ADD LDAP PLUGINS
|
||||
#=================================================
|
||||
ynh_print_info "Configuring LDAP plugin..."
|
||||
|
||||
# Configure and activate LDAP plugin
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('Ldap_Login','active','1.1');"
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('Ldap_Login','active','1.1');"
|
||||
cp ../conf/data.dat $final_path/plugins/Ldap_Login
|
||||
|
||||
#=================================================
|
||||
# CONFIGURE FAIL2BAN
|
||||
#=================================================
|
||||
ynh_print_info "Configuring fail2ban..."
|
||||
|
||||
# Configure and activate log_failed_logins plugin
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');"
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');"
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');"
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');"
|
||||
|
||||
touch "/var/log/${app}FailedLogins.log"
|
||||
chown $app: "/var/log/${app}FailedLogins.log"
|
||||
|
||||
# Set-up fail2ban
|
||||
ynh_add_fail2ban_config "/var/log/${app}FailedLogins.log" "ip=<HOST>" 6
|
||||
ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex="ip=<HOST>" --max_retry=6
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
ynh_print_info "Configuring SSOwat..."
|
||||
|
||||
# Protect URIs if private
|
||||
if [ $is_public -eq 0 ];
|
||||
if [ $is_public -eq 0 ]
|
||||
then
|
||||
ynh_app_setting_delete "$app" unprotected_uris
|
||||
ynh_app_setting_set "$app" protected_uris "/"
|
||||
ynh_app_setting_delete $app unprotected_uris
|
||||
ynh_app_setting_set $app protected_uris "/"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
ynh_print_info "Reloading nginx web server..."
|
||||
|
||||
systemctl reload nginx
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_print_info "Installation of $app completed"
|
||||
|
|
|
@ -12,48 +12,75 @@ source /usr/share/yunohost/helpers
|
|||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_print_info "Loading installation settings..."
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
domain=$(ynh_app_setting_get $app domain)
|
||||
db_name=$(ynh_app_setting_get $app db_name)
|
||||
final_path=$(ynh_app_setting_get $app final_path)
|
||||
|
||||
#=================================================
|
||||
# STANDARD REMOVE
|
||||
#=================================================
|
||||
# REMOVE DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_print_info "Removing dependencies"
|
||||
|
||||
# Remove metapackage and its dependencies
|
||||
ynh_remove_app_dependencies
|
||||
|
||||
#=================================================
|
||||
# REMOVE THE MYSQL DB
|
||||
# REMOVE THE MYSQL DATABASE
|
||||
#=================================================
|
||||
ynh_print_info "Removing the MySQL database"
|
||||
|
||||
ynh_mysql_remove_db "$app" "$db_name"
|
||||
# Remove a database if it exists, along with the associated user
|
||||
ynh_mysql_remove_db $db_name $db_name
|
||||
|
||||
#=================================================
|
||||
# REMOVE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_print_info "Removing app main directory"
|
||||
|
||||
ynh_secure_remove "/var/www/$app"
|
||||
# Remove the app directory securely
|
||||
ynh_secure_remove "$final_path"
|
||||
|
||||
#=================================================
|
||||
# REMOVE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_print_info "Removing nginx web server configuration"
|
||||
|
||||
# Remove the dedicated nginx config
|
||||
ynh_remove_nginx_config
|
||||
|
||||
#=================================================
|
||||
# REMOVE PHP-FPM CONFIGURATION
|
||||
#=================================================
|
||||
ynh_print_info "Removing php-fpm configuration"
|
||||
|
||||
# Remove the dedicated php-fpm config
|
||||
ynh_remove_fpm_config
|
||||
|
||||
#=================================================
|
||||
# REMOVE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
ynh_print_info "Removing fail2ban configuration"
|
||||
|
||||
ynh_remove_fail2ban_config
|
||||
|
||||
#=================================================
|
||||
# REMOVE NGINX AND PHP-FPM CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
ynh_remove_fpm_config
|
||||
ynh_remove_nginx_config
|
||||
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# REMOVE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_print_info "Removing the dedicated system user"
|
||||
|
||||
# Delete a system user
|
||||
ynh_system_user_delete $app
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_print_info "Removal of $app completed"
|
||||
|
|
|
@ -1,15 +1,12 @@
|
|||
#!/bin/bash
|
||||
|
||||
#=================================================
|
||||
# GENERIC START
|
||||
#=================================================
|
||||
# IMPORT GENERIC HELPERS
|
||||
#=================================================
|
||||
|
||||
if [ ! -e _common.sh ]; then
|
||||
# Fetch helpers file if not in current directory
|
||||
cp ../settings/scripts/_common.sh ./_common.sh
|
||||
chmod a+rx _common.sh
|
||||
fi
|
||||
source _common.sh
|
||||
source ../settings/scripts/_common.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
#=================================================
|
||||
|
@ -22,6 +19,7 @@ ynh_abort_if_errors
|
|||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_print_info "Loading settings..."
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
|
@ -34,6 +32,7 @@ db_name=$(ynh_app_setting_get $app db_name)
|
|||
#=================================================
|
||||
# CHECK IF THE APP CAN BE RESTORED
|
||||
#=================================================
|
||||
ynh_print_info "Validating restoration parameters..."
|
||||
|
||||
ynh_webpath_available $domain $path_url \
|
||||
|| ynh_die "Path not available: ${domain}${path_url}"
|
||||
|
@ -41,54 +40,48 @@ test ! -d $final_path \
|
|||
|| ynh_die "There is already a directory: $final_path "
|
||||
|
||||
#=================================================
|
||||
# STANDARD RESTORE STEPS
|
||||
# STANDARD RESTORATION STEPS
|
||||
#=================================================
|
||||
# RESTORE NGINX CONFIGURATION
|
||||
# RESTORE THE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# RESTORE APP MAIN DIR
|
||||
# RESTORE THE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_print_info "Restoring the app main directory..."
|
||||
|
||||
ynh_restore_file "$final_path"
|
||||
# Restore data directory if backed-up
|
||||
if [ -d "$YNH_BACKUP_DIR/apps/${app}/backup/home/yunohost.app/${app}/upload" ] ; then
|
||||
ynh_restore_file "/home/yunohost.app/${app}/upload"
|
||||
else
|
||||
# Create app data folder
|
||||
mkdir /home/yunohost.app/${app}/upload
|
||||
fi
|
||||
# Create temporary data folder
|
||||
mkdir -p /home/yunohost.app/${app}/_data
|
||||
# Remove the option backup_core_only if it's in the settings.yml file
|
||||
ynh_app_setting_delete $app backup_core_only
|
||||
|
||||
#=================================================
|
||||
# RESTORE MYSQL DB
|
||||
# RESTORE THE MYSQL DATABASE
|
||||
#=================================================
|
||||
ynh_print_info "Restoring the MySQL database..."
|
||||
|
||||
db_pwd=$(ynh_app_setting_get $app mysqlpwd)
|
||||
ynh_mysql_create_db $db_name $db_name $db_pwd
|
||||
ynh_mysql_setup_db $db_name $db_name $db_pwd
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql
|
||||
|
||||
#=================================================
|
||||
# RECREATE OF THE DEDICATED USER
|
||||
# RECREATE THE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_print_info "Recreating the dedicated system user..."
|
||||
|
||||
ynh_system_user_create $app # Recreate the dedicated user, if not existing
|
||||
# Create the dedicated user (if not existing)
|
||||
ynh_system_user_create $app
|
||||
|
||||
#=================================================
|
||||
# RESTORE USER RIGHTS
|
||||
# RESTORE THE PHP-FPM CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
chown -R $app: $final_path
|
||||
chown -R $app: /home/yunohost.app/${app}
|
||||
ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# RESTORE FAIL2BAN CONFIGURATION
|
||||
# RESTORE THE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
ynh_print_info "Restoring the fail2ban configuration"
|
||||
|
||||
ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
|
||||
|
||||
|
@ -98,16 +91,43 @@ chown $app: "/var/log/${app}FailedLogins.log"
|
|||
systemctl restart fail2ban
|
||||
|
||||
#=================================================
|
||||
# RESTORE PHP-FPM CONFIGURATION
|
||||
# SPECIFIC RESTORATION
|
||||
#=================================================
|
||||
# RESTORE THE DATA DIRECTORY
|
||||
#=================================================
|
||||
ynh_print_info "Restoring data directory..."
|
||||
|
||||
# The data directory will be restored only if it exists in the backup archive
|
||||
# So only if it was backup previously.
|
||||
if [ -d "$YNH_BACKUP_DIR/apps/$app/backup/home/yunohost.app/${app}/upload" ]
|
||||
then
|
||||
ynh_restore_file "/home/yunohost.app/${app}/upload"
|
||||
else
|
||||
# Create app folders
|
||||
mkdir -p "/home/yunohost.app/${app}/upload"
|
||||
fi
|
||||
# Create temporary data folder
|
||||
mkdir -p /home/yunohost.app/${app}/_data
|
||||
|
||||
#=================================================
|
||||
# RESTORE USER RIGHTS
|
||||
#=================================================
|
||||
|
||||
ynh_restore_file /etc/php5/fpm/pool.d/$app.conf
|
||||
chown -R $app: $final_path
|
||||
chown -R $app: /home/yunohost.app/${app}
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# RELOAD NGINX AND PHP-FPM
|
||||
#=================================================
|
||||
ynh_print_info "Reloading nginx web server and php-fpm..."
|
||||
|
||||
systemctl reload php5-fpm
|
||||
systemctl reload php7.0-fpm
|
||||
systemctl reload nginx
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_print_info "Restoration completed for $app"
|
||||
|
|
225
scripts/upgrade
225
scripts/upgrade
|
@ -1,8 +1,5 @@
|
|||
#!/bin/bash
|
||||
shopt -s extglob # sets extended pattern matching options in the bash shell
|
||||
|
||||
# Exit on command errors and treat unset variables as an error
|
||||
set -eu
|
||||
#=================================================
|
||||
# GENERIC STARTING
|
||||
#=================================================
|
||||
|
@ -15,45 +12,36 @@ source /usr/share/yunohost/helpers
|
|||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
# Set app specific variables
|
||||
ynh_print_info "Loading installation settings..."
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
# Check destination directory
|
||||
destdir="/var/www/$app"
|
||||
[[ ! -d $destdir ]] && ynh_die \
|
||||
"The destination directory '$destdir' does not exist.\
|
||||
The app is not correctly installed, you should remove it first."
|
||||
domain=$(ynh_app_setting_get $app domain)
|
||||
path_url=$(ynh_app_setting_get $app path)
|
||||
admin=$(ynh_app_setting_get $app admin)
|
||||
is_public=$(ynh_app_setting_get $app is_public)
|
||||
final_path=$(ynh_app_setting_get $app final_path)
|
||||
language=$(ynh_app_setting_get $app language)
|
||||
db_name=$(ynh_app_setting_get $app db_name)
|
||||
admin_pwd=$(ynh_app_setting_get $app admin_pwd)
|
||||
|
||||
# Retrieve arguments
|
||||
domain=$(ynh_app_setting_get "$app" domain)
|
||||
#=================================================
|
||||
# ENSURE DOWNWARD COMPATIBILITY
|
||||
#=================================================
|
||||
ynh_print_info "Ensuring downward compatibility..."
|
||||
|
||||
path_url=$(ynh_app_setting_get "$app" path_url)
|
||||
# Compatibility with previous version
|
||||
if [ -z "$path_url" ] ; then
|
||||
path_url=$(ynh_app_setting_get "$app" path)
|
||||
ynh_app_setting_set $app path_url "$path_url"
|
||||
fi
|
||||
path_url=$(ynh_normalize_url_path $path_url)
|
||||
|
||||
final_path=$(ynh_app_setting_get "$app" final_path)
|
||||
# Compatibility with previous version
|
||||
if [ -z "$final_path" ] ; then
|
||||
final_path="/var/www/$app"
|
||||
ynh_app_setting_set $app final_path "$final_path"
|
||||
# If db_name doesn't exist, create it
|
||||
if [ -z $db_name ]; then
|
||||
db_name=$(ynh_sanitize_dbid $app)
|
||||
ynh_app_setting_set $app db_name $db_name
|
||||
fi
|
||||
|
||||
db_name=$(ynh_app_setting_get "$app" db_name)
|
||||
# Compatibility with previous version
|
||||
if [ -z "$db_name" ] ; then
|
||||
db_name=$app
|
||||
ynh_app_setting_set "$app" db_name "$db_name"
|
||||
# If final_path doesn't exist, create it
|
||||
if [ -z $final_path ]; then
|
||||
final_path=/var/www/$app
|
||||
ynh_app_setting_set $app final_path $final_path
|
||||
fi
|
||||
|
||||
db_user="$db_name"
|
||||
db_pwd=$(ynh_app_setting_get "$app" mysqlpwd)
|
||||
admin=$(ynh_app_setting_get "$app" admin)
|
||||
|
||||
admin_pwd=$(ynh_app_setting_get "$app" admin_pwd)
|
||||
# Compatibility with previous version; password was not set
|
||||
if [ -z "$admin_pwd" ] ; then
|
||||
# Generate a new password
|
||||
|
@ -64,74 +52,104 @@ if [ -z "$admin_pwd" ] ; then
|
|||
hashed_password=$(cd $final_path ; php hash_password.php $admin_pwd)
|
||||
|
||||
# Update password hash in database
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE users SET password='$hashed_password' WHERE username='$admin';"
|
||||
db_pwd=$(ynh_app_setting_get $app mysqlpwd)
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "UPDATE users SET password='$hashed_password' WHERE username='$admin';"
|
||||
ynh_app_setting_set $app admin_pwd "$admin_pwd"
|
||||
|
||||
# Remove the temporary hash generation script
|
||||
ynh_secure_remove "$final_path/hash_password.php"
|
||||
fi
|
||||
|
||||
language=$(ynh_app_setting_get "$app" language)
|
||||
if [ "$language" = "fr" ] ; then
|
||||
applanguage="fr_FR"
|
||||
else
|
||||
applanguage="en_UK"
|
||||
# Use path instead of path_url in settings.yml...
|
||||
if [ -z "$path_url" ]
|
||||
then
|
||||
path_url=$(ynh_app_setting_get $app path_url)
|
||||
ynh_app_setting_set $app path $path_url
|
||||
ynh_app_setting_delete $app path_url
|
||||
fi
|
||||
|
||||
is_public=$(ynh_app_setting_get "$app" is_public)
|
||||
|
||||
#=================================================
|
||||
# MANAGE SCRIPT FAILURE
|
||||
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
||||
#=================================================
|
||||
ynh_print_info "Backing up the app before upgrading (may take a while)..."
|
||||
|
||||
# Use prior backup and restore on error only if backup feature
|
||||
# exists on installed instance
|
||||
if [ -f "/etc/yunohost/apps/$app/scripts/backup" ] ; then
|
||||
# Notify the backup process that it should not save the data directory
|
||||
ynh_app_setting_set $app backup_core_only 1
|
||||
|
||||
ynh_backup_before_upgrade # Backup the current version of the app
|
||||
ynh_clean_setup () {
|
||||
# Backup the current version of the app
|
||||
ynh_backup_before_upgrade
|
||||
ynh_clean_setup () {
|
||||
# restore it if the upgrade fails
|
||||
ynh_restore_upgradebackup
|
||||
}
|
||||
ynh_abort_if_errors # Stop script if an error is detected
|
||||
fi
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# INSTALL DEPENDENCIES
|
||||
# CHECK THE PATH
|
||||
#=================================================
|
||||
|
||||
ynh_install_app_dependencies "$pkg_dependencies"
|
||||
# Normalize the URL path syntax
|
||||
path_url=$(ynh_normalize_url_path $path_url)
|
||||
|
||||
#=================================================
|
||||
# STANDARD UPGRADE STEPS
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
#=================================================
|
||||
ynh_print_info "Upgrading source files..."
|
||||
|
||||
# Create tmp directory and fetch app inside
|
||||
tmpdir=$(ynh_mkdir_tmp)
|
||||
tmpdir="$(ynh_smart_mktemp --min_size=300)"
|
||||
ynh_setup_source "$tmpdir"
|
||||
|
||||
# Fetch needed plugins
|
||||
mkdir -p $tmpdir/plugins/Ldap_Login
|
||||
ynh_setup_source "$tmpdir/plugins/Ldap_Login" ldap_plugin
|
||||
ynh_setup_source "$tmpdir/plugins" log_failed_logins_plugin
|
||||
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_print_info "Upgrading nginx web server configuration..."
|
||||
|
||||
# Create a dedicated nginx config
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
# UPGRADE DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_print_info "Upgrading dependencies..."
|
||||
|
||||
ynh_install_app_dependencies "$pkg_dependencies"
|
||||
|
||||
#=================================================
|
||||
# CREATE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_print_info "Making sure dedicated system user exists..."
|
||||
|
||||
ynh_system_user_create $app # Create dedicated user if not existing
|
||||
# Create a dedicated user (if not existing)
|
||||
ynh_system_user_create $app
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC SETUP
|
||||
# PHP-FPM CONFIGURATION
|
||||
#=================================================
|
||||
ynh_print_info "Upgrading php-fpm configuration..."
|
||||
|
||||
# Create a dedicated php-fpm config
|
||||
ynh_add_fpm_config
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC UPGRADE
|
||||
#=================================================
|
||||
# COPY FILES TO $FINAL_PATH
|
||||
#=================================================
|
||||
|
||||
# We store photos (potentially large data) on /home/yunohost.app
|
||||
# sets extended pattern matching options in the bash shell
|
||||
shopt -s extglob
|
||||
|
||||
datapath=/home/yunohost.app/$app
|
||||
|
||||
# Install files and set permissions
|
||||
cp -a $tmpdir/!(upload|_data|galleries) $final_path
|
||||
|
||||
|
||||
# Backward compatibility:
|
||||
# If the _data subdirectory wasn't already moved to /home/yunohost.app/$app,
|
||||
# then move it there
|
||||
|
@ -152,68 +170,103 @@ chown -R $app: $final_path
|
|||
chown -R $app: $datapath
|
||||
chmod 755 -R $final_path/_data
|
||||
|
||||
#=================================================
|
||||
# NGINX AND PHP-FPM CONFIGURATION
|
||||
#=================================================
|
||||
ynh_secure_remove "$tmpdir"
|
||||
|
||||
ynh_add_nginx_config
|
||||
ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
#=================================================
|
||||
# UPGRADE APPLICATION WITH CURL
|
||||
#=================================================
|
||||
ynh_print_info "Upgrading piwigo with Curl..."
|
||||
|
||||
# Copy and set php-fpm configuration
|
||||
ynh_add_fpm_config
|
||||
ynh_app_setting_set $app unprotected_uris "/"
|
||||
# Reload SSOwat config
|
||||
yunohost app ssowatconf
|
||||
|
||||
# Reload Nginx
|
||||
systemctl reload nginx
|
||||
|
||||
if [ "$language" = "fr" ] ; then
|
||||
applanguage="fr_FR"
|
||||
else
|
||||
applanguage="en_UK"
|
||||
fi
|
||||
|
||||
# Upgrade piwigo via curl
|
||||
ynh_local_curl "/upgrade.php?language=$applanguage&now=true" "language=$applanguage" "username=$admin" "password=$admin_pwd"
|
||||
|
||||
#=================================================
|
||||
# CONFIGURE PIWIGO
|
||||
#=================================================
|
||||
|
||||
ynh_app_setting_set "$app" unprotected_uris "/"
|
||||
yunohost app ssowatconf
|
||||
|
||||
# Configure piwigo via curl
|
||||
ynh_local_curl "/upgrade.php?language=$applanguage&now=true" "language=$applanguage" "username=$admin" "password=$admin_pwd"
|
||||
ynh_print_info "Configuring piwigo..."
|
||||
|
||||
# Make a backup of the original config file if modified
|
||||
ynh_backup_if_checksum_is_different "$final_path/local/config/config.inc.php"
|
||||
|
||||
# Change local config
|
||||
cp ../conf/config.inc.php $final_path/local/config/
|
||||
|
||||
# Calculate and store the config file checksum
|
||||
ynh_store_file_checksum "$final_path/local/config/config.inc.php"
|
||||
|
||||
# Make a backup of the original database config file if modified
|
||||
ynh_backup_if_checksum_is_different "$final_path/local/config/database.inc.php"
|
||||
|
||||
# Setup database in local/config/database.inc.php
|
||||
ynh_replace_string "DBTOCHANGE" "$db_name" ../conf/database.inc.php
|
||||
ynh_replace_string "USERTOCHANGE" "$db_user" ../conf/database.inc.php
|
||||
ynh_replace_string "PASSTOCHANGE" "$db_pwd" ../conf/database.inc.php
|
||||
ynh_replace_string "__DBTOCHANGE__" "$db_name" ../conf/database.inc.php
|
||||
ynh_replace_string "__USERTOCHANGE__" "$db_name" ../conf/database.inc.php
|
||||
db_pwd=$(ynh_app_setting_get $app mysqlpwd)
|
||||
ynh_replace_string "__PASSTOCHANGE__" "$db_pwd" ../conf/database.inc.php
|
||||
|
||||
cp ../conf/database.inc.php $final_path/local/config/database.inc.php
|
||||
|
||||
# Calculate and store the database config file checksum
|
||||
ynh_store_file_checksum "$final_path/local/config/database.inc.php"
|
||||
|
||||
#=================================================
|
||||
# ADD LDAP & FAIL2BAN PLUGINS
|
||||
# ADD LDAP PLUGINS
|
||||
#=================================================
|
||||
ynh_print_info "Configuring LDAP plugin..."
|
||||
|
||||
# Configure and activate LDAP plugin
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE plugins SET state='active' WHERE id='Ldap_Login';"
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "UPDATE plugins SET state='active' WHERE id='Ldap_Login';"
|
||||
cp ../conf/data.dat $final_path/plugins/Ldap_Login
|
||||
|
||||
#=================================================
|
||||
# UPGRADE FAIL2BAN
|
||||
#=================================================
|
||||
ynh_print_info "Upgrading fail2ban..."
|
||||
|
||||
# Configure and activate log_failed_logins plugin
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" 2>&1 > /dev/null ||ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE plugins SET state='active' WHERE id='log_failed_logins';"
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" 2>&1 > /dev/null || ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE config SET value='/var/log/${app}FailedLogins.log' WHERE param='logFailedLoginsFilename';"
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" 2>&1 > /dev/null ||ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "UPDATE plugins SET state='active' WHERE id='log_failed_logins';"
|
||||
ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" 2>&1 > /dev/null || ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "UPDATE config SET value='/var/log/${app}FailedLogins.log' WHERE param='logFailedLoginsFilename';"
|
||||
|
||||
touch "/var/log/${app}FailedLogins.log"
|
||||
chown $app: "/var/log/${app}FailedLogins.log"
|
||||
|
||||
# Set-up fail2ban
|
||||
ynh_add_fail2ban_config "/var/log/${app}FailedLogins.log" "ip=<HOST>" 6
|
||||
ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex="ip=<HOST>" --max_retry=6
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
ynh_print_info "Upgrading SSOwat configuration..."
|
||||
|
||||
# Protect URIs if private
|
||||
if [ $is_public -eq 0 ];
|
||||
if [ $is_public -eq 0 ]
|
||||
then
|
||||
ynh_app_setting_delete "$app" unprotected_uris
|
||||
ynh_app_setting_set "$app" protected_uris "/"
|
||||
ynh_app_setting_delete $app unprotected_uris
|
||||
ynh_app_setting_set $app protected_uris "/"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
ynh_print_info "Reloading nginx web server..."
|
||||
|
||||
systemctl reload nginx
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_print_info "Upgrade of $app completed"
|
||||
|
|
Loading…
Reference in a new issue