diff --git a/README.md b/README.md index 63c3738..3100549 100644 --- a/README.md +++ b/README.md @@ -52,9 +52,9 @@ Go to **cd /var/www/pleroma/pleroma**. ### Password reset **Run:** - + $ ( cd /var/www/pleroma/pleroma && sudo -u pleroma MIX_ENV=prod ./bin/pleroma_ctl user reset_password ) - + This will generate a **password reset link** that you can then send to the user. ### Moderators diff --git a/conf/cache.conf b/conf/cache.conf index c64c9ba..c9471b4 100644 --- a/conf/cache.conf +++ b/conf/cache.conf @@ -1,2 +1 @@ -proxy_cache_path /tmp/{APP}-media-cache levels=1:2 keys_zone={APP}_media_cache:10m max_size=__SIZE__ - inactive=720m use_temp_path=off; +proxy_cache_path /tmp/__APP__-media-cache levels=1:2 keys_zone=__APP___media_cache:10m max_size=__SIZE__ inactive=720m use_temp_path=off; diff --git a/conf/media.conf b/conf/media.conf index 2e2d840..d13940b 100644 --- a/conf/media.conf +++ b/conf/media.conf @@ -1,7 +1,7 @@ rewrite ^/proxy/(.*)/(.*)/.* /proxy/$1/$2 last; location ~ ^/(media|proxy) { - proxy_cache {APP}_media_cache; + proxy_cache __APP___media_cache; proxy_cache_key $host$uri$is_args$args; proxy_http_version 1.1; proxy_cache_valid 200 206 301 304 1h; diff --git a/conf/nginx.conf b/conf/nginx.conf index 695a908..c0bdf8f 100755 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,42 +1,43 @@ - location / { - # if you do not want remote frontends to be able to access your Pleroma backend - # server, remove these lines. - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } +location / { - # Standard nginx configuration - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # if you do not want remote frontends to be able to access your Pleroma backend + # server, remove these lines. + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } - proxy_pass http://localhost:__PORT__; + # Standard nginx configuration + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - client_max_body_size 16m; + proxy_pass http://localhost:__PORT__; - more_set_headers "Access-Control-Allow-Origin : *"; - more_set_headers "Access-Control-Allow-Methods : POST, PUT, DELETE, GET, PATCH, OPTIONS"; - more_set_headers "Access-Control-Allow-Headers : Authorization, Content-Type, Idempotency-Key"; - more_set_headers "Access-Control-Expose-Headers : Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id"; - if ($request_method = OPTIONS) { - return 204; - } - # stop removing lines here. + client_max_body_size 50M; - more_set_headers "X-XSS-Protection : 1; mode=block"; - more_set_headers "X-Permitted-Cross-Domain-Policies : none"; - more_set_headers "X-Frame-Options : DENY"; - more_set_headers "X-Content-Type-Options : nosniff"; - more_set_headers "Referrer-Policy : same-origin"; - more_set_headers "X-Download-Options : noopen"; - # more_set_headers "Content-Security-Policy : default-src 'none'; base-uri 'self'; form-action *; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self'; connect-src 'self' wss://__DOMAIN__; upgrade-insecure-requests;"; - - # Uncomment this only after you get HTTPS working. - # more_set_headers "Strict-Transport-Security : max-age=31536000; includeSubDomains"; + more_set_headers "Access-Control-Allow-Origin : *"; + more_set_headers "Access-Control-Allow-Methods : POST, PUT, DELETE, GET, PATCH, OPTIONS"; + more_set_headers "Access-Control-Allow-Headers : Authorization, Content-Type, Idempotency-Key"; + more_set_headers "Access-Control-Expose-Headers : Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id"; + if ($request_method = OPTIONS) { + return 204; + } + # stop removing lines here. + + more_set_headers "X-XSS-Protection : 1; mode=block"; + more_set_headers "X-Permitted-Cross-Domain-Policies : none"; + more_set_headers "X-Frame-Options : DENY"; + more_set_headers "X-Content-Type-Options : nosniff"; + more_set_headers "Referrer-Policy : same-origin"; + more_set_headers "X-Download-Options : noopen"; + # more_set_headers "Content-Security-Policy : default-src 'none'; base-uri 'self'; form-action *; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self'; connect-src 'self' wss://__DOMAIN__; upgrade-insecure-requests;"; + + # Uncomment this only after you get HTTPS working. + # more_set_headers "Strict-Transport-Security : max-age=31536000; includeSubDomains"; - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; - } + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; +} diff --git a/manifest.json b/manifest.json index 3c6bd09..92ff9b2 100644 --- a/manifest.json +++ b/manifest.json @@ -18,7 +18,7 @@ "name": "yalh76" }], "requirements": { - "yunohost": ">= 4.1.3" + "yunohost": ">= 4.1.7.3" }, "multi_instance": false, "services": [ diff --git a/scripts/backup b/scripts/backup index 1e33267..2ce80c2 100755 --- a/scripts/backup +++ b/scripts/backup @@ -57,18 +57,20 @@ fi #================================================= # SPECIFIC BACKUP -#================================================= -# BACKUP CONFIG FILE -#================================================= - -ynh_backup --src_path="/etc/$app/config.exs" - #================================================= # BACKUP SYSTEMD #================================================= ynh_backup --src_path="/etc/systemd/system/$app.service" +#================================================= +# BACKUP VARIOUS FILES +#================================================= + +ynh_backup --src_path="/etc/$app/config.exs" + +ynh_backup --src_path="$datadir" --is_big + #================================================= # BACKUP THE POSTGRESQL DATABASE #================================================= @@ -76,13 +78,6 @@ ynh_print_info --message="Backing up the PostgreSQL database..." ynh_psql_dump_db --database="$db_name" > db.sql -#================================================= -# BACKUP THE DATA DIRECTORY -#================================================= -ynh_print_info --message="Backing up data directory..." - -ynh_backup --src_path="$datadir" --is_big - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index ef82b9d..421635b 100755 --- a/scripts/install +++ b/scripts/install @@ -23,7 +23,6 @@ ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -ynh_script_progression --message="Retrieving arguments from the manifest..." domain=$YNH_APP_ARG_DOMAIN path_url="/" @@ -40,7 +39,7 @@ admin_email=$(ynh_user_get_info --username=$admin --key="mail") ## Bypass package_checker name not compatible with pleroma if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then - admin="test" + admin="test" fi app=$YNH_APP_INSTANCE_NAME @@ -127,11 +126,9 @@ ynh_add_nginx_config if [ $cache -eq 1 ] then - cp -rf "../conf/cache.conf" "/etc/nginx/conf.d/$app-cache.conf" - ynh_replace_string --match_string="{APP}" --replace_string="$app" --target_file="/etc/nginx/conf.d/$app-cache.conf" - ynh_replace_string --match_string="__SIZE__" --replace_string="$size" --target_file="/etc/nginx/conf.d/$app-cache.conf" - ynh_store_file_checksum --file="/etc/nginx/conf.d/$app-cache.conf" - ynh_replace_string --match_string="{APP}" --replace_string="$app" --target_file="../conf/media.conf" + ynh_add_config --template="../conf/cache.conf" --destination="/etc/nginx/conf.d/$app-cache.conf" + + ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/media.conf" ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="../conf/media.conf" cat ../conf/media.conf >> /etc/nginx/conf.d/$domain.d/$app.conf ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" @@ -193,28 +190,28 @@ ynh_script_progression --message="Making setup..." chown -R "$app":"$app" "$final_path" pushd $final_path/$app - #Generate instance - su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl instance gen --force \ - --output $config \ - --output-psql /tmp/setup_db.psql \ - --domain $domain \ - --instance-name \"$name\" \ - --admin-email $admin_email \ - --notify-email $admin_email \ - --dbhost localhost \ - --dbname $db_name \ - --dbuser $db_user \ - --dbpass $db_pwd \ - --rum N \ - --indexable Y \ - --db-configurable Y \ - --uploads-dir $datadir/uploads \ - --static-dir $datadir/static \ - --listen-ip 127.0.0.1 \ - --listen-port $port \ - --strip-uploads Y \ - --anonymize-uploads Y \ - --dedupe-uploads Y" + #Generate instance + su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl instance gen --force \ + --output $config \ + --output-psql /tmp/setup_db.psql \ + --domain $domain \ + --instance-name \"$name\" \ + --admin-email $admin_email \ + --notify-email $admin_email \ + --dbhost localhost \ + --dbname $db_name \ + --dbuser $db_user \ + --dbpass $db_pwd \ + --rum N \ + --indexable Y \ + --db-configurable Y \ + --uploads-dir $datadir/uploads \ + --static-dir $datadir/static \ + --listen-ip 127.0.0.1 \ + --listen-port $port \ + --strip-uploads Y \ + --anonymize-uploads Y \ + --dedupe-uploads Y" popd cat "../conf/ldap.exs" >> "$config" @@ -222,14 +219,13 @@ cat "../conf/ldap.exs" >> "$config" ynh_replace_string --match_string="config :pleroma, configurable_from_database: false" --replace_string="config :pleroma, configurable_from_database: true" --target_file="$config" pushd $final_path/$app + su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl migrate" - su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl migrate" + ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Started $app" + sleep 60 - ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Started $app" - sleep 60 - - # Add user - su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl user new $admin $admin_email --password $password --moderator --admin -y" + # Add user + su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl user new $admin $admin_email --password $password --moderator --admin -y" popd #================================================= @@ -270,6 +266,8 @@ then ynh_permission_update --permission="main" --add="visitors" fi +ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" + #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 80f7a8d..c874369 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -51,15 +51,21 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi + +# Create a permission if needed +if ! ynh_permission_exists --permission="api"; then + ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" +fi + #Switch variables name psql_db=$(ynh_app_setting_get --app=$app --key=psql_db) if [ -n "$psql_db" ] then - db_name=$(ynh_app_setting_get --app=$app --key=psql_db) - db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) - ynh_app_setting_set --app=$app --key=db_name --value=$db_name - ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd + db_name=$(ynh_app_setting_get --app=$app --key=psql_db) + db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) + ynh_app_setting_set --app=$app --key=db_name --value=$db_name + ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd ynh_app_setting_delete --app=$app --key=psql_db ynh_app_setting_delete --app=$app --key=psqlpwd fi @@ -194,11 +200,9 @@ ynh_add_nginx_config ynh_secure_remove --file="/etc/nginx/conf.d/$app-cache.conf" if [ $cache -eq 1 ] then - cp -rf "../conf/cache.conf" "/etc/nginx/conf.d/$app-cache.conf" - ynh_replace_string --match_string="{APP}" --replace_string="$app" --target_file="/etc/nginx/conf.d/$app-cache.conf" - ynh_replace_string --match_string="__SIZE__" --replace_string="$size" --target_file="/etc/nginx/conf.d/$app-cache.conf" - ynh_store_file_checksum --file="/etc/nginx/conf.d/$app-cache.conf" - ynh_replace_string --match_string="{APP}" --replace_string="$app" --target_file="../conf/media.conf" + ynh_add_config --template="../conf/cache.conf" --destination="/etc/nginx/conf.d/$app-cache.conf" + + ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/media.conf" ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="../conf/media.conf" cat ../conf/media.conf >> /etc/nginx/conf.d/$domain.d/$app.conf ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" @@ -239,7 +243,7 @@ ynh_script_progression --message="Making upgrade..." chown -R "$app":"$app" "$final_path" pushd $final_path/$app - su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl migrate" + su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl migrate" popd #=================================================