diff --git a/README.md b/README.md index 63c3738..3100549 100644 --- a/README.md +++ b/README.md @@ -52,9 +52,9 @@ Go to **cd /var/www/pleroma/pleroma**. ### Password reset **Run:** - + $ ( cd /var/www/pleroma/pleroma && sudo -u pleroma MIX_ENV=prod ./bin/pleroma_ctl user reset_password ) - + This will generate a **password reset link** that you can then send to the user. ### Moderators diff --git a/conf/nginx.conf b/conf/nginx.conf index 695a908..c0bdf8f 100755 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,42 +1,43 @@ - location / { - # if you do not want remote frontends to be able to access your Pleroma backend - # server, remove these lines. - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } +location / { - # Standard nginx configuration - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # if you do not want remote frontends to be able to access your Pleroma backend + # server, remove these lines. + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } - proxy_pass http://localhost:__PORT__; + # Standard nginx configuration + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - client_max_body_size 16m; + proxy_pass http://localhost:__PORT__; - more_set_headers "Access-Control-Allow-Origin : *"; - more_set_headers "Access-Control-Allow-Methods : POST, PUT, DELETE, GET, PATCH, OPTIONS"; - more_set_headers "Access-Control-Allow-Headers : Authorization, Content-Type, Idempotency-Key"; - more_set_headers "Access-Control-Expose-Headers : Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id"; - if ($request_method = OPTIONS) { - return 204; - } - # stop removing lines here. + client_max_body_size 50M; - more_set_headers "X-XSS-Protection : 1; mode=block"; - more_set_headers "X-Permitted-Cross-Domain-Policies : none"; - more_set_headers "X-Frame-Options : DENY"; - more_set_headers "X-Content-Type-Options : nosniff"; - more_set_headers "Referrer-Policy : same-origin"; - more_set_headers "X-Download-Options : noopen"; - # more_set_headers "Content-Security-Policy : default-src 'none'; base-uri 'self'; form-action *; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self'; connect-src 'self' wss://__DOMAIN__; upgrade-insecure-requests;"; - - # Uncomment this only after you get HTTPS working. - # more_set_headers "Strict-Transport-Security : max-age=31536000; includeSubDomains"; + more_set_headers "Access-Control-Allow-Origin : *"; + more_set_headers "Access-Control-Allow-Methods : POST, PUT, DELETE, GET, PATCH, OPTIONS"; + more_set_headers "Access-Control-Allow-Headers : Authorization, Content-Type, Idempotency-Key"; + more_set_headers "Access-Control-Expose-Headers : Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id"; + if ($request_method = OPTIONS) { + return 204; + } + # stop removing lines here. + + more_set_headers "X-XSS-Protection : 1; mode=block"; + more_set_headers "X-Permitted-Cross-Domain-Policies : none"; + more_set_headers "X-Frame-Options : DENY"; + more_set_headers "X-Content-Type-Options : nosniff"; + more_set_headers "Referrer-Policy : same-origin"; + more_set_headers "X-Download-Options : noopen"; + # more_set_headers "Content-Security-Policy : default-src 'none'; base-uri 'self'; form-action *; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self'; connect-src 'self' wss://__DOMAIN__; upgrade-insecure-requests;"; + + # Uncomment this only after you get HTTPS working. + # more_set_headers "Strict-Transport-Security : max-age=31536000; includeSubDomains"; - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; - } + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; +} diff --git a/scripts/backup b/scripts/backup index 1e33267..2ce80c2 100755 --- a/scripts/backup +++ b/scripts/backup @@ -57,18 +57,20 @@ fi #================================================= # SPECIFIC BACKUP -#================================================= -# BACKUP CONFIG FILE -#================================================= - -ynh_backup --src_path="/etc/$app/config.exs" - #================================================= # BACKUP SYSTEMD #================================================= ynh_backup --src_path="/etc/systemd/system/$app.service" +#================================================= +# BACKUP VARIOUS FILES +#================================================= + +ynh_backup --src_path="/etc/$app/config.exs" + +ynh_backup --src_path="$datadir" --is_big + #================================================= # BACKUP THE POSTGRESQL DATABASE #================================================= @@ -76,13 +78,6 @@ ynh_print_info --message="Backing up the PostgreSQL database..." ynh_psql_dump_db --database="$db_name" > db.sql -#================================================= -# BACKUP THE DATA DIRECTORY -#================================================= -ynh_print_info --message="Backing up data directory..." - -ynh_backup --src_path="$datadir" --is_big - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index ef82b9d..359cc66 100755 --- a/scripts/install +++ b/scripts/install @@ -23,7 +23,6 @@ ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -ynh_script_progression --message="Retrieving arguments from the manifest..." domain=$YNH_APP_ARG_DOMAIN path_url="/" @@ -40,7 +39,7 @@ admin_email=$(ynh_user_get_info --username=$admin --key="mail") ## Bypass package_checker name not compatible with pleroma if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then - admin="test" + admin="test" fi app=$YNH_APP_INSTANCE_NAME @@ -131,6 +130,7 @@ then ynh_replace_string --match_string="{APP}" --replace_string="$app" --target_file="/etc/nginx/conf.d/$app-cache.conf" ynh_replace_string --match_string="__SIZE__" --replace_string="$size" --target_file="/etc/nginx/conf.d/$app-cache.conf" ynh_store_file_checksum --file="/etc/nginx/conf.d/$app-cache.conf" + ynh_replace_string --match_string="{APP}" --replace_string="$app" --target_file="../conf/media.conf" ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="../conf/media.conf" cat ../conf/media.conf >> /etc/nginx/conf.d/$domain.d/$app.conf @@ -193,28 +193,28 @@ ynh_script_progression --message="Making setup..." chown -R "$app":"$app" "$final_path" pushd $final_path/$app - #Generate instance - su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl instance gen --force \ - --output $config \ - --output-psql /tmp/setup_db.psql \ - --domain $domain \ - --instance-name \"$name\" \ - --admin-email $admin_email \ - --notify-email $admin_email \ - --dbhost localhost \ - --dbname $db_name \ - --dbuser $db_user \ - --dbpass $db_pwd \ - --rum N \ - --indexable Y \ - --db-configurable Y \ - --uploads-dir $datadir/uploads \ - --static-dir $datadir/static \ - --listen-ip 127.0.0.1 \ - --listen-port $port \ - --strip-uploads Y \ - --anonymize-uploads Y \ - --dedupe-uploads Y" + #Generate instance + su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl instance gen --force \ + --output $config \ + --output-psql /tmp/setup_db.psql \ + --domain $domain \ + --instance-name \"$name\" \ + --admin-email $admin_email \ + --notify-email $admin_email \ + --dbhost localhost \ + --dbname $db_name \ + --dbuser $db_user \ + --dbpass $db_pwd \ + --rum N \ + --indexable Y \ + --db-configurable Y \ + --uploads-dir $datadir/uploads \ + --static-dir $datadir/static \ + --listen-ip 127.0.0.1 \ + --listen-port $port \ + --strip-uploads Y \ + --anonymize-uploads Y \ + --dedupe-uploads Y" popd cat "../conf/ldap.exs" >> "$config" @@ -223,13 +223,13 @@ ynh_replace_string --match_string="config :pleroma, configurable_from_database: pushd $final_path/$app - su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl migrate" + su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl migrate" - ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Started $app" - sleep 60 + ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Started $app" + sleep 60 - # Add user - su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl user new $admin $admin_email --password $password --moderator --admin -y" + # Add user + su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl user new $admin $admin_email --password $password --moderator --admin -y" popd #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 80f7a8d..3c85950 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -56,10 +56,10 @@ psql_db=$(ynh_app_setting_get --app=$app --key=psql_db) if [ -n "$psql_db" ] then - db_name=$(ynh_app_setting_get --app=$app --key=psql_db) - db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) - ynh_app_setting_set --app=$app --key=db_name --value=$db_name - ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd + db_name=$(ynh_app_setting_get --app=$app --key=psql_db) + db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) + ynh_app_setting_set --app=$app --key=db_name --value=$db_name + ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd ynh_app_setting_delete --app=$app --key=psql_db ynh_app_setting_delete --app=$app --key=psqlpwd fi @@ -239,7 +239,7 @@ ynh_script_progression --message="Making upgrade..." chown -R "$app":"$app" "$final_path" pushd $final_path/$app - su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl migrate" + su "$app" -s $SHELL -lc "$final_path/$app/bin/pleroma_ctl migrate" popd #=================================================