From f409efa890200947ab7509b9c41d319e21298979 Mon Sep 17 00:00:00 2001 From: Yalh Date: Sun, 27 Jan 2019 11:41:46 +0100 Subject: [PATCH] Apply example_ynh on install --- conf/app.src | 6 + conf/nginx.conf | 29 ++-- conf/php-fpm.conf | 262 +++++++++++++++++++++++++------ manifest.json | 56 ++++--- scripts/_common.sh | 13 ++ scripts/install | 377 +++++++++++++++++++++++++++++++++++---------- 6 files changed, 571 insertions(+), 172 deletions(-) create mode 100644 conf/app.src create mode 100644 scripts/_common.sh diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..554b76d --- /dev/null +++ b/conf/app.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/RainLoop/rainloop-webmail/releases/download/v1.12.1/rainloop-community-1.12.1.zip +SOURCE_SUM=5d7f99d0e145d22617de8c17e43f34842245d5570662f97f4352487671df811b +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=false +SOURCE_FILENAME= diff --git a/conf/nginx.conf b/conf/nginx.conf index 04c3de4..dc8b7c7 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,31 +1,38 @@ -location PATHTOCHANGE { - alias ALIASTOCHANGE; +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } + # Path to source + alias __FINALPATH__/ ; - location ^~ ROOTTOCHANGE/app/data { + # Force usage of https + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + + location ^~ __PATH__/app/data { deny all; } - location ^~ ROOTTOCHANGE/pgpback/keys { + location ^~ __PATH__/pgpback/keys { deny all; } - +### Example PHP configuration (remove it if not used) + index index.php; + # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file client_max_body_size 10G; - index index.php index.html; try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-NAMETOCHANGE.sock; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; } +### End of PHP configuration part - include conf.d/yunohost_panel.conf.inc; + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; } diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 67f989d..f79a7ea 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,7 +1,7 @@ ; Start a new pool named 'www'. ; the variable $pool can we used in any directive and will be replaced by the ; pool name ('www' here) -[NAMETOCHANGE] +[__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: @@ -16,6 +16,12 @@ ; Default Value: none ;prefix = /path/to/pools/$pool +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + ; The address on which to accept FastCGI requests. ; Valid syntaxes are: ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on @@ -24,12 +30,21 @@ ; specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-NAMETOCHANGE.sock +listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock ; Set listen(2) backlog. A value of '-1' means unlimited. ; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = -1 +;listen.backlog = 128 +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 + ; List of ipv4 addresses of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address @@ -38,26 +53,20 @@ listen = /var/run/php5-fpm-NAMETOCHANGE.sock ; Default Value: any ;listen.allowed_clients = 127.0.0.1 -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0666 -listen.owner = www-data -listen.group = www-data -listen.mode = 0600 - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. -user = www-data -group = www-data +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; priority = -19 ; Choose how the process manager will control the number of child processes. ; Possible Values: ; static - a fixed number (pm.max_children) of child processes; ; dynamic - the number of child processes are set dynamically based on the -; following directives: +; following directives. With this process management, there will be +; always at least 1 children. ; pm.max_children - the maximum number of children that can ; be alive at the same time. ; pm.start_servers - the number of children created on startup. @@ -69,16 +78,23 @@ group = www-data ; state (waiting to process). If the number ; of 'idle' processes is greater than this ; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. ; Note: This value is mandatory. pm = dynamic ; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes to be created when pm is set to 'dynamic'. +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. ; This value sets the limit on the number of simultaneous requests that will be ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. -; Note: Used when pm is set to either 'static' or 'dynamic' +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. pm.max_children = 6 @@ -97,6 +113,11 @@ pm.min_spare_servers = 3 ; Note: Mandatory when pm is set to 'dynamic' pm.max_spare_servers = 5 +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. @@ -104,33 +125,98 @@ pm.max_spare_servers = 5 pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. By default, the status page shows the following -; information: -; accepted conn - the number of request accepted by the pool; +; recognized as a status page. It shows the following informations: ; pool - the name of the pool; -; process manager - static or dynamic; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; ; idle processes - the number of idle processes; ; active processes - the number of active processes; -; total processes - the number of idle + active processes. +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; ; max children reached - number of times, the process limit has been reached, ; when pm tries to start more children (works only for -; pm 'dynamic') -; The values of 'idle processes', 'active processes' and 'total processes' are -; updated each second. The value of 'accepted conn' is updated in real time. +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. ; Example output: -; accepted conn: 12073 ; pool: www ; process manager: static -; idle processes: 35 -; active processes: 65 -; total processes: 100 -; max children reached: 1 +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; ; By default the status page output is formatted as text/plain. Passing either -; 'html' or 'json' as a query string will return the corresponding output -; syntax. Example: +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: ; http://www.foo.bar/status ; http://www.foo.bar/status?json ; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: ${prefix}/share/fpm/status.html +; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. @@ -154,12 +240,69 @@ ping.path = /ping ; Default Value: pong ;ping.response = pong -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -request_terminate_timeout = 120s +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: ouput header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. @@ -167,10 +310,12 @@ request_terminate_timeout = 120s ; Default Value: 0 request_slowlog_timeout = 5s -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/NAMETOCHANGE.slow.log +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 120s ; Set open file descriptor rlimit. ; Default Value: system defined value @@ -186,7 +331,7 @@ rlimit_core = 0 ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; of its subdirectories. If the pool prefix is not set, the global prefix ; will be used instead. -; Note: chrooting is a great security feature and should be used whenever +; Note: chrooting is a great security feature and should be used whenever ; possible. However, all PHP paths will be relative to the chroot ; (error_log, sessions.save_path, ...). ; Default Value: not set @@ -195,7 +340,7 @@ rlimit_core = 0 ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot -chdir = /var/www/NAMETOCHANGE +chdir = __FINALPATH__ ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. @@ -204,6 +349,14 @@ chdir = /var/www/NAMETOCHANGE ; Default Value: no catch_workers_output = yes +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env @@ -238,6 +391,13 @@ catch_workers_output = yes ;php_admin_flag[log_errors] = on ;php_admin_value[memory_limit] = 32M -php_value[upload_max_filesize] = 10G -php_value[post_max_size] = 10G -php_value[mail.add_x_header] = Off +; Common values to change to increase file upload limit +php_admin_value[upload_max_filesize] = 10G +php_admin_value[post_max_size] = 10G +php_admin_flag[mail.add_x_header] = Off + +; Other common parameters +; php_admin_value[max_execution_time] = 600 +; php_admin_value[max_input_time] = 300 +; php_admin_value[memory_limit] = 256M +; php_admin_flag[short_open_tag] = On \ No newline at end of file diff --git a/manifest.json b/manifest.json index 1b3d2ea..7960316 100644 --- a/manifest.json +++ b/manifest.json @@ -6,20 +6,21 @@ "en": "Lightweight multi-account webmail", "fr": "Webmail léger multi-comptes" }, + "version": "1.12.1~ynh1", "url": "http://rainloop.net/", "license": "AGPL-3.0", "maintainer": { "name": "scith, Djip007, polytan02" }, + "requirements": { + "yunohost": ">= 2.7.14" + }, "multi_instance": true, "services": [ "nginx", "php5-fpm", "mysql" ], - "requirements": { - "yunohost": ">= 2.4.0" - }, "arguments": { "install" : [ { @@ -41,24 +42,38 @@ "example": "/rainloop", "default": "/rainloop" }, - { - "name": "is_public", + { + "name": "is_public", + "type": "boolean", "ask": { "en": "Is it a public application?", - "fr": "Est-ce une page publique ?" + "fr": "Est-ce une application publique ?" }, - "choices": ["Yes", "No"], - "default": "No" - }, - { + "default": true + }, + { + "name": "language", + "ask": { + "en": "Choose the application language", + "fr": "Choisissez la langue de l'application" + }, + "choices": ["fr", "en"], + "default": "fr" + }, + { "name": "password", "type": "password", "ask": { - "en": "Choose a strong password for the 'admin' user", - "fr": "Choisissez un mot de passe fort pour l'administrateur 'admin'" - } - }, - { + "en": "Set the administrator password", + "fr": "Définissez le mot de passe administrateur" + }, + "help": { + "en": "Use the help field to add an information for the admin about this question.", + "fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question." + }, + "example": "Choose a password" + }, + { "name": "ldap", "ask": { "en": "Do you want to add YunoHost users to the recipients suggestions?", @@ -66,16 +81,7 @@ }, "choices": ["Yes", "No"], "default": "Yes" - }, - { - "name": "lang", - "ask": { - "en": "Select default language", - "fr": "Definir la langue par defaut" - }, - "choices": ["English", "Francais"], - "default": "English" - } + } ] } } diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..bb04a03 --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# ============= FUTURE YUNOHOST HELPER ============= +# Delete a file checksum from the app settings +# +# $app should be defined when calling this helper +# +# usage: ynh_remove_file_checksum file +# | arg: file - The file for which the checksum will be deleted +ynh_delete_file_checksum () { + local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' + ynh_app_setting_delete $app $checksum_setting_name +} \ No newline at end of file diff --git a/scripts/install b/scripts/install index 00422d0..658ed6c 100644 --- a/scripts/install +++ b/scripts/install @@ -1,60 +1,141 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -# It also activate set -eu - source .fonctions - TRAP_ON +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= + -# Initial data - app=$YNH_APP_INSTANCE_NAME rainloop_version=$(cat ../sources/rainloop_version) -# Source app helpers - source /usr/share/yunohost/helpers + # Retrieve arguments - domain=$YNH_APP_ARG_DOMAIN - path=$YNH_APP_ARG_PATH - is_public=$YNH_APP_ARG_IS_PUBLIC - password=$YNH_APP_ARG_PASSWORD - ldap=$YNH_APP_ARG_LDAP - lang=$YNH_APP_ARG_LANG +domain=$YNH_APP_ARG_DOMAIN +path_url=$YNH_APP_ARG_PATH +#admin=$YNH_APP_ARG_ADMIN +is_public=$YNH_APP_ARG_IS_PUBLIC +language=$YNH_APP_ARG_LANGUAGE +password=$YNH_APP_ARG_PASSWORD +ldap=$YNH_APP_ARG_LDAP +999 lang=$YNH_APP_ARG_LANG => to language -# Correct path using .fonctions -CHECK_PATH +### If it's a multi-instance app, meaning it can be installed several times independently +### The id of the app as stated in the manifest is available as $YNH_APP_ID +### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) +### The app instance name is available as $YNH_APP_INSTANCE_NAME +### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample +### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 +### - ynhexample__{N} for the subsequent installations, with N=3,4, ... +### The app instance name is probably what interests you most, since this is +### guaranteed to be unique. This is a good unique identifier to define installation path, +### db names, ... +app=$YNH_APP_INSTANCE_NAME -# Check domain/path availability using .fonctions -CHECK_DOMAINPATH +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= -# Use 'rainloop' as database name and user - dbuser=$app - dbname=$app - dbpass=$(ynh_string_random) +### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". +### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Initialize database and store mysql password for upgrade - ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" - ynh_app_setting_set "$app" mysqlpwd "$dbpass" +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) -# Create the final path and copy sources - CHECK_FINALPATH - final_path=/var/www/$app +# Register (book) web path +ynh_webpath_register $app $domain $path_url - rainloop_path=${final_path}/app +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= - sudo rm -rf $final_path - sudo mkdir -p $final_path - sudo mkdir -p $rainloop_path +ynh_app_setting_set $app domain $domain +ynh_app_setting_set $app path $path_url +#ynh_app_setting_set $app admin $admin +ynh_app_setting_set $app is_public $is_public +ynh_app_setting_set $app language $language +ynh_app_setting_set $app ldap $ldap + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# FIND AND OPEN A PORT +#================================================= + +### Use these lines if you have to open a port for the application +### `ynh_find_port` will find the first available port starting from the given port. +### If you're not using these lines: +### - Remove the section "CLOSE A PORT" in the remove script + +# Find a free port +#port=$(ynh_find_port 8095) +# Open this port +#yunohost firewall allow --no-upnp TCP $port 2>&1 +#ynh_app_setting_set $app port $port + +#================================================= +# INSTALL DEPENDENCIES +#================================================= + +### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package. +### Those deb packages will be installed as dependencies of this package. +### If you're not using this helper: +### - Remove the section "REMOVE DEPENDENCIES" in the remove script +### - As well as the section "REINSTALL DEPENDENCIES" in the restore script +### - And the section "UPGRADE DEPENDENCIES" in the upgrade script + +#ynh_install_app_dependencies deb1 deb2 + +#================================================= +# CREATE A MYSQL DATABASE +#================================================= + +### Use these lines if you need a database for the application. +### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password. +### The password will be stored as 'mysqlpwd' into the app settings, +### and will be available as $db_pwd +### If you're not using these lines: +### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script +### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script +### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script + +db_name=$(ynh_sanitize_dbid $app) +ynh_app_setting_set $app db_name $db_name +ynh_mysql_setup_db $db_name $db_name + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +### `ynh_setup_source` is used to install an app from a zip or tar.gz file, +### downloaded from an upstream source, like a git repository. +### `ynh_setup_source` use the file conf/app.src + +ynh_app_setting_set $app final_path $final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" - # Download sources and keys - sudo wget -q https://github.com/RainLoop/rainloop-webmail/releases/download/v${rainloop_version}/rainloop-community-${rainloop_version}.zip - sudo wget -q https://github.com/RainLoop/rainloop-webmail/releases/download/v${rainloop_version}/rainloop-community-${rainloop_version}.zip.asc - sudo wget -q https://repository.rainloop.net/RainLoop.asc - # Verify the integrity of sources - sudo gpg --import --quiet RainLoop.asc - sudo gpg --verify --quiet rainloop-community-${rainloop_version}.zip.asc rainloop-community-${rainloop_version}.zip || ynh_die "Download failed" - sudo gpg --batch --delete-key --yes Rainloop - # Unzip - sudo unzip -qq rainloop-community-${rainloop_version}.zip -d $rainloop_path/ # Install plugins sudo mkdir -p $rainloop_path/data/_data_/_default_/plugins @@ -62,22 +143,51 @@ CHECK_DOMAINPATH sudo cp -rf ../sources/plugins/ynh-login-mapping $rainloop_path/data/_data_/_default_/plugins/. sudo cp -rf ../sources/plugins/ynh-ldap-suggestions $rainloop_path/data/_data_/_default_/plugins/. -# Autoconfig - sudo mkdir -p $rainloop_path/data/_data_/_default_/configs/ - application_file=$rainloop_path/data/_data_/_default_/configs/application.ini +#================================================= +# NGINX CONFIGURATION +#================================================= - # Set lang => define from install manifest - case "$lang" in - Francais) - lang="fr" - ;; - English) - lang="en" - ;; - *) - lang="en" - esac - ynh_app_setting_set "$app" lang "$lang" +### `ynh_add_nginx_config` will use the file conf/nginx.conf + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create a system user +#ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +### `ynh_add_fpm_config` is used to set up a PHP config. +### You can remove it if your app doesn't use PHP. +### `ynh_add_fpm_config` will use the files conf/php-fpm.conf and conf/php-fpm.ini +### If you're not using these lines: +### - You can remove these files in conf/. +### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script +### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script +### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script +### With the reload at the end of the script. +### - And the section "PHP-FPM CONFIGURATION" in the upgrade script + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SPECIFIC SETUP +#================================================= +# ... +#================================================= + +# Autoconfig + sudo mkdir -p $final_path/data/_data_/_default_/configs/ + application_file=$final_path/data/_data_/_default_/configs/application.ini + + # Set plugins plugins="ynh-login-mapping,auto-domain-grab" # This plugin is trying to automatically grab unknown domains if users want to add external email accounts @@ -85,14 +195,13 @@ CHECK_DOMAINPATH then plugins="$plugins,ynh-ldap-suggestions" # This plugin is to suggest YunoHost users in recipients list fi - ynh_app_setting_set "$app" ldap "$ldap" ynh_app_setting_set "$app" plugins "$plugins" sudo cp ../conf/data/configs/application.ini $application_file sudo sed -i "s@domain.tld@$domain@g" $application_file sudo sed -i "s@MYSQLUSER@$dbuser@g" $application_file sudo sed -i "s@MYSQLPASSWORD@$dbpass@g" $application_file - sudo sed -i "s@LANGTOCHANGE@$lang@g" $application_file + sudo sed -i "s@LANGTOCHANGE@$language@g" $application_file sudo sed -i "s@PLUGINSTOENABLE@$plugins@g" $application_file # Set admin password @@ -127,33 +236,131 @@ CHECK_DOMAINPATH sudo find $final_path/. -type f -exec chmod 644 {} \; sudo chown -R www-data:www-data $final_path -# Install Nginx configuration file - nginx_conf_file=/etc/nginx/conf.d/$domain.d/$app.conf - sudo cp ../conf/nginx.conf $nginx_conf_file - if [ $path = "/" ]; then - sudo sed -i "s@ROOTTOCHANGE@@g" $nginx_conf_file - else - sudo sed -i "s@ROOTTOCHANGE@$path@g" $nginx_conf_file - fi - sudo sed -i "s@PATHTOCHANGE@$path@g" $nginx_conf_file - sudo sed -i "s@ALIASTOCHANGE@$final_path/@g" $nginx_conf_file - sudo sed -i "s@NAMETOCHANGE@$app@g" $nginx_conf_file - sudo chown root: $nginx_conf_file - sudo chmod 644 $nginx_conf_file +#================================================= +# SETUP SYSTEMD +#================================================= - finalphpconf=/etc/php5/fpm/pool.d/$app.conf - sudo cp ../conf/php-fpm.conf $finalphpconf - sudo sed -i "s@NAMETOCHANGE@$app@g" $finalphpconf - sudo chown root: $finalphpconf - sudo chmod 644 $finalphpconf +### `ynh_systemd_config` is used to configure a systemd script for an app. +### It can be used for apps that use sysvinit (with adaptation) or systemd. +### Have a look at the app to be sure this app needs a systemd script. +### `ynh_systemd_config` will use the file conf/systemd.service +### If you're not using these lines: +### - You can remove those files in conf/. +### - Remove the section "BACKUP SYSTEMD" in the backup script +### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script +### - As well as the section "RESTORE SYSTEMD" in the restore script +### - And the section "SETUP SYSTEMD" in the upgrade script + +# Create a dedicated systemd config +#ynh_add_systemd_config + +#================================================= +# SETUP APPLICATION WITH CURL +#================================================= + +### Use these lines only if the app installation needs to be finalized through +### web forms. We generally don't want to ask the final user, +### so we're going to use curl to automatically fill the fields and submit the +### forms. + +# Set right permissions for curl install +#chown -R $app: $final_path + +# Set the app as temporarily public for curl call +#ynh_app_setting_set $app skipped_uris "/" +# Reload SSOwat config +#yunohost app ssowatconf + +# Reload Nginx +#systemctl reload nginx + +# Installation with curl +#ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" + +# Remove the public access +#if [ $is_public -eq 0 ] +#then +# ynh_app_setting_delete $app skipped_uris +#fi + +#================================================= +# MODIFY A CONFIG FILE +#================================================= + +### `ynh_replace_string` is used to replace a string in a file. +### (It's compatible with sed regular expressions syntax) + +#ynh_replace_string "match_string" "replace_string" "$final_path/CONFIG_FILE" + +#================================================= +# STORE THE CONFIG FILE CHECKSUM +#================================================= + +### `ynh_store_file_checksum` is used to store the checksum of a file. +### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`, +### you can make a backup of this file before modifying it again if the admin had modified it. + +# Calculate and store the config file checksum into the app settings +#ynh_store_file_checksum "$final_path/CONFIG_FILE" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +### For security reason, any app should set the permissions to root: before anything else. +### Then, if write authorization is needed, any access should be given only to directories +### that really need such authorization. + +# Set permissions to app files +#chown -R root: $final_path + +#================================================= +# SETUP LOGROTATE +#================================================= + +### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. +### Use this helper only if there is effectively a log file for this app. +### If you're not using this helper: +### - Remove the section "BACKUP LOGROTATE" in the backup script +### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script +### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script +### - And the section "SETUP LOGROTATE" in the upgrade script + +# Use logrotate to manage application logfile(s) +#ynh_use_logrotate + +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= + +### `yunohost service add` is a CLI yunohost command to add a service in the admin panel. +### You'll find the service in the 'services' section of YunoHost admin panel. +### This CLI command would be useless if the app does not have any services (systemd or sysvinit) +### If you're not using these lines: +### - You can remove these files in conf/. +### - Remove the section "REMOVE SERVICE FROM ADMIN PANEL" in the remove script +### - As well as the section ADVERTISE SERVICE IN ADMIN PANEL" in the restore script + +#yunohost service add $app --log "/var/log/$app/APP.log" +# if using yunohost version 3.2 or more in the 'manifest.json', a description can be added +#yunohost service add $app --description "$app daemon for XXX" --log "/var/log/$app/APP.log" + +#================================================= +# SETUP SSOWAT +#================================================= # Make app public if necessary - ynh_app_setting_set "$app" is_public "$is_public" - if [ "$is_public" = "Yes" ]; - then - ynh_app_setting_set "$app" skipped_uris "/" - fi +if [ $is_public -eq 1 ] +then + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set $app unprotected_uris "/" +fi -# Reload services - sudo service php5-fpm reload - sudo service nginx reload +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx +systemctl reload php5-fpm