2016-06-20 23:43:51 +02:00
|
|
|
#!/bin/bash
|
|
|
|
|
2018-05-26 10:27:01 +02:00
|
|
|
#=================================================
|
|
|
|
# GENERIC START
|
|
|
|
#=================================================
|
|
|
|
# IMPORT GENERIC HELPERS
|
|
|
|
#=================================================
|
2016-06-20 23:43:51 +02:00
|
|
|
|
2018-05-26 10:27:01 +02:00
|
|
|
source /usr/share/yunohost/helpers
|
|
|
|
|
|
|
|
#=================================================
|
|
|
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
|
|
#=================================================
|
2016-06-20 23:43:51 +02:00
|
|
|
|
|
|
|
|
|
|
|
# Validate redirect path
|
|
|
|
url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
|
2019-04-29 20:49:40 +02:00
|
|
|
[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1
|
2016-06-20 23:43:51 +02:00
|
|
|
|
2019-09-14 19:58:58 +02:00
|
|
|
# Avoid uncrypted remote destination with reverse proxy mode
|
|
|
|
# Indeed the SSO send the password in all requests in HTTP headers
|
2019-09-16 22:46:52 +02:00
|
|
|
url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$'
|
2019-09-14 19:58:58 +02:00
|
|
|
[[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \
|
|
|
|
"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1
|
|
|
|
|
2016-06-20 23:43:51 +02:00
|
|
|
|
2019-05-15 18:42:44 +02:00
|
|
|
#=================================================
|
|
|
|
# CONFIGURE NGINX
|
|
|
|
#=================================================
|
2021-01-23 15:21:17 +01:00
|
|
|
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
|
2019-05-15 18:42:44 +02:00
|
|
|
|
2016-06-20 23:43:51 +02:00
|
|
|
# Nginx configuration
|
2019-04-29 20:49:40 +02:00
|
|
|
for FILE in $(ls ../conf/nginx-*.conf)
|
|
|
|
do
|
2023-09-26 21:24:14 +02:00
|
|
|
ynh_replace_string "YNH_LOCATION" "$path" $FILE
|
2019-04-29 20:49:40 +02:00
|
|
|
done
|
2019-05-15 18:35:57 +02:00
|
|
|
if [ "$redirect_type" = "public_302" ];
|
2016-06-20 23:43:51 +02:00
|
|
|
then
|
2019-04-29 20:49:40 +02:00
|
|
|
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf
|
2018-05-26 10:01:42 +02:00
|
|
|
cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf
|
2019-05-15 18:35:57 +02:00
|
|
|
elif [ "$redirect_type" = "public_301" ];
|
2016-06-20 23:43:51 +02:00
|
|
|
then
|
2019-04-29 20:49:40 +02:00
|
|
|
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf
|
2018-05-26 10:01:42 +02:00
|
|
|
cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf
|
2019-05-15 18:35:57 +02:00
|
|
|
elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ];
|
2016-06-20 23:43:51 +02:00
|
|
|
then
|
2019-04-29 20:49:40 +02:00
|
|
|
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf
|
2018-05-26 10:01:42 +02:00
|
|
|
cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf
|
2016-06-20 23:43:51 +02:00
|
|
|
fi
|
|
|
|
|
2018-05-26 10:27:01 +02:00
|
|
|
#=================================================
|
2019-05-15 18:42:44 +02:00
|
|
|
# CONFIGURE SSOWAT
|
2018-05-26 10:27:01 +02:00
|
|
|
#=================================================
|
2023-09-26 21:36:36 +02:00
|
|
|
ynh_script_progression --message="Configuring permissions..." --weight=2
|
2018-05-26 10:27:01 +02:00
|
|
|
|
2016-06-20 23:43:51 +02:00
|
|
|
# Make app public if necessary
|
2019-05-15 18:35:57 +02:00
|
|
|
if [ "$redirect_type" != "private_proxy" ]
|
2016-06-20 23:43:51 +02:00
|
|
|
then
|
2018-05-26 10:27:01 +02:00
|
|
|
# unprotected_uris allows SSO credentials to be passed anyway.
|
2023-09-26 21:36:36 +02:00
|
|
|
ynh_permission_update --permission="main" --add="visitors"
|
2016-06-20 23:43:51 +02:00
|
|
|
fi
|
|
|
|
|
2021-01-23 15:21:17 +01:00
|
|
|
#=================================================
|
|
|
|
# END OF SCRIPT
|
|
|
|
#=================================================
|
|
|
|
|
|
|
|
ynh_script_progression --message="Installation of $app completed" --last
|