diff --git a/conf/nginx-redirect.conf b/conf/nginx-redirect.conf index 1ee1b6a..731c42d 100644 --- a/conf/nginx-redirect.conf +++ b/conf/nginx-redirect.conf @@ -1,3 +1,3 @@ location __PATH__ { - return 302 __TARGET__; + return 302 __TARGET__$request_uri; } diff --git a/doc/ADMIN.md b/doc/ADMIN.md index 446e514..ecce686 100644 --- a/doc/ADMIN.md +++ b/doc/ADMIN.md @@ -1,18 +1 @@ -## Redirect type - -### Visible redirect - -The client will be redirected to another url or external website - -- `your-domain.com -> another-domain.net` -- `your-domain.com/foo -> another-domain.net/bar` - -### Invisible redirect (a.k.a "reverse-proxy") - -Visitor's address bar will remain the same. Typically used to integrate into YunoHost a manually-installed app into the portal. - -- `you-domain.com/foo -> http://172.0.0.1:8080/app` - -**IMPORTANT:** you may have to further tweak the `redirect.conf` in the nginx configuration, depending on your needs! - -**IMPORTANT:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ MUST be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/. For example : an Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/ +The nginx configuration can be further tweaked in `/etc/nginx/conf.d/__DOMAIN__.d/__APP__.conf` diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md index e7c511f..c71e4dc 100644 --- a/doc/ADMIN_fr.md +++ b/doc/ADMIN_fr.md @@ -1,18 +1 @@ -## Types de redirection - -### Redirection visible - -Le client sera redirigé vers une autre URL ou site externe - -- `votre-domaine.com -> un-autre-domaine.net` -- `votre-domaine.com/foo -> un-autre-domaine.net/bar` - -### Redirection invisible (a.k.a "reverse-proxy") - -L'adresse du client restera inchangé dans le navigateur. Typiquement utilisé pour intéger dans YunoHost une application installée manuellement. - -- `you-domain.com/foo -> http://172.0.0.1:8080/app` - -**IMPORTANT:** il vous faudra peut-être bricoler manuellement `redirect.conf` dans la configuration nginx, en fonction de vos besoins. - -**IMPORTANT:** Certaines apps ne supportent pas d'être redirigées depuis un chemin différent à cause du fonctionnement des liens relatifs ... Cela signifie que par exemple une app hébergée sur `http://127.0.0.1:5050/app/` DOIT être routé sur `http://domaine.tld/app/` et PAS http://domaine.tld/unautrechemin/. Par exemple: un conteneur Docker Odoo tourne sur `http://127.0.0.1:8069/`. Il ne sera pas capable de fonctionné correctement si il est routé sur `http://domaine.tld/odoo/` ! Il faut forcément l'installer à la racine d'un domaine, par exemple `http://odoo.domaine.tld/` +La configuration nginx peut être trouvée dans `/etc/nginx/conf.d/__DOMAIN__.d/__APP__.conf` diff --git a/manifest.toml b/manifest.toml index fad8287..34058f7 100644 --- a/manifest.toml +++ b/manifest.toml @@ -32,20 +32,21 @@ ram.runtime = "50M" [install.path] type = "path" default = "/redirect" + help = "Be careful when using this app in reverse-proxy mode: the target may require to be installed at the root of a domain (or subdomain), meaning the path is just '/'!" [install.redirect_type] ask.en = "Redirect type" ask.fr = "Type de redirection" type = "select" - choices.redirect = "Explicit redirection (HTTP 302). Redirect people to another URL." - choices.reverseproxy = "Reverse-proxy (nginx proxy_pass). Expose an app, typically that you manually installed (with or without Docker) locally or an another machine." + choices.redirect = "Explicit redirection (HTTP 302). Redirect people to a different page." + choices.reverseproxy = "Reverse-proxy (nginx proxy_pass). Expose an app, typically something that you manually installed (with or without Docker) locally or an another machine." default = "redirect" [install.target] ask.en = "Target" ask.fr = "Cible" type = "url" - example = "http://127.0.0.1:1312/" + help = "This may be something like https://some.other.website (for explicit redirect) or http://127.0.0.1:1234 for reverse-proxies." [install.init_main_permission] type = "group" diff --git a/scripts/_common.sh b/scripts/_common.sh index ebc643a..cb2aa26 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -10,7 +10,7 @@ _validate_redirect_uri() { # Avoid uncrypted remote destination with reverse proxy mode # Indeed the SSO send the password in all requests in HTTP headers - if [[ "$redirect_type" = "proxy" ]] && [[ ! $target =~ $URL_REGEX_SECURE ]]; then + if [[ "$redirect_type" = "reverseproxy" ]] && [[ ! $target =~ $URL_REGEX_SECURE ]]; then ynh_die "For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $target" 1 fi } diff --git a/scripts/install b/scripts/install index d44668d..4e7432c 100644 --- a/scripts/install +++ b/scripts/install @@ -25,14 +25,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 mv ../conf/{"nginx-$redirect_type.conf",nginx.conf} ynh_add_nginx_config - -if [[ ${PACKAGE_CHECK_EXEC} == "1" ]] && [[ "$redirect_type" == "reverseproxy" ]] -then - systemctl status whatever >&2 - sleep 3 -fi - - #================================================= # END OF SCRIPT #================================================= diff --git a/tests.toml b/tests.toml index 44f0e46..e1c4173 100644 --- a/tests.toml +++ b/tests.toml @@ -4,29 +4,13 @@ test_format = 1.0 [default] - args.redirect_type = "reverseproxy" - args.target = "http://127.0.0.1:1234/" - - exclude = ["install.private", "install.multi", "backup_restore", "change_url"] - - [default.test_upgrade_from.09cf1c6b] - name = "v1 era" - args.domain = "domain.tld" - args.path = "/" - args.redirect_type = "proxy" - args.redirect_path = "http://127.0.0.1:1234/" - args.is_public = true - - -[redirect] - args.redirect_type = "redirect" args.target = "https://127.0.0.1" # Turns out 302 redirects cant be made private because they are interpreted before going through the sso ... exclude = ["install.private"] - [redirect.test_upgrade_from.09cf1c6b] + [default.test_upgrade_from.09cf1c6b] name = "v1 era" args.domain = "domain.tld" args.path = "/" @@ -34,4 +18,17 @@ test_format = 1.0 args.redirect_path = "https://127.0.0.1" args.is_public = true +[reverseproxy] + args.redirect_type = "reverseproxy" + args.target = "http://127.0.0.1:1234" + + exclude = ["install.private", "install.multi", "backup_restore", "change_url"] + + [reverseproxy.test_upgrade_from.09cf1c6b] + name = "v1 era" + args.domain = "domain.tld" + args.path = "/" + args.redirect_type = "proxy" + args.redirect_path = "http://127.0.0.1:1234" + args.is_public = true