Drastically simplify app because everything is way too complex..

conf/nginx-redirect.conf

@@ -0,0 +1,3 @@
+location __PATH__/ {
+  return 302 __TARGET__$request_uri;
+}

conf/nginx-reverseproxy.conf

@@ -1,5 +1,7 @@
-location YNH_LOCATION {
-  proxy_pass        YNH_REDIRECT_PATH;
+#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
+location __PATH__/ {
+
+  proxy_pass        __TARGET__;
   proxy_redirect    off;
   proxy_set_header  Host $host;
   proxy_set_header  X-Real-IP $remote_addr;

conf/nginx-visible-301.conf

@@ -1,3 +0,0 @@
-location YNH_LOCATION {
-  return 301 YNH_REDIRECT_PATH$request_uri;
-}

conf/nginx-visible-302.conf

@@ -1,3 +0,0 @@
-location YNH_LOCATION {
-  return 302 YNH_REDIRECT_PATH$request_uri;
-}

manifest.toml

@@ -5,7 +5,7 @@ name = "Redirect"
 description.en = "Create a redirection or a proxy to another path"
 description.fr = "Créer une redirection ou un proxy vers un autre emplacement"
 
-version = "1.0.2~ynh1"
+version = "2.0~ynh1"
 
 maintainers = []
 
@@ -31,28 +31,27 @@ ram.runtime = "50M"
     type = "path"
     default = "/redirect"
 
-    [install.redirect_path]
-    ask.en = "Redirect destination path"
-    ask.fr = "Emplacement de destination"
-    type = "string"
-    example = "http://127.0.0.1:8080/app/"
-
     [install.redirect_type]
     ask.en = "Redirect type"
     ask.fr = "Type de redirection"
     type = "select"
-    default = "public_302"
+    choices.redirect = "Explicit redirection (HTTP 302). Redirect people to another URL."
+    choices.reverseproxy = "Reverse-proxy (nginx proxy_pass). Expose an app, typically that you manually installed (with or without Docker) locally or an another machine."
 
-    #[install.redirect_type.choices]
-    choices.public_302 = "Visible redirect (302, temporary). Everybody will be able to access it."
-    choices.public_301 = "Visible redirect (301, permanent). Everybody will be able to access it."
-    choices.public_proxy = "Proxy, invisible (NGINX proxy_pass). Everybody will be able to access it."
-    choices.private_proxy = "Proxy, invisible (NGINX proxy_pass). Only accessible for allowed users."
+    [install.target]
+    ask.en = "Target"
+    ask.fr = "Cible"
+    type = "url"
+    example = "http://127.0.0.1:1312/"
+
+    [install.init_main_permission]
+    default = "visitors"
 
 [resources]
+    # Meh we gotta keep this otherwise migrations from the v1 era will fail
+    # because they assume a system user resource existed in v1 and will want to
+    # delete it if not present anymore in the manifest ...
     [resources.system_user]
 
-    [resources.install_dir]
-
     [resources.permissions]
     main.url = "/"

scripts/install

@@ -8,57 +8,19 @@
 
 source /usr/share/yunohost/helpers
 
-#=================================================
-# RETRIEVE ARGUMENTS FROM THE MANIFEST
-#=================================================
-
-
-# Validate redirect path
-url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
-[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1
-
 # Avoid uncrypted remote destination with reverse proxy mode
 # Indeed the SSO send the password in all requests in HTTP headers
 url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$'
-[[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \
-"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1
-
+[[ "$redirect_type" = "reverseproxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \
+"For secure reason, you can't use an unencrypted http remote destination coupled with ssowat for your reverse proxy: $redirect_path" 1
 
 #=================================================
 # CONFIGURE NGINX
 #=================================================
 ynh_script_progression --message="Configuring NGINX web server..." --weight=1
 
-# Nginx configuration
-for FILE in $(ls ../conf/nginx-*.conf)
-do
-    ynh_replace_string "YNH_LOCATION" "$path" $FILE
-done
-if [ "$redirect_type" = "public_302" ];
-then
-    ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf
-    cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf
-elif [ "$redirect_type" = "public_301" ];
-then
-    ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf
-    cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf
-elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ];
-then
-    ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf
-    cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf
-fi
-
-#=================================================
-# CONFIGURE SSOWAT
-#=================================================
-ynh_script_progression --message="Configuring permissions..." --weight=2
-
-# Make app public if necessary
-if [ "$redirect_type" != "private_proxy" ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-    ynh_permission_update --permission="main" --add="visitors"
-fi
+mv ../conf/{nginx-$redirect_type.conf,nginx.conf}
+ynh_add_nginx_config
 
 #=================================================
 # END OF SCRIPT

scripts/remove

@@ -12,8 +12,8 @@ source /usr/share/yunohost/helpers
 # REMOVE NGINX CONFIGURATION
 #=================================================
 
-# Remove configuration files
-ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf
+# Remove the dedicated NGINX config
+ynh_remove_nginx_config
 
 #=================================================
 # END OF SCRIPT

scripts/restore

@@ -1,44 +1,10 @@
 #!/bin/bash
 
-#=================================================
-# GENERIC START
-#=================================================
-# IMPORT GENERIC HELPERS
-#=================================================
-
 source /usr/share/yunohost/helpers
 
-#=================================================
-# LOAD SETTINGS
-#=================================================
+ynh_restore_file "/etc/nginx/conf.d/${domain}.d/${app}.conf"
 
-# Validate redirect path
-url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
-[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1
-
-# Check configuration files
-NGINX_CONF="/etc/nginx/conf.d/${domain}.d/${app}.conf"
-[[ -f $NGINX_CONF ]] && ynh_die "The NGINX configuration already exists at '${NGINX_CONF}'. You should safely delete it before restoring this app."
-
-# Restore configuration files
-ynh_restore_file "$NGINX_CONF"
-
-#=================================================
-# SETUP SSOWAT
-#=================================================
-
-# Make app public if necessary
-if [ "$redirect_type" != "private_proxy" ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_permission_update --permission="main" --add="visitors"
-fi
-
-#=================================================
-# RELOAD NGINX AND PHP-FPM
-#=================================================
 ynh_script_progression --message="Reloading NGINX web server..." --weight=1
-
 ynh_systemd_action --service_name=nginx --action=reload
 
 #=================================================

scripts/upgrade

@@ -1,103 +1,31 @@
-
 #!/bin/bash
 
-#=================================================
-# GENERIC START
-#=================================================
-# IMPORT GENERIC HELPERS
-#=================================================
-
 source /usr/share/yunohost/helpers
 
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
 #=================================================
 
-# Fix is_public as a boolean value
-# Default value for redirect_type if upgrading from https://github.com/scith/redirect_ynh
-if [ -z "$redirect_type" ];
+if [[ "${redirect_type:-}" == *"proxy"* ]]
 then
-    redirect_type="proxy"
-    ynh_app_setting_set $app 'redirect_type' $redirect_type
+    redirect_type="reverseproxy"
+else
+    redirect_type="redirect"
 fi
+ynh_app_setting_set $app 'redirect_type' $redirect_type
 
-# Migrate away from old stuff with 'is_public' and old redirect type names
-is_public=$(ynh_app_setting_get "$app" is_public)
-
-if [ -n "$is_public" ]
+if [[ -z "${target:-}" ]] && [[ -n "${redirect_path:-}" ]]
 then
-     if [ "$is_public" = "Yes" ]; then
-        is_public=1
-     elif [ "$is_public" = "No" ]; then
-        is_public=0
-    fi
-
-    if [ "$is_public" = "0" ] && [ "$redirect_type" != "proxy" ]; then
-       echo "WARNING: You previously had a 'supposedly' private 301 or 302 redirection... but it was found that it was public all along and it is not easy to create such a private redirection. Your 301 or 302 redirection will be re-flagged as public..." >&2
-       is_public=1
-    fi
-
-if [ "$redirect_type" == "proxy" ] && [ "$is_public" = "1" ]
-    then
-        redirect_type="public_proxy"
-    elif [ "$redirect_type" == "proxy" ] && [ "$is_public" = "0" ]
-    then
-        redirect_type="private_proxy"
-    elif [ "$redirect_type" == "visible_302" ]
-    then
-        redirect_type="public_302"
-    elif [ "$redirect_type" == "visible_301" ]
-    then
-        redirect_type="public_301"
-    fi
-    
-    ynh_app_setting_set $app 'redirect_type' $redirect_type
+    target="$redirect_path"
+    ynh_app_setting_set $app target "$redirect_path"
 fi
 
-#=================================================
-# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
-#=================================================
-
-# Validate redirect path
-url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
-[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1
-
 #=================================================
 # CONFIGURE NGINX
 #=================================================
+ynh_script_progression --message="Configuring NGINX web server..." --weight=1
 
-# Nginx configuration
-for FILE in $(ls ../conf/nginx-*.conf)
-do
-    ynh_replace_string "YNH_LOCATION" "$path" $FILE
-done
-if [ "$redirect_type" = "public_302" ];
-then
-    ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf
-    cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf
-elif [ "$redirect_type" = "public_301" ];
-then
-    ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf
-    cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf
-elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ];
-then
-    ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf
-    cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf
-fi
-
-#=================================================
-# CONFIGURE SSOWAT
-#=================================================
-
-# Make app public if necessary
-if [ "$redirect_type" != "private_proxy" ]
-then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-    ynh_permission_update --permission="main" --add="visitors"
-fi
-
-#=================================================
-# END OF SCRIPT
-#=================================================
+mv ../conf/{nginx-$redirect_type.conf,nginx.conf}
+ynh_add_nginx_config
 
 ynh_script_progression --message="Upgrade of $app completed" --last