From ba487163d5f3c63e79af7fde1788863412fed3d2 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 5 Dec 2023 00:54:55 +0100 Subject: [PATCH] Drastically simplify app because everything is way too complex.. --- conf/nginx-redirect.conf | 3 + ...inx-proxy.conf => nginx-reverseproxy.conf} | 6 +- conf/nginx-visible-301.conf | 3 - conf/nginx-visible-302.conf | 3 - manifest.toml | 29 +++--- scripts/install | 46 +-------- scripts/remove | 4 +- scripts/restore | 36 +------ scripts/upgrade | 94 +++---------------- 9 files changed, 39 insertions(+), 185 deletions(-) create mode 100644 conf/nginx-redirect.conf rename conf/{nginx-proxy.conf => nginx-reverseproxy.conf} (83%) delete mode 100644 conf/nginx-visible-301.conf delete mode 100644 conf/nginx-visible-302.conf diff --git a/conf/nginx-redirect.conf b/conf/nginx-redirect.conf new file mode 100644 index 0000000..8ef882a --- /dev/null +++ b/conf/nginx-redirect.conf @@ -0,0 +1,3 @@ +location __PATH__/ { + return 302 __TARGET__$request_uri; +} diff --git a/conf/nginx-proxy.conf b/conf/nginx-reverseproxy.conf similarity index 83% rename from conf/nginx-proxy.conf rename to conf/nginx-reverseproxy.conf index 6d3a1ee..604d91e 100644 --- a/conf/nginx-proxy.conf +++ b/conf/nginx-reverseproxy.conf @@ -1,5 +1,7 @@ -location YNH_LOCATION { - proxy_pass YNH_REDIRECT_PATH; +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { + + proxy_pass __TARGET__; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; diff --git a/conf/nginx-visible-301.conf b/conf/nginx-visible-301.conf deleted file mode 100644 index 2b3ffb6..0000000 --- a/conf/nginx-visible-301.conf +++ /dev/null @@ -1,3 +0,0 @@ -location YNH_LOCATION { - return 301 YNH_REDIRECT_PATH$request_uri; -} diff --git a/conf/nginx-visible-302.conf b/conf/nginx-visible-302.conf deleted file mode 100644 index e1ffc66..0000000 --- a/conf/nginx-visible-302.conf +++ /dev/null @@ -1,3 +0,0 @@ -location YNH_LOCATION { - return 302 YNH_REDIRECT_PATH$request_uri; -} diff --git a/manifest.toml b/manifest.toml index 74bbd11..5c85b64 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Redirect" description.en = "Create a redirection or a proxy to another path" description.fr = "Créer une redirection ou un proxy vers un autre emplacement" -version = "1.0.2~ynh1" +version = "2.0~ynh1" maintainers = [] @@ -31,28 +31,27 @@ ram.runtime = "50M" type = "path" default = "/redirect" - [install.redirect_path] - ask.en = "Redirect destination path" - ask.fr = "Emplacement de destination" - type = "string" - example = "http://127.0.0.1:8080/app/" - [install.redirect_type] ask.en = "Redirect type" ask.fr = "Type de redirection" type = "select" - default = "public_302" + choices.redirect = "Explicit redirection (HTTP 302). Redirect people to another URL." + choices.reverseproxy = "Reverse-proxy (nginx proxy_pass). Expose an app, typically that you manually installed (with or without Docker) locally or an another machine." - #[install.redirect_type.choices] - choices.public_302 = "Visible redirect (302, temporary). Everybody will be able to access it." - choices.public_301 = "Visible redirect (301, permanent). Everybody will be able to access it." - choices.public_proxy = "Proxy, invisible (NGINX proxy_pass). Everybody will be able to access it." - choices.private_proxy = "Proxy, invisible (NGINX proxy_pass). Only accessible for allowed users." + [install.target] + ask.en = "Target" + ask.fr = "Cible" + type = "url" + example = "http://127.0.0.1:1312/" + + [install.init_main_permission] + default = "visitors" [resources] + # Meh we gotta keep this otherwise migrations from the v1 era will fail + # because they assume a system user resource existed in v1 and will want to + # delete it if not present anymore in the manifest ... [resources.system_user] - [resources.install_dir] - [resources.permissions] main.url = "/" diff --git a/scripts/install b/scripts/install index 698c6d5..b33ed9e 100644 --- a/scripts/install +++ b/scripts/install @@ -8,57 +8,19 @@ source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - - -# Validate redirect path -url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' -[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1 - # Avoid uncrypted remote destination with reverse proxy mode # Indeed the SSO send the password in all requests in HTTP headers url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' -[[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \ -"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1 - +[[ "$redirect_type" = "reverseproxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \ +"For secure reason, you can't use an unencrypted http remote destination coupled with ssowat for your reverse proxy: $redirect_path" 1 #================================================= # CONFIGURE NGINX #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=1 -# Nginx configuration -for FILE in $(ls ../conf/nginx-*.conf) -do - ynh_replace_string "YNH_LOCATION" "$path" $FILE -done -if [ "$redirect_type" = "public_302" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf - cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf -elif [ "$redirect_type" = "public_301" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf - cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf -elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf - cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf -fi - -#================================================= -# CONFIGURE SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=2 - -# Make app public if necessary -if [ "$redirect_type" != "private_proxy" ] -then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_permission_update --permission="main" --add="visitors" -fi +mv ../conf/{nginx-$redirect_type.conf,nginx.conf} +ynh_add_nginx_config #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 008b047..5ea4099 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,8 +12,8 @@ source /usr/share/yunohost/helpers # REMOVE NGINX CONFIGURATION #================================================= -# Remove configuration files -ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf +# Remove the dedicated NGINX config +ynh_remove_nginx_config #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index 46c2ea9..f8838c7 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,44 +1,10 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= +ynh_restore_file "/etc/nginx/conf.d/${domain}.d/${app}.conf" -# Validate redirect path -url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' -[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1 - -# Check configuration files -NGINX_CONF="/etc/nginx/conf.d/${domain}.d/${app}.conf" -[[ -f $NGINX_CONF ]] && ynh_die "The NGINX configuration already exists at '${NGINX_CONF}'. You should safely delete it before restoring this app." - -# Restore configuration files -ynh_restore_file "$NGINX_CONF" - -#================================================= -# SETUP SSOWAT -#================================================= - -# Make app public if necessary -if [ "$redirect_type" != "private_proxy" ] -then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_permission_update --permission="main" --add="visitors" -fi - -#================================================= -# RELOAD NGINX AND PHP-FPM -#================================================= ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index f0461df..3605880 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,103 +1,31 @@ - #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source /usr/share/yunohost/helpers #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -# Fix is_public as a boolean value -# Default value for redirect_type if upgrading from https://github.com/scith/redirect_ynh -if [ -z "$redirect_type" ]; +if [[ "${redirect_type:-}" == *"proxy"* ]] then - redirect_type="proxy" - ynh_app_setting_set $app 'redirect_type' $redirect_type + redirect_type="reverseproxy" +else + redirect_type="redirect" fi +ynh_app_setting_set $app 'redirect_type' $redirect_type -# Migrate away from old stuff with 'is_public' and old redirect type names -is_public=$(ynh_app_setting_get "$app" is_public) - -if [ -n "$is_public" ] +if [[ -z "${target:-}" ]] && [[ -n "${redirect_path:-}" ]] then - if [ "$is_public" = "Yes" ]; then - is_public=1 - elif [ "$is_public" = "No" ]; then - is_public=0 - fi - - if [ "$is_public" = "0" ] && [ "$redirect_type" != "proxy" ]; then - echo "WARNING: You previously had a 'supposedly' private 301 or 302 redirection... but it was found that it was public all along and it is not easy to create such a private redirection. Your 301 or 302 redirection will be re-flagged as public..." >&2 - is_public=1 - fi - -if [ "$redirect_type" == "proxy" ] && [ "$is_public" = "1" ] - then - redirect_type="public_proxy" - elif [ "$redirect_type" == "proxy" ] && [ "$is_public" = "0" ] - then - redirect_type="private_proxy" - elif [ "$redirect_type" == "visible_302" ] - then - redirect_type="public_302" - elif [ "$redirect_type" == "visible_301" ] - then - redirect_type="public_301" - fi - - ynh_app_setting_set $app 'redirect_type' $redirect_type + target="$redirect_path" + ynh_app_setting_set $app target "$redirect_path" fi -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= - -# Validate redirect path -url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' -[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1 - #================================================= # CONFIGURE NGINX #================================================= +ynh_script_progression --message="Configuring NGINX web server..." --weight=1 -# Nginx configuration -for FILE in $(ls ../conf/nginx-*.conf) -do - ynh_replace_string "YNH_LOCATION" "$path" $FILE -done -if [ "$redirect_type" = "public_302" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf - cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf -elif [ "$redirect_type" = "public_301" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf - cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf -elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf - cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf -fi - -#================================================= -# CONFIGURE SSOWAT -#================================================= - -# Make app public if necessary -if [ "$redirect_type" != "private_proxy" ] -then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_permission_update --permission="main" --add="visitors" -fi - -#================================================= -# END OF SCRIPT -#================================================= +mv ../conf/{nginx-$redirect_type.conf,nginx.conf} +ynh_add_nginx_config ynh_script_progression --message="Upgrade of $app completed" --last