From 03113745d191afa8a6c729b6da24033f53f3e328 Mon Sep 17 00:00:00 2001 From: ljf Date: Sat, 14 Sep 2019 19:58:58 +0200 Subject: [PATCH 01/13] [fix] Avoid remote unencrypted destination in proxy mode --- scripts/install | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/install b/scripts/install index dc53e28..a663b8d 100644 --- a/scripts/install +++ b/scripts/install @@ -53,6 +53,12 @@ url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%= [[ ! $redirect_path =~ $url_regex ]] && ynh_die \ "Invalid destination: $redirect_path" 1 +# Avoid uncrypted remote destination with reverse proxy mode +# Indeed the SSO send the password in all requests in HTTP headers +url_regex='(http://(127.\d+.\d+.\d+|localhost)(:\d+)?/|https://)[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' +[[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \ +"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1 + # Save extra settings yunohost app setting $app is_public -v "$is_public" yunohost app setting $app redirect_type -v "$redirect_type" From 0637590f951445463eb44541bd70abd18a1dae05 Mon Sep 17 00:00:00 2001 From: ljf Date: Mon, 16 Sep 2019 22:46:52 +0200 Subject: [PATCH 02/13] [fix] Bad regex --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index a663b8d..935709e 100644 --- a/scripts/install +++ b/scripts/install @@ -55,7 +55,7 @@ url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%= # Avoid uncrypted remote destination with reverse proxy mode # Indeed the SSO send the password in all requests in HTTP headers -url_regex='(http://(127.\d+.\d+.\d+|localhost)(:\d+)?/|https://)[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' +url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' [[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \ "For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1 From 346fb7fa57e7cd127f21639e47a3d0deeb1fe760 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sat, 23 Jan 2021 15:21:17 +0100 Subject: [PATCH 03/13] Fix linter warnings --- README.md | 15 ++++++++------- check_process | 1 - manifest.json | 9 +++++---- scripts/backup | 11 +++++++++++ scripts/install | 24 ++++++++++++++++++------ scripts/remove | 21 ++++++++++++++++++--- scripts/restore | 16 +++++++++++++--- scripts/upgrade | 16 +++++++++++++--- 8 files changed, 86 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 8818b1f..8b3b9aa 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,11 @@ -# Redirect App +# Redirect App for Yunohost + +[![Integration level](https://dash.yunohost.org/integration/redirect.svg)](https://dash.yunohost.org/appci/app/redirect) ![](https://ci-apps.yunohost.org/ci/badges/redirect.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/redirect.maintain.svg) +[![Install Redirect with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=redirect) **Add a link on your user panel redirecting to another page or app, which can be protected behind your panel for some**. -It could be an invisible redirect, an external link, another app on your local network, a reverse proxy to an app or a Docker container... Some apps can be even be protected behind your panel (meaning that you will have to log-in to access them). The only limit is your imagination - and Nginx ;). +It could be an invisible redirect, an external link, another app on your local network, a reverse proxy to an app or a Docker container... Some apps can be even be protected behind your panel (meaning that you will have to log-in to access them). The only limit is your imagination - and NGINX ;). This app only adds a Nginx configuration file with `redirect` or `proxy_pass` rule, and a YunoHost tile. Nothing more. @@ -10,20 +13,18 @@ This app only adds a Nginx configuration file with `redirect` or `proxy_pass` ru ### Visible redirect -Visitor's address bar will change. Helpfull to add a user link to another -website +Visitor's address bar will change. Helpfull to add a user link to another website you-domain.com -> another-domain.net you-domain.com/foo -> another-domain.net/bar ### Invisible (proxy) redirect -Visitor's address bar will remain the same. Mostly use to serve local webserver -for a personnal application. +Visitor's address bar will remain the same. Mostly use to serve local webserver for a personnal application. you-domain.com/foo -> http://172.0.0.1:8080/app -**IMPORTANT:** the redirect.conf file might need to be updated according to your situation! +**IMPORTANT:** the `redirect.conf` file might need to be updated according to your situation! **WARNING:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ HAVE TO be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/ diff --git a/check_process b/check_process index 2aa8bd2..fa373d2 100644 --- a/check_process +++ b/check_process @@ -19,7 +19,6 @@ upgrade=1 backup_restore=1 multi_instance=1 - incorrect_path=0 port_already_use=0 change_url=0 ;;; Options diff --git a/manifest.json b/manifest.json index c345323..7a1f148 100644 --- a/manifest.json +++ b/manifest.json @@ -2,19 +2,19 @@ "name": "Redirect", "id": "redirect", "packaging_format": 1, - "requirements": { - "yunohost": ">= 3.8" - }, "description": { "en": "Create a redirection or a proxy to another path.", "fr": "Créer une redirection ou un proxy vers un autre emplacement" }, - "version": "1.0.0~ynh4", + "version": "1.0.0~ynh5", "license": "AGPL-3.0-or-later", "url": "https://github.com/YunoHost-Apps/redirect_ynh", "maintainer": { "name": "alexAubin", "email": "alex.aubin@mailoo.org" + }, + "requirements": { + "yunohost": ">= 3.8.1" }, "multi_instance": true, "services": [ @@ -53,6 +53,7 @@ }, { "name": "redirect_type", + "type": "string", "ask": { "en": "Redirect type", "fr": "Type de redirection" diff --git a/scripts/backup b/scripts/backup index 8aa1ce6..cc3bbed 100644 --- a/scripts/backup +++ b/scripts/backup @@ -18,10 +18,21 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_print_info --message="Loading installation settings..." # Retrieve arguments app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain) +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= + # Copy the conf files ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/install b/scripts/install index 8d3f55e..66b72c6 100644 --- a/scripts/install +++ b/scripts/install @@ -27,19 +27,20 @@ redirect_type=$YNH_APP_ARG_REDIRECT_TYPE redirect_path=$YNH_APP_ARG_REDIRECT_PATH # Check domain/path availability -ynh_webpath_register $app $domain $path_url +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url # Validate redirect path url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' [[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1 # Save extra settings -ynh_app_setting_set $app redirect_type "$redirect_type" -ynh_app_setting_set $app redirect_path "$redirect_path" +ynh_app_setting_set --app=$app --key=redirect_type --value=$redirect_type +ynh_app_setting_set --app=$app --key=redirect_path --value=$redirect_path #================================================= # CONFIGURE NGINX #================================================= +ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Nginx configuration for FILE in $(ls ../conf/nginx-*.conf) @@ -63,13 +64,24 @@ fi #================================================= # CONFIGURE SSOWAT #================================================= +ynh_script_progression --message="Configuring permissions..." --weight=2 # Make app public if necessary if [ "$redirect_type" != "private_proxy" ] then # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set "$app" unprotected_uris "/" + ynh_permission_update --permission="main" --add="visitors" fi -# Reload Nginx and regenerate SSOwat conf -systemctl reload nginx +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index 82109e4..304eab7 100644 --- a/scripts/remove +++ b/scripts/remove @@ -11,13 +11,28 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 # Retrieve arguments app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) +domain=$(ynh_app_setting_get --app=$app --key=domain) + +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= # Remove configuration files ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf -# Restart services -systemctl reload nginx +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index 0ec55b3..5c4c3a6 100644 --- a/scripts/restore +++ b/scripts/restore @@ -45,8 +45,18 @@ ynh_restore_file "$NGINX_CONF" if [ "$redirect_type" != "private_proxy" ] then # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set "$app" unprotected_uris "/" + ynh_permission_update --permission="main" --add="visitors" fi -# Reload Nginx and regenerate SSOwat conf -systemctl reload nginx +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index 280fc98..7b9df56 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -114,8 +114,18 @@ fi if [ "$redirect_type" != "private_proxy" ] then # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set "$app" unprotected_uris "/" + ynh_permission_update --permission="main" --add="visitors" fi -# Reload Nginx and regenerate SSOwat conf -systemctl reload nginx +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --last From 1822ea630eeef018bcae2e088bef689061fbb9db Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Thu, 13 May 2021 17:51:58 +0200 Subject: [PATCH 04/13] [autopatch] Update issue and PR templates --- .github/ISSUE_TEMPLATE.md | 55 ++++++++++++++++++++++++++++++++ .github/PULL_REQUEST_TEMPLATE.md | 16 ++++++++++ 2 files changed, 71 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE.md create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..2729a6b --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,55 @@ +--- +name: Bug report +about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently. + +--- + +**How to post a meaningful bug report** +1. *Read this whole template first.* +2. *Determine if you are on the right place:* + - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!* + - *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.* + - *When in doubt, post here and we will figure it out together.* +3. *Delete the italic comments as you write over them below, and remove this guide.* +--- + +### Describe the bug + +*A clear and concise description of what the bug is.* + +### Context + +- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* +- YunoHost version: x.x.x +- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes* + - If yes, please explain: +- Using, or trying to install package version/branch: +- If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`* + +### Steps to reproduce + +- *If you performed a command from the CLI, the command itself is enough. For example:* + ```sh + sudo yunohost app install the_app + ``` +- *If you used the webadmin, please perform the equivalent command from the CLI first.* +- *If the error occurs in your browser, explain what you did:* + 1. *Go to '...'* + 2. *Click on '...'* + 3. *Scroll down to '...'* + 4. *See error* + +### Expected behavior + +*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.* + +### Logs + +*When an operation fails, YunoHost provides a simple way to share the logs.* +- *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.* +- *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.* + +*After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)* + +*If applicable and useful, add screenshots to help explain your problem.* diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..ef70e18 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +## Problem + +- *Description of why you made this PR* + +## Solution + +- *And how do you fix that problem* + +## PR Status + +- [ ] Code finished and ready to be reviewed/tested +- [ ] The fix/enhancement were manually tested (if applicable) + +## Automatic tests + +Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization) From 6c80ac0b18e052990ff50a6e45a84a11ece6fd9b Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Fri, 4 Jun 2021 16:26:13 +0200 Subject: [PATCH 05/13] Add templates --- .github/ISSUE_TEMPLATE.md | 55 ++++++++++++++++++++++++++++++++ .github/PULL_REQUEST_TEMPLATE.md | 16 ++++++++++ check_process | 10 ++---- doc/DISCLAIMER.md | 49 ++++++++++++++++++++++++++++ manifest.json | 6 +++- 5 files changed, 127 insertions(+), 9 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE.md create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 doc/DISCLAIMER.md diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..2729a6b --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,55 @@ +--- +name: Bug report +about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently. + +--- + +**How to post a meaningful bug report** +1. *Read this whole template first.* +2. *Determine if you are on the right place:* + - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!* + - *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.* + - *When in doubt, post here and we will figure it out together.* +3. *Delete the italic comments as you write over them below, and remove this guide.* +--- + +### Describe the bug + +*A clear and concise description of what the bug is.* + +### Context + +- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* +- YunoHost version: x.x.x +- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes* + - If yes, please explain: +- Using, or trying to install package version/branch: +- If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`* + +### Steps to reproduce + +- *If you performed a command from the CLI, the command itself is enough. For example:* + ```sh + sudo yunohost app install the_app + ``` +- *If you used the webadmin, please perform the equivalent command from the CLI first.* +- *If the error occurs in your browser, explain what you did:* + 1. *Go to '...'* + 2. *Click on '...'* + 3. *Scroll down to '...'* + 4. *See error* + +### Expected behavior + +*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.* + +### Logs + +*When an operation fails, YunoHost provides a simple way to share the logs.* +- *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.* +- *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.* + +*After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)* + +*If applicable and useful, add screenshots to help explain your problem.* diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..ef70e18 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +## Problem + +- *Description of why you made this PR* + +## Solution + +- *And how do you fix that problem* + +## PR Status + +- [ ] Code finished and ready to be reviewed/tested +- [ ] The fix/enhancement were manually tested (if applicable) + +## Automatic tests + +Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization) diff --git a/check_process b/check_process index fa373d2..da9f0ab 100644 --- a/check_process +++ b/check_process @@ -1,12 +1,7 @@ -# See here for more informations -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) + domain="domain.tld" + path="/path" redirect_type="public_302" redirect_path="http://127.0.0.1" ; Checks @@ -19,7 +14,6 @@ upgrade=1 backup_restore=1 multi_instance=1 - port_already_use=0 change_url=0 ;;; Options Email= diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..48b5c67 --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,49 @@ +**Add a link on your user panel redirecting to another page or app, which can be protected behind your panel for some**. + +It could be an invisible redirect, an external link, another app on your local network, a reverse proxy to an app or a Docker container... Some apps can be even be protected behind your panel (meaning that you will have to log-in to access them). The only limit is your imagination - and NGINX ;). + +This app only adds a Nginx configuration file with `redirect` or `proxy_pass` rule, and a YunoHost tile. Nothing more. + +## Redirect type + +### Visible redirect + +Visitor's address bar will change. Helpfull to add a user link to another website + + you-domain.com -> another-domain.net + you-domain.com/foo -> another-domain.net/bar + +### Invisible (proxy) redirect + +Visitor's address bar will remain the same. Mostly use to serve local webserver for a personnal application. + + you-domain.com/foo -> http://172.0.0.1:8080/app + +**IMPORTANT:** the `redirect.conf` file might need to be updated according to your situation! + +**WARNING:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ HAVE TO be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/ + +*Concrete example:* the Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/ + +## Public or private redirect + +In case of a private redirect, the app will be available to logged in users only. This could be useful if you want to protect behind the SSO an app from your local network or from the server (e.g., a Docker container or an app that does not have user management or password protection). + +**IMPORTANT:** Make sure that the app you want to protect CANNOT be accessed by its port or another direct link. Otherwise, your app will only be protected in YunoHost but would still be available through its direct link. In the case of a Docker container, the port of the container will have to be local (e.g., -p 127.0.0.1:9000:9000). + +## Case examples + +- **Creating a tile for a Docker container** with a local port (e.g., -p 127.0.0.1:PORT:PORT): proxy redirect to http://127.0.0.1:PORT-OF-THE-CONTAINER/ + +- **Redirecting to an external website**: visible redirect to the URL + +- [CozyCloud behind YunoHost?](https://forum.cozy.io/t/cozy-cloud-sous-yunohost/616/11) + +- **Creating a tile and protecting apps that are difficult to package natively (or for prototyping)** + + +**_Feel free to [share your case examples and customized Nginx files on the forum](https://forum.yunohost.org/t/2182)._** + +## Credits + +Insprired by [scith](https://github.com/scith) work. diff --git a/manifest.json b/manifest.json index 7a1f148..374d433 100644 --- a/manifest.json +++ b/manifest.json @@ -9,12 +9,16 @@ "version": "1.0.0~ynh5", "license": "AGPL-3.0-or-later", "url": "https://github.com/YunoHost-Apps/redirect_ynh", + "upstream": { + "license": "AGPL-3.0-or-later", + "website": "https://github.com/YunoHost-Apps/redirect_ynh" + }, "maintainer": { "name": "alexAubin", "email": "alex.aubin@mailoo.org" }, "requirements": { - "yunohost": ">= 3.8.1" + "yunohost": ">= 4.2.0" }, "multi_instance": true, "services": [ From 5a649f2173aa86e91b6482d13b170e030ac21603 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Fri, 4 Jun 2021 14:26:21 +0000 Subject: [PATCH 06/13] Auto-update README --- README.md | 41 +++++++++++++++++++++++- README_fr.md | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 README_fr.md diff --git a/README.md b/README.md index 8b3b9aa..1bfe75e 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,28 @@ -# Redirect App for Yunohost + + +# Redirect for YunoHost [![Integration level](https://dash.yunohost.org/integration/redirect.svg)](https://dash.yunohost.org/appci/app/redirect) ![](https://ci-apps.yunohost.org/ci/badges/redirect.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/redirect.maintain.svg) [![Install Redirect with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=redirect) +*[Lire ce readme en français.](./README_fr.md)* + +> *This package allows you to install Redirect quickly and simply on a YunoHost server. +If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* + +## Overview + +Create a redirection or a proxy to another path. + +**Shipped version:** 1.0.0~ynh5 + + + +## Disclaimers / important information + **Add a link on your user panel redirecting to another page or app, which can be protected behind your panel for some**. It could be an invisible redirect, an external link, another app on your local network, a reverse proxy to an app or a Docker container... Some apps can be even be protected behind your panel (meaning that you will have to log-in to access them). The only limit is your imagination - and NGINX ;). @@ -52,3 +72,22 @@ In case of a private redirect, the app will be available to logged in users only ## Credits Insprired by [scith](https://github.com/scith) work. + +## Documentation and resources + +* Official app website: https://github.com/YunoHost-Apps/redirect_ynh +* YunoHost documentation for this app: https://yunohost.org/app_redirect +* Report a bug: https://github.com/YunoHost-Apps/redirect_ynh/issues + +## Developer info + +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/redirect_ynh/tree/testing). + +To try the testing branch, please proceed like that. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/redirect_ynh/tree/testing --debug +or +sudo yunohost app upgrade redirect -u https://github.com/YunoHost-Apps/redirect_ynh/tree/testing --debug +``` + +**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..9bf3438 --- /dev/null +++ b/README_fr.md @@ -0,0 +1,89 @@ +# Redirect pour YunoHost + +[![Niveau d'intégration](https://dash.yunohost.org/integration/redirect.svg)](https://dash.yunohost.org/appci/app/redirect) ![](https://ci-apps.yunohost.org/ci/badges/redirect.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/redirect.maintain.svg) +[![Installer Redirect avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=redirect) + +*[Read this readme in english.](./README.md)* +*[Lire ce readme en français.](./README_fr.md)* + +> *Ce package vous permet d'installer Redirect rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* + +## Vue d'ensemble + +Créer une redirection ou un proxy vers un autre emplacement + +**Version incluse :** 1.0.0~ynh5 + + + +## Avertissements / informations importantes + +**Add a link on your user panel redirecting to another page or app, which can be protected behind your panel for some**. + +It could be an invisible redirect, an external link, another app on your local network, a reverse proxy to an app or a Docker container... Some apps can be even be protected behind your panel (meaning that you will have to log-in to access them). The only limit is your imagination - and NGINX ;). + +This app only adds a Nginx configuration file with `redirect` or `proxy_pass` rule, and a YunoHost tile. Nothing more. + +## Redirect type + +### Visible redirect + +Visitor's address bar will change. Helpfull to add a user link to another website + + you-domain.com -> another-domain.net + you-domain.com/foo -> another-domain.net/bar + +### Invisible (proxy) redirect + +Visitor's address bar will remain the same. Mostly use to serve local webserver for a personnal application. + + you-domain.com/foo -> http://172.0.0.1:8080/app + +**IMPORTANT:** the `redirect.conf` file might need to be updated according to your situation! + +**WARNING:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ HAVE TO be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/ + +*Concrete example:* the Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/ + +## Public or private redirect + +In case of a private redirect, the app will be available to logged in users only. This could be useful if you want to protect behind the SSO an app from your local network or from the server (e.g., a Docker container or an app that does not have user management or password protection). + +**IMPORTANT:** Make sure that the app you want to protect CANNOT be accessed by its port or another direct link. Otherwise, your app will only be protected in YunoHost but would still be available through its direct link. In the case of a Docker container, the port of the container will have to be local (e.g., -p 127.0.0.1:9000:9000). + +## Case examples + +- **Creating a tile for a Docker container** with a local port (e.g., -p 127.0.0.1:PORT:PORT): proxy redirect to http://127.0.0.1:PORT-OF-THE-CONTAINER/ + +- **Redirecting to an external website**: visible redirect to the URL + +- [CozyCloud behind YunoHost?](https://forum.cozy.io/t/cozy-cloud-sous-yunohost/616/11) + +- **Creating a tile and protecting apps that are difficult to package natively (or for prototyping)** + + +**_Feel free to [share your case examples and customized Nginx files on the forum](https://forum.yunohost.org/t/2182)._** + +## Credits + +Insprired by [scith](https://github.com/scith) work. + +## Documentations et ressources + +* Site officiel de l'app : https://github.com/YunoHost-Apps/redirect_ynh +* Documentation YunoHost pour cette app : https://yunohost.org/app_redirect +* Signaler un bug : https://github.com/YunoHost-Apps/redirect_ynh/issues + +## Informations pour les développeurs + +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/redirect_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme suit. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/redirect_ynh/tree/testing --debug +ou +sudo yunohost app upgrade redirect -u https://github.com/YunoHost-Apps/redirect_ynh/tree/testing --debug +``` + +**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file From c65b05bacc3c537537345ccb82d40389298ad9d1 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Fri, 4 Jun 2021 16:26:34 +0200 Subject: [PATCH 07/13] Update manifest.json --- manifest.json | 8 -------- 1 file changed, 8 deletions(-) diff --git a/manifest.json b/manifest.json index 374d433..bf3ef78 100644 --- a/manifest.json +++ b/manifest.json @@ -29,19 +29,11 @@ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain for your redirect", - "fr": "Choisissez un domaine pour votre redirection" - }, "example": "domain.org" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for your redirect", - "fr": "Choisissez un chemin pour votre redirection" - }, "example": "/redirect", "default": "/redirect" }, From 21846580e861b9d0e1fd822789cef63fbaa566e6 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 6 Jun 2021 17:42:43 +0200 Subject: [PATCH 08/13] Update manifest.json --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index bf3ef78..23ecefe 100644 --- a/manifest.json +++ b/manifest.json @@ -17,7 +17,7 @@ "name": "alexAubin", "email": "alex.aubin@mailoo.org" }, - "requirements": { + "requirements": { "yunohost": ">= 4.2.0" }, "multi_instance": true, From 72f60aa7364e22264051861217334c7a464e3d1c Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sun, 22 Aug 2021 08:58:18 +0200 Subject: [PATCH 09/13] Fix --- doc/DISCLAIMER.md | 2 +- doc/DISCLAIMER_fr.md | 49 ++++++++++++++++++++++++++++++++++++++++++++ manifest.json | 10 ++++----- scripts/backup | 2 +- scripts/restore | 12 ++++------- scripts/upgrade | 10 ++++----- 6 files changed, 65 insertions(+), 20 deletions(-) create mode 100644 doc/DISCLAIMER_fr.md diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 48b5c67..641ec82 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -2,7 +2,7 @@ It could be an invisible redirect, an external link, another app on your local network, a reverse proxy to an app or a Docker container... Some apps can be even be protected behind your panel (meaning that you will have to log-in to access them). The only limit is your imagination - and NGINX ;). -This app only adds a Nginx configuration file with `redirect` or `proxy_pass` rule, and a YunoHost tile. Nothing more. +This app only adds a NGINX configuration file with `redirect` or `proxy_pass` rule, and a YunoHost tile. Nothing more. ## Redirect type diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md new file mode 100644 index 0000000..722058c --- /dev/null +++ b/doc/DISCLAIMER_fr.md @@ -0,0 +1,49 @@ +**Ajoutez un lien sur votre panneau d'utilisateur redirigeant vers une autre page ou application, qui peut être protégée derrière votre panneau pour certains**. + +Il peut s'agir d'une redirection invisible, d'un lien externe, d'une autre application sur votre réseau local, d'un reverse proxy vers une application ou un conteneur Docker... Certaines applications peuvent même être protégées derrière votre panneau (ce qui signifie que vous devrez vous connecter- pour y accéder). La seule limite est votre imagination - et NGINX ;). + +Cette application ajoute uniquement un fichier de configuration NGINX avec la règle `redirect` ou `proxy_pass` et une tuile YunoHost. Rien de plus. + +## Type de redirection + +### Redirection visible + +La barre d'adresse du visiteur va changer. Utile pour ajouter un lien utilisateur vers un autre site Web + + votre-domaine.com -> autre-domaine.net + vous-domaine.com/foo -> autre-domaine.net/bar + +### Redirection invisible (proxy) + +La barre d'adresse du visiteur restera la même. Principalement utilisé pour servir le serveur Web local pour une application personnelle. + + vous-domaine.com/foo -> http://172.0.0.1:8080/app + +**IMPORTANT :** le fichier `redirect.conf` devra peut-être être mis à jour en fonction de votre situation ! + +**AVERTISSEMENT :** De nombreuses applications ne prennent pas en charge la redirection vers un chemin différent en raison de liens relatifs ! Cela signifie que certaines applications hébergées par exemple sur http://127.0.0.1:5050/app/ DOIVENT être redirigées vers http://domain.tld/app/ et NON vers http://domain.tld/someotherapp/ + +*Exemple concret :* le conteneur Odoo Docker fonctionne sur http://127.0.0.1:8069/. Vous ne pourrez pas le rediriger vers http://domain.tld/odoo/ ! Il faut le rediriger vers la racine, donc par exemple http://odoo.domain.tld/ + +## Redirection publique ou privée + +En cas de redirection privée, l'application sera disponible uniquement pour les utilisateurs connectés. Cela peut être utile si vous souhaitez protéger derrière le SSO une application de votre réseau local ou du serveur (par exemple, un conteneur Docker ou une application qui n'a pas de gestion des utilisateurs ou de protection par mot de passe). + +**IMPORTANT :** Assurez-vous que l'application que vous souhaitez protéger NE PEUT PAS être accessible via son port ou un autre lien direct. Sinon, votre application ne sera protégée que dans YunoHost mais sera toujours disponible via son lien direct. Dans le cas d'un conteneur Docker, le port du conteneur devra être local (par exemple, -p 127.0.0.1:9000:9000). + +## Exemples de cas + +- **Création d'une tuile pour un conteneur Docker** avec un port local (par exemple, -p 127.0.0.1:PORT:PORT) : redirection proxy vers http://127.0.0.1:PORT-OF-THE-CONTAINER/ + +- **Redirection vers un site externe** : redirection visible vers l'URL + +- [CozyCloud derrière YunoHost ?](https://forum.cozy.io/t/cozy-cloud-sous-yunohost/616/11) + +- **Créer une vignette et protéger les applications difficiles à packager nativement (ou pour le prototypage)** + + +**_N'hésitez pas à [partager vos exemples de cas et vos fichiers Nginx personnalisés sur le forum](https://forum.yunohost.org/t/2182)._** + +## Crédits + +Inspiré du travail de [scith](https://github.com/scith). diff --git a/manifest.json b/manifest.json index 23ecefe..67113cb 100644 --- a/manifest.json +++ b/manifest.json @@ -3,7 +3,7 @@ "id": "redirect", "packaging_format": 1, "description": { - "en": "Create a redirection or a proxy to another path.", + "en": "Create a redirection or a proxy to another path", "fr": "Créer une redirection ou un proxy vers un autre emplacement" }, "version": "1.0.0~ynh5", @@ -55,10 +55,10 @@ "fr": "Type de redirection" }, "choices": { - "public_302" : "Visible redirect (302, temporary). Everybody will be able to access it.", - "public_301" : "Visible redirect (301, permanent). Everybody will be able to access it.", - "public_proxy": "Proxy, invisible (nginx proxy_pass). Everybody will be able to access it.", - "private_proxy": "Proxy, invisible (nginx proxy_pass). Only accessible for allowed users." + "public_302": "Visible redirect (302, temporary). Everybody will be able to access it.", + "public_301": "Visible redirect (301, permanent). Everybody will be able to access it.", + "public_proxy": "Proxy, invisible (NGINX proxy_pass). Everybody will be able to access it.", + "private_proxy": "Proxy, invisible (NGINX proxy_pass). Only accessible for allowed users." }, "default": "public_302" } diff --git a/scripts/backup b/scripts/backup index cc3bbed..01b1bbe 100644 --- a/scripts/backup +++ b/scripts/backup @@ -22,7 +22,7 @@ ynh_print_info --message="Loading installation settings..." # Retrieve arguments app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) +domain=$(ynh_app_setting_get --app=$app --key=domain) #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/restore b/scripts/restore index c333112..1cade86 100644 --- a/scripts/restore +++ b/scripts/restore @@ -21,10 +21,10 @@ ynh_abort_if_errors # Retrieve arguments app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get "$app" domain) -path_url=$(ynh_app_setting_get "$app" path) -redirect_type=$(ynh_app_setting_get "$app" redirect_type) -redirect_path=$(ynh_app_setting_get "$app" redirect_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type) +redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path) # Validate redirect path url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' @@ -41,10 +41,6 @@ ynh_restore_file "$NGINX_CONF" # SETUP SSOWAT #================================================= -if [[ "$is_public" -eq 0 ]] -then # Remove the public access - ynh_app_setting_delete "$app" skipped_uris -fi # Make app public if necessary if [ "$redirect_type" != "private_proxy" ] then diff --git a/scripts/upgrade b/scripts/upgrade index 7b9df56..92e31c0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -15,10 +15,10 @@ source /usr/share/yunohost/helpers # Retrieve arguments app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get "$app" domain) -path_url=$(ynh_app_setting_get "$app" path) -redirect_type=$(ynh_app_setting_get "$app" redirect_type) -redirect_path=$(ynh_app_setting_get "$app" redirect_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type) +redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path) #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -43,7 +43,7 @@ then fi if [ "$is_public" = "0" ] && [ "$redirect_type" != "proxy" ]; then - echo "WARNING: You previously had a 'supposedly' private 301 or 302 redirection ... but it was found that it was public all along and it is not easy to create such a private redirection. Your 301 or 302 redirection will be re-flagged as public..." >&2 + echo "WARNING: You previously had a 'supposedly' private 301 or 302 redirection... but it was found that it was public all along and it is not easy to create such a private redirection. Your 301 or 302 redirection will be re-flagged as public..." >&2 is_public=1 fi From a3b119cfbc4c5d5c68a8e02334932f4764f16a68 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Sun, 22 Aug 2021 06:58:24 +0000 Subject: [PATCH 10/13] Auto-update README --- README.md | 4 ++-- README_fr.md | 50 +++++++++++++++++++++++++------------------------- 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 1bfe75e..fdea74a 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview -Create a redirection or a proxy to another path. +Create a redirection or a proxy to another path **Shipped version:** 1.0.0~ynh5 @@ -27,7 +27,7 @@ Create a redirection or a proxy to another path. It could be an invisible redirect, an external link, another app on your local network, a reverse proxy to an app or a Docker container... Some apps can be even be protected behind your panel (meaning that you will have to log-in to access them). The only limit is your imagination - and NGINX ;). -This app only adds a Nginx configuration file with `redirect` or `proxy_pass` rule, and a YunoHost tile. Nothing more. +This app only adds a NGINX configuration file with `redirect` or `proxy_pass` rule, and a YunoHost tile. Nothing more. ## Redirect type diff --git a/README_fr.md b/README_fr.md index 9bf3438..876062f 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,55 +19,55 @@ Créer une redirection ou un proxy vers un autre emplacement ## Avertissements / informations importantes -**Add a link on your user panel redirecting to another page or app, which can be protected behind your panel for some**. +**Ajoutez un lien sur votre panneau d'utilisateur redirigeant vers une autre page ou application, qui peut être protégée derrière votre panneau pour certains**. -It could be an invisible redirect, an external link, another app on your local network, a reverse proxy to an app or a Docker container... Some apps can be even be protected behind your panel (meaning that you will have to log-in to access them). The only limit is your imagination - and NGINX ;). +Il peut s'agir d'une redirection invisible, d'un lien externe, d'une autre application sur votre réseau local, d'un reverse proxy vers une application ou un conteneur Docker... Certaines applications peuvent même être protégées derrière votre panneau (ce qui signifie que vous devrez vous connecter- pour y accéder). La seule limite est votre imagination - et NGINX ;). -This app only adds a Nginx configuration file with `redirect` or `proxy_pass` rule, and a YunoHost tile. Nothing more. +Cette application ajoute uniquement un fichier de configuration NGINX avec la règle `redirect` ou `proxy_pass` et une tuile YunoHost. Rien de plus. -## Redirect type +## Type de redirection -### Visible redirect +### Redirection visible -Visitor's address bar will change. Helpfull to add a user link to another website +La barre d'adresse du visiteur va changer. Utile pour ajouter un lien utilisateur vers un autre site Web - you-domain.com -> another-domain.net - you-domain.com/foo -> another-domain.net/bar + votre-domaine.com -> autre-domaine.net + vous-domaine.com/foo -> autre-domaine.net/bar -### Invisible (proxy) redirect +### Redirection invisible (proxy) -Visitor's address bar will remain the same. Mostly use to serve local webserver for a personnal application. +La barre d'adresse du visiteur restera la même. Principalement utilisé pour servir le serveur Web local pour une application personnelle. - you-domain.com/foo -> http://172.0.0.1:8080/app + vous-domaine.com/foo -> http://172.0.0.1:8080/app -**IMPORTANT:** the `redirect.conf` file might need to be updated according to your situation! +**IMPORTANT :** le fichier `redirect.conf` devra peut-être être mis à jour en fonction de votre situation ! -**WARNING:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ HAVE TO be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/ +**AVERTISSEMENT :** De nombreuses applications ne prennent pas en charge la redirection vers un chemin différent en raison de liens relatifs ! Cela signifie que certaines applications hébergées par exemple sur http://127.0.0.1:5050/app/ DOIVENT être redirigées vers http://domain.tld/app/ et NON vers http://domain.tld/someotherapp/ -*Concrete example:* the Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/ +*Exemple concret :* le conteneur Odoo Docker fonctionne sur http://127.0.0.1:8069/. Vous ne pourrez pas le rediriger vers http://domain.tld/odoo/ ! Il faut le rediriger vers la racine, donc par exemple http://odoo.domain.tld/ -## Public or private redirect +## Redirection publique ou privée -In case of a private redirect, the app will be available to logged in users only. This could be useful if you want to protect behind the SSO an app from your local network or from the server (e.g., a Docker container or an app that does not have user management or password protection). +En cas de redirection privée, l'application sera disponible uniquement pour les utilisateurs connectés. Cela peut être utile si vous souhaitez protéger derrière le SSO une application de votre réseau local ou du serveur (par exemple, un conteneur Docker ou une application qui n'a pas de gestion des utilisateurs ou de protection par mot de passe). -**IMPORTANT:** Make sure that the app you want to protect CANNOT be accessed by its port or another direct link. Otherwise, your app will only be protected in YunoHost but would still be available through its direct link. In the case of a Docker container, the port of the container will have to be local (e.g., -p 127.0.0.1:9000:9000). +**IMPORTANT :** Assurez-vous que l'application que vous souhaitez protéger NE PEUT PAS être accessible via son port ou un autre lien direct. Sinon, votre application ne sera protégée que dans YunoHost mais sera toujours disponible via son lien direct. Dans le cas d'un conteneur Docker, le port du conteneur devra être local (par exemple, -p 127.0.0.1:9000:9000). -## Case examples +## Exemples de cas -- **Creating a tile for a Docker container** with a local port (e.g., -p 127.0.0.1:PORT:PORT): proxy redirect to http://127.0.0.1:PORT-OF-THE-CONTAINER/ +- **Création d'une tuile pour un conteneur Docker** avec un port local (par exemple, -p 127.0.0.1:PORT:PORT) : redirection proxy vers http://127.0.0.1:PORT-OF-THE-CONTAINER/ -- **Redirecting to an external website**: visible redirect to the URL +- **Redirection vers un site externe** : redirection visible vers l'URL -- [CozyCloud behind YunoHost?](https://forum.cozy.io/t/cozy-cloud-sous-yunohost/616/11) +- [CozyCloud derrière YunoHost ?](https://forum.cozy.io/t/cozy-cloud-sous-yunohost/616/11) -- **Creating a tile and protecting apps that are difficult to package natively (or for prototyping)** +- **Créer une vignette et protéger les applications difficiles à packager nativement (ou pour le prototypage)** -**_Feel free to [share your case examples and customized Nginx files on the forum](https://forum.yunohost.org/t/2182)._** +**_N'hésitez pas à [partager vos exemples de cas et vos fichiers Nginx personnalisés sur le forum](https://forum.yunohost.org/t/2182)._** -## Credits +## Crédits -Insprired by [scith](https://github.com/scith) work. +Inspiré du travail de [scith](https://github.com/scith). ## Documentations et ressources From 9301da5ebc792fa8e1290c5570a9ccc91c019b89 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sun, 22 Aug 2021 09:01:11 +0200 Subject: [PATCH 11/13] Update upgrade --- scripts/upgrade | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 92e31c0..20cc495 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -65,6 +65,13 @@ then ynh_app_setting_set $app 'is_public' fi +# Migrate legacy permissions to new system +if ynh_legacy_permissions_exists +then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP From e466a90fc577504b047b617a56d98b9da345a1ec Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 29 Aug 2021 17:25:07 +0200 Subject: [PATCH 12/13] Rewite DISCLAIMER, split into DISCLAIMER + DESCRIPTION --- doc/DESCRIPTION.md | 5 +++++ doc/DESCRIPTION_fr.md | 5 +++++ doc/DISCLAIMER.md | 47 +++++++---------------------------------- doc/DISCLAIMER_fr.md | 49 ++++++++----------------------------------- 4 files changed, 27 insertions(+), 79 deletions(-) create mode 100644 doc/DESCRIPTION.md create mode 100644 doc/DESCRIPTION_fr.md diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..4f42f68 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1,5 @@ +This application allows to integrate a custom tile in YunoHost's user portal. Typical use cases include: +- **visible 301/302 redirect** : having a "virtual" app tile that's just a redirection to another url or external website +- **invisible redirect / reverse-proxy** : creating an app tile for a local app listening on a specific port, or a Docker container, or an app hosted on another machine + +In technical terms: this app only adds a NGINX configuration snippet with either `redirect` or `proxy_pass` rule, and a YunoHost tile + appropriate SSOwat configuration. diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md new file mode 100644 index 0000000..3727eb8 --- /dev/null +++ b/doc/DESCRIPTION_fr.md @@ -0,0 +1,5 @@ +Cette application permet d'intégrée une tuile personalisée dans le portail utilisateur de YunoHost. Les cas d'usage typiques sont: +- **redirection 301/302 visible** : avoir une tuile d'app "virtuelle" qui se contente de rediriger vers une autre url ou un site externe +- **redirection invisible / reverse-proxy** : créer une tuile pour une application locale écoutant sur un port précis, ou bien un conteneur Docker, ou encore une app hébergée sur une autre machine + +En terme technique: cette app se contente de rajouter le morceau de configuration NGINX approprié avec soit `redirect` ou `proxy_pass`, et la tuile YunoHost + configuration SSOwat correspondante. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 641ec82..446e514 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -1,49 +1,18 @@ -**Add a link on your user panel redirecting to another page or app, which can be protected behind your panel for some**. - -It could be an invisible redirect, an external link, another app on your local network, a reverse proxy to an app or a Docker container... Some apps can be even be protected behind your panel (meaning that you will have to log-in to access them). The only limit is your imagination - and NGINX ;). - -This app only adds a NGINX configuration file with `redirect` or `proxy_pass` rule, and a YunoHost tile. Nothing more. - ## Redirect type ### Visible redirect -Visitor's address bar will change. Helpfull to add a user link to another website +The client will be redirected to another url or external website - you-domain.com -> another-domain.net - you-domain.com/foo -> another-domain.net/bar +- `your-domain.com -> another-domain.net` +- `your-domain.com/foo -> another-domain.net/bar` -### Invisible (proxy) redirect +### Invisible redirect (a.k.a "reverse-proxy") -Visitor's address bar will remain the same. Mostly use to serve local webserver for a personnal application. +Visitor's address bar will remain the same. Typically used to integrate into YunoHost a manually-installed app into the portal. - you-domain.com/foo -> http://172.0.0.1:8080/app +- `you-domain.com/foo -> http://172.0.0.1:8080/app` -**IMPORTANT:** the `redirect.conf` file might need to be updated according to your situation! +**IMPORTANT:** you may have to further tweak the `redirect.conf` in the nginx configuration, depending on your needs! -**WARNING:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ HAVE TO be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/ - -*Concrete example:* the Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/ - -## Public or private redirect - -In case of a private redirect, the app will be available to logged in users only. This could be useful if you want to protect behind the SSO an app from your local network or from the server (e.g., a Docker container or an app that does not have user management or password protection). - -**IMPORTANT:** Make sure that the app you want to protect CANNOT be accessed by its port or another direct link. Otherwise, your app will only be protected in YunoHost but would still be available through its direct link. In the case of a Docker container, the port of the container will have to be local (e.g., -p 127.0.0.1:9000:9000). - -## Case examples - -- **Creating a tile for a Docker container** with a local port (e.g., -p 127.0.0.1:PORT:PORT): proxy redirect to http://127.0.0.1:PORT-OF-THE-CONTAINER/ - -- **Redirecting to an external website**: visible redirect to the URL - -- [CozyCloud behind YunoHost?](https://forum.cozy.io/t/cozy-cloud-sous-yunohost/616/11) - -- **Creating a tile and protecting apps that are difficult to package natively (or for prototyping)** - - -**_Feel free to [share your case examples and customized Nginx files on the forum](https://forum.yunohost.org/t/2182)._** - -## Credits - -Insprired by [scith](https://github.com/scith) work. +**IMPORTANT:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ MUST be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/. For example : an Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/ diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index 722058c..e7c511f 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -1,49 +1,18 @@ -**Ajoutez un lien sur votre panneau d'utilisateur redirigeant vers une autre page ou application, qui peut être protégée derrière votre panneau pour certains**. - -Il peut s'agir d'une redirection invisible, d'un lien externe, d'une autre application sur votre réseau local, d'un reverse proxy vers une application ou un conteneur Docker... Certaines applications peuvent même être protégées derrière votre panneau (ce qui signifie que vous devrez vous connecter- pour y accéder). La seule limite est votre imagination - et NGINX ;). - -Cette application ajoute uniquement un fichier de configuration NGINX avec la règle `redirect` ou `proxy_pass` et une tuile YunoHost. Rien de plus. - -## Type de redirection +## Types de redirection ### Redirection visible -La barre d'adresse du visiteur va changer. Utile pour ajouter un lien utilisateur vers un autre site Web +Le client sera redirigé vers une autre URL ou site externe - votre-domaine.com -> autre-domaine.net - vous-domaine.com/foo -> autre-domaine.net/bar +- `votre-domaine.com -> un-autre-domaine.net` +- `votre-domaine.com/foo -> un-autre-domaine.net/bar` -### Redirection invisible (proxy) +### Redirection invisible (a.k.a "reverse-proxy") -La barre d'adresse du visiteur restera la même. Principalement utilisé pour servir le serveur Web local pour une application personnelle. +L'adresse du client restera inchangé dans le navigateur. Typiquement utilisé pour intéger dans YunoHost une application installée manuellement. - vous-domaine.com/foo -> http://172.0.0.1:8080/app +- `you-domain.com/foo -> http://172.0.0.1:8080/app` -**IMPORTANT :** le fichier `redirect.conf` devra peut-être être mis à jour en fonction de votre situation ! +**IMPORTANT:** il vous faudra peut-être bricoler manuellement `redirect.conf` dans la configuration nginx, en fonction de vos besoins. -**AVERTISSEMENT :** De nombreuses applications ne prennent pas en charge la redirection vers un chemin différent en raison de liens relatifs ! Cela signifie que certaines applications hébergées par exemple sur http://127.0.0.1:5050/app/ DOIVENT être redirigées vers http://domain.tld/app/ et NON vers http://domain.tld/someotherapp/ - -*Exemple concret :* le conteneur Odoo Docker fonctionne sur http://127.0.0.1:8069/. Vous ne pourrez pas le rediriger vers http://domain.tld/odoo/ ! Il faut le rediriger vers la racine, donc par exemple http://odoo.domain.tld/ - -## Redirection publique ou privée - -En cas de redirection privée, l'application sera disponible uniquement pour les utilisateurs connectés. Cela peut être utile si vous souhaitez protéger derrière le SSO une application de votre réseau local ou du serveur (par exemple, un conteneur Docker ou une application qui n'a pas de gestion des utilisateurs ou de protection par mot de passe). - -**IMPORTANT :** Assurez-vous que l'application que vous souhaitez protéger NE PEUT PAS être accessible via son port ou un autre lien direct. Sinon, votre application ne sera protégée que dans YunoHost mais sera toujours disponible via son lien direct. Dans le cas d'un conteneur Docker, le port du conteneur devra être local (par exemple, -p 127.0.0.1:9000:9000). - -## Exemples de cas - -- **Création d'une tuile pour un conteneur Docker** avec un port local (par exemple, -p 127.0.0.1:PORT:PORT) : redirection proxy vers http://127.0.0.1:PORT-OF-THE-CONTAINER/ - -- **Redirection vers un site externe** : redirection visible vers l'URL - -- [CozyCloud derrière YunoHost ?](https://forum.cozy.io/t/cozy-cloud-sous-yunohost/616/11) - -- **Créer une vignette et protéger les applications difficiles à packager nativement (ou pour le prototypage)** - - -**_N'hésitez pas à [partager vos exemples de cas et vos fichiers Nginx personnalisés sur le forum](https://forum.yunohost.org/t/2182)._** - -## Crédits - -Inspiré du travail de [scith](https://github.com/scith). +**IMPORTANT:** Certaines apps ne supportent pas d'être redirigées depuis un chemin différent à cause du fonctionnement des liens relatifs ... Cela signifie que par exemple une app hébergée sur `http://127.0.0.1:5050/app/` DOIT être routé sur `http://domaine.tld/app/` et PAS http://domaine.tld/unautrechemin/. Par exemple: un conteneur Docker Odoo tourne sur `http://127.0.0.1:8069/`. Il ne sera pas capable de fonctionné correctement si il est routé sur `http://domaine.tld/odoo/` ! Il faut forcément l'installer à la racine d'un domaine, par exemple `http://odoo.domaine.tld/` From 28970db89bd6471729a66689f515568288b0a3f4 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Sun, 29 Aug 2021 15:25:38 +0000 Subject: [PATCH 13/13] Auto-update README --- README.md | 54 +++++++++++++------------------------------------- README_fr.md | 56 ++++++++++++++-------------------------------------- 2 files changed, 29 insertions(+), 81 deletions(-) diff --git a/README.md b/README.md index fdea74a..7cc8234 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,12 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview -Create a redirection or a proxy to another path +This application allows to integrate a custom tile in YunoHost's user portal. Typical use cases include: +- **visible 301/302 redirect** : having a "virtual" app tile that's just a redirection to another url or external website +- **invisible redirect / reverse-proxy** : creating an app tile for a local app listening on a specific port, or a Docker container, or an app hosted on another machine + +In technical terms: this app only adds a NGINX configuration snippet with either `redirect` or `proxy_pass` rule, and a YunoHost tile + appropriate SSOwat configuration. + **Shipped version:** 1.0.0~ynh5 @@ -23,55 +28,24 @@ Create a redirection or a proxy to another path ## Disclaimers / important information -**Add a link on your user panel redirecting to another page or app, which can be protected behind your panel for some**. - -It could be an invisible redirect, an external link, another app on your local network, a reverse proxy to an app or a Docker container... Some apps can be even be protected behind your panel (meaning that you will have to log-in to access them). The only limit is your imagination - and NGINX ;). - -This app only adds a NGINX configuration file with `redirect` or `proxy_pass` rule, and a YunoHost tile. Nothing more. - ## Redirect type ### Visible redirect -Visitor's address bar will change. Helpfull to add a user link to another website +The client will be redirected to another url or external website - you-domain.com -> another-domain.net - you-domain.com/foo -> another-domain.net/bar +- `your-domain.com -> another-domain.net` +- `your-domain.com/foo -> another-domain.net/bar` -### Invisible (proxy) redirect +### Invisible redirect (a.k.a "reverse-proxy") -Visitor's address bar will remain the same. Mostly use to serve local webserver for a personnal application. +Visitor's address bar will remain the same. Typically used to integrate into YunoHost a manually-installed app into the portal. - you-domain.com/foo -> http://172.0.0.1:8080/app +- `you-domain.com/foo -> http://172.0.0.1:8080/app` -**IMPORTANT:** the `redirect.conf` file might need to be updated according to your situation! +**IMPORTANT:** you may have to further tweak the `redirect.conf` in the nginx configuration, depending on your needs! -**WARNING:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ HAVE TO be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/ - -*Concrete example:* the Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/ - -## Public or private redirect - -In case of a private redirect, the app will be available to logged in users only. This could be useful if you want to protect behind the SSO an app from your local network or from the server (e.g., a Docker container or an app that does not have user management or password protection). - -**IMPORTANT:** Make sure that the app you want to protect CANNOT be accessed by its port or another direct link. Otherwise, your app will only be protected in YunoHost but would still be available through its direct link. In the case of a Docker container, the port of the container will have to be local (e.g., -p 127.0.0.1:9000:9000). - -## Case examples - -- **Creating a tile for a Docker container** with a local port (e.g., -p 127.0.0.1:PORT:PORT): proxy redirect to http://127.0.0.1:PORT-OF-THE-CONTAINER/ - -- **Redirecting to an external website**: visible redirect to the URL - -- [CozyCloud behind YunoHost?](https://forum.cozy.io/t/cozy-cloud-sous-yunohost/616/11) - -- **Creating a tile and protecting apps that are difficult to package natively (or for prototyping)** - - -**_Feel free to [share your case examples and customized Nginx files on the forum](https://forum.yunohost.org/t/2182)._** - -## Credits - -Insprired by [scith](https://github.com/scith) work. +**IMPORTANT:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ MUST be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/. For example : an Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/ ## Documentation and resources diff --git a/README_fr.md b/README_fr.md index 876062f..6d62bc8 100644 --- a/README_fr.md +++ b/README_fr.md @@ -11,7 +11,12 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour ## Vue d'ensemble -Créer une redirection ou un proxy vers un autre emplacement +Cette application permet d'intégrée une tuile personalisée dans le portail utilisateur de YunoHost. Les cas d'usage typiques sont: +- **redirection 301/302 visible** : avoir une tuile d'app "virtuelle" qui se contente de rediriger vers une autre url ou un site externe +- **redirection invisible / reverse-proxy** : créer une tuile pour une application locale écoutant sur un port précis, ou bien un conteneur Docker, ou encore une app hébergée sur une autre machine + +En terme technique: cette app se contente de rajouter le morceau de configuration NGINX approprié avec soit `redirect` ou `proxy_pass`, et la tuile YunoHost + configuration SSOwat correspondante. + **Version incluse :** 1.0.0~ynh5 @@ -19,55 +24,24 @@ Créer une redirection ou un proxy vers un autre emplacement ## Avertissements / informations importantes -**Ajoutez un lien sur votre panneau d'utilisateur redirigeant vers une autre page ou application, qui peut être protégée derrière votre panneau pour certains**. - -Il peut s'agir d'une redirection invisible, d'un lien externe, d'une autre application sur votre réseau local, d'un reverse proxy vers une application ou un conteneur Docker... Certaines applications peuvent même être protégées derrière votre panneau (ce qui signifie que vous devrez vous connecter- pour y accéder). La seule limite est votre imagination - et NGINX ;). - -Cette application ajoute uniquement un fichier de configuration NGINX avec la règle `redirect` ou `proxy_pass` et une tuile YunoHost. Rien de plus. - -## Type de redirection +## Types de redirection ### Redirection visible -La barre d'adresse du visiteur va changer. Utile pour ajouter un lien utilisateur vers un autre site Web +Le client sera redirigé vers une autre URL ou site externe - votre-domaine.com -> autre-domaine.net - vous-domaine.com/foo -> autre-domaine.net/bar +- `votre-domaine.com -> un-autre-domaine.net` +- `votre-domaine.com/foo -> un-autre-domaine.net/bar` -### Redirection invisible (proxy) +### Redirection invisible (a.k.a "reverse-proxy") -La barre d'adresse du visiteur restera la même. Principalement utilisé pour servir le serveur Web local pour une application personnelle. +L'adresse du client restera inchangé dans le navigateur. Typiquement utilisé pour intéger dans YunoHost une application installée manuellement. - vous-domaine.com/foo -> http://172.0.0.1:8080/app +- `you-domain.com/foo -> http://172.0.0.1:8080/app` -**IMPORTANT :** le fichier `redirect.conf` devra peut-être être mis à jour en fonction de votre situation ! +**IMPORTANT:** il vous faudra peut-être bricoler manuellement `redirect.conf` dans la configuration nginx, en fonction de vos besoins. -**AVERTISSEMENT :** De nombreuses applications ne prennent pas en charge la redirection vers un chemin différent en raison de liens relatifs ! Cela signifie que certaines applications hébergées par exemple sur http://127.0.0.1:5050/app/ DOIVENT être redirigées vers http://domain.tld/app/ et NON vers http://domain.tld/someotherapp/ - -*Exemple concret :* le conteneur Odoo Docker fonctionne sur http://127.0.0.1:8069/. Vous ne pourrez pas le rediriger vers http://domain.tld/odoo/ ! Il faut le rediriger vers la racine, donc par exemple http://odoo.domain.tld/ - -## Redirection publique ou privée - -En cas de redirection privée, l'application sera disponible uniquement pour les utilisateurs connectés. Cela peut être utile si vous souhaitez protéger derrière le SSO une application de votre réseau local ou du serveur (par exemple, un conteneur Docker ou une application qui n'a pas de gestion des utilisateurs ou de protection par mot de passe). - -**IMPORTANT :** Assurez-vous que l'application que vous souhaitez protéger NE PEUT PAS être accessible via son port ou un autre lien direct. Sinon, votre application ne sera protégée que dans YunoHost mais sera toujours disponible via son lien direct. Dans le cas d'un conteneur Docker, le port du conteneur devra être local (par exemple, -p 127.0.0.1:9000:9000). - -## Exemples de cas - -- **Création d'une tuile pour un conteneur Docker** avec un port local (par exemple, -p 127.0.0.1:PORT:PORT) : redirection proxy vers http://127.0.0.1:PORT-OF-THE-CONTAINER/ - -- **Redirection vers un site externe** : redirection visible vers l'URL - -- [CozyCloud derrière YunoHost ?](https://forum.cozy.io/t/cozy-cloud-sous-yunohost/616/11) - -- **Créer une vignette et protéger les applications difficiles à packager nativement (ou pour le prototypage)** - - -**_N'hésitez pas à [partager vos exemples de cas et vos fichiers Nginx personnalisés sur le forum](https://forum.yunohost.org/t/2182)._** - -## Crédits - -Inspiré du travail de [scith](https://github.com/scith). +**IMPORTANT:** Certaines apps ne supportent pas d'être redirigées depuis un chemin différent à cause du fonctionnement des liens relatifs ... Cela signifie que par exemple une app hébergée sur `http://127.0.0.1:5050/app/` DOIT être routé sur `http://domaine.tld/app/` et PAS http://domaine.tld/unautrechemin/. Par exemple: un conteneur Docker Odoo tourne sur `http://127.0.0.1:8069/`. Il ne sera pas capable de fonctionné correctement si il est routé sur `http://domaine.tld/odoo/` ! Il faut forcément l'installer à la racine d'un domaine, par exemple `http://odoo.domaine.tld/` ## Documentations et ressources