diff --git a/README.md b/README.md index 8f50410..e813f34 100644 --- a/README.md +++ b/README.md @@ -23,31 +23,10 @@ This application allows to integrate a custom tile in YunoHost's user portal. Ty In technical terms: this app only adds a NGINX configuration snippet with either `redirect` or `proxy_pass` rule, and a YunoHost tile + appropriate SSOwat configuration. -**Shipped version:** 1.0.2~ynh2 -## Disclaimers / important information - -## Redirect type - -### Visible redirect - -The client will be redirected to another url or external website - -- `your-domain.com -> another-domain.net` -- `your-domain.com/foo -> another-domain.net/bar` - -### Invisible redirect (a.k.a "reverse-proxy") - -Visitor's address bar will remain the same. Typically used to integrate into YunoHost a manually-installed app into the portal. - -- `you-domain.com/foo -> http://172.0.0.1:8080/app` - -**IMPORTANT:** you may have to further tweak the `redirect.conf` in the nginx configuration, depending on your needs! - -**IMPORTANT:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ MUST be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/. For example : an Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/ - +**Shipped version:** 2.0~ynh1 ## Documentation and resources -* Upstream app code repository: +* Official app website: * YunoHost Store: * Report a bug: diff --git a/README_fr.md b/README_fr.md index 1e63929..f333130 100644 --- a/README_fr.md +++ b/README_fr.md @@ -23,31 +23,10 @@ Cette application permet d'intégrée une tuile personalisée dans le portail ut En terme technique: cette app se contente de rajouter le morceau de configuration NGINX approprié avec soit `redirect` ou `proxy_pass`, et la tuile YunoHost + configuration SSOwat correspondante. -**Version incluse :** 1.0.2~ynh2 -## Avertissements / informations importantes - -## Types de redirection - -### Redirection visible - -Le client sera redirigé vers une autre URL ou site externe - -- `votre-domaine.com -> un-autre-domaine.net` -- `votre-domaine.com/foo -> un-autre-domaine.net/bar` - -### Redirection invisible (a.k.a "reverse-proxy") - -L'adresse du client restera inchangé dans le navigateur. Typiquement utilisé pour intéger dans YunoHost une application installée manuellement. - -- `you-domain.com/foo -> http://172.0.0.1:8080/app` - -**IMPORTANT:** il vous faudra peut-être bricoler manuellement `redirect.conf` dans la configuration nginx, en fonction de vos besoins. - -**IMPORTANT:** Certaines apps ne supportent pas d'être redirigées depuis un chemin différent à cause du fonctionnement des liens relatifs ... Cela signifie que par exemple une app hébergée sur `http://127.0.0.1:5050/app/` DOIT être routé sur `http://domaine.tld/app/` et PAS http://domaine.tld/unautrechemin/. Par exemple: un conteneur Docker Odoo tourne sur `http://127.0.0.1:8069/`. Il ne sera pas capable de fonctionné correctement si il est routé sur `http://domaine.tld/odoo/` ! Il faut forcément l'installer à la racine d'un domaine, par exemple `http://odoo.domaine.tld/` - +**Version incluse :** 2.0~ynh1 ## Documentations et ressources -* Dépôt de code officiel de l’app : +* Site officiel de l’app : * YunoHost Store: * Signaler un bug : diff --git a/check_process b/check_process deleted file mode 100644 index 7d507d0..0000000 --- a/check_process +++ /dev/null @@ -1,21 +0,0 @@ -;; Test complet - ; Manifest - domain="domain.tld" - path="/path" - redirect_type="public_302" - redirect_path="http://127.0.0.1" - ; Checks - pkg_linter=1 - setup_sub_dir=1 - setup_root=1 - setup_nourl=0 - setup_private=0 - setup_private=1 - setup_public=1 - upgrade=1 - backup_restore=1 - multi_instance=1 - change_url=0 -;;; Options -Email= -Notification=none diff --git a/conf/nginx-redirect.conf b/conf/nginx-redirect.conf new file mode 100644 index 0000000..731c42d --- /dev/null +++ b/conf/nginx-redirect.conf @@ -0,0 +1,3 @@ +location __PATH__ { + return 302 __TARGET__$request_uri; +} diff --git a/conf/nginx-proxy.conf b/conf/nginx-reverseproxy.conf similarity index 83% rename from conf/nginx-proxy.conf rename to conf/nginx-reverseproxy.conf index 6d3a1ee..604d91e 100644 --- a/conf/nginx-proxy.conf +++ b/conf/nginx-reverseproxy.conf @@ -1,5 +1,7 @@ -location YNH_LOCATION { - proxy_pass YNH_REDIRECT_PATH; +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { + + proxy_pass __TARGET__; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; diff --git a/conf/nginx-visible-301.conf b/conf/nginx-visible-301.conf deleted file mode 100644 index 2b3ffb6..0000000 --- a/conf/nginx-visible-301.conf +++ /dev/null @@ -1,3 +0,0 @@ -location YNH_LOCATION { - return 301 YNH_REDIRECT_PATH$request_uri; -} diff --git a/conf/nginx-visible-302.conf b/conf/nginx-visible-302.conf deleted file mode 100644 index e1ffc66..0000000 --- a/conf/nginx-visible-302.conf +++ /dev/null @@ -1,3 +0,0 @@ -location YNH_LOCATION { - return 302 YNH_REDIRECT_PATH$request_uri; -} diff --git a/doc/ADMIN.md b/doc/ADMIN.md new file mode 100644 index 0000000..ecce686 --- /dev/null +++ b/doc/ADMIN.md @@ -0,0 +1 @@ +The nginx configuration can be further tweaked in `/etc/nginx/conf.d/__DOMAIN__.d/__APP__.conf` diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md new file mode 100644 index 0000000..c71e4dc --- /dev/null +++ b/doc/ADMIN_fr.md @@ -0,0 +1 @@ +La configuration nginx peut être trouvée dans `/etc/nginx/conf.d/__DOMAIN__.d/__APP__.conf` diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index 446e514..0000000 --- a/doc/DISCLAIMER.md +++ /dev/null @@ -1,18 +0,0 @@ -## Redirect type - -### Visible redirect - -The client will be redirected to another url or external website - -- `your-domain.com -> another-domain.net` -- `your-domain.com/foo -> another-domain.net/bar` - -### Invisible redirect (a.k.a "reverse-proxy") - -Visitor's address bar will remain the same. Typically used to integrate into YunoHost a manually-installed app into the portal. - -- `you-domain.com/foo -> http://172.0.0.1:8080/app` - -**IMPORTANT:** you may have to further tweak the `redirect.conf` in the nginx configuration, depending on your needs! - -**IMPORTANT:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ MUST be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/. For example : an Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/ diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md deleted file mode 100644 index e7c511f..0000000 --- a/doc/DISCLAIMER_fr.md +++ /dev/null @@ -1,18 +0,0 @@ -## Types de redirection - -### Redirection visible - -Le client sera redirigé vers une autre URL ou site externe - -- `votre-domaine.com -> un-autre-domaine.net` -- `votre-domaine.com/foo -> un-autre-domaine.net/bar` - -### Redirection invisible (a.k.a "reverse-proxy") - -L'adresse du client restera inchangé dans le navigateur. Typiquement utilisé pour intéger dans YunoHost une application installée manuellement. - -- `you-domain.com/foo -> http://172.0.0.1:8080/app` - -**IMPORTANT:** il vous faudra peut-être bricoler manuellement `redirect.conf` dans la configuration nginx, en fonction de vos besoins. - -**IMPORTANT:** Certaines apps ne supportent pas d'être redirigées depuis un chemin différent à cause du fonctionnement des liens relatifs ... Cela signifie que par exemple une app hébergée sur `http://127.0.0.1:5050/app/` DOIT être routé sur `http://domaine.tld/app/` et PAS http://domaine.tld/unautrechemin/. Par exemple: un conteneur Docker Odoo tourne sur `http://127.0.0.1:8069/`. Il ne sera pas capable de fonctionné correctement si il est routé sur `http://domaine.tld/odoo/` ! Il faut forcément l'installer à la racine d'un domaine, par exemple `http://odoo.domaine.tld/` diff --git a/manifest.json b/manifest.json deleted file mode 100644 index e25fcc6..0000000 --- a/manifest.json +++ /dev/null @@ -1,67 +0,0 @@ -{ - "name": "Redirect", - "id": "redirect", - "packaging_format": 1, - "description": { - "en": "Create a redirection or a proxy to another path", - "fr": "Créer une redirection ou un proxy vers un autre emplacement" - }, - "version": "1.0.2~ynh2", - "license": "AGPL-3.0-or-later", - "url": "https://github.com/YunoHost-Apps/redirect_ynh", - "upstream": { - "license": "AGPL-3.0-or-later", - "code": "https://github.com/YunoHost-Apps/redirect_ynh" - }, - "maintainer": { - "name": "alexAubin", - "email": "alex.aubin@mailoo.org" - }, - "requirements": { - "yunohost": ">= 11.2" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install" : [ - { - "name": "domain", - "type": "domain", - "example": "domain.org" - }, - { - "name": "path", - "type": "path", - "example": "/redirect", - "default": "/redirect" - }, - { - "name": "redirect_path", - "type": "string", - "ask": { - "en": "Redirect destination path", - "fr": "Emplacement de destination" - }, - "example": "http://127.0.0.1:8080/app/", - "default": "http://127.0.0.1" - }, - { - "name": "redirect_type", - "type": "select", - "ask": { - "en": "Redirect type", - "fr": "Type de redirection" - }, - "choices": { - "public_302": "Visible redirect (302, temporary). Everybody will be able to access it.", - "public_301": "Visible redirect (301, permanent). Everybody will be able to access it.", - "public_proxy": "Proxy, invisible (NGINX proxy_pass). Everybody will be able to access it.", - "private_proxy": "Proxy, invisible (NGINX proxy_pass). Only accessible for allowed users." - }, - "default": "public_302" - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..34058f7 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,62 @@ +#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/manifest.v2.schema.json + +packaging_format = 2 + +id = "redirect" +name = "Redirect" +description.en = "Create a redirection or a proxy to another path" +description.fr = "Créer une redirection ou un proxy vers un autre emplacement" + +version = "2.0~ynh1" + +maintainers = [] + +[upstream] +license = "AGPL-3.0-or-later" +website = "https://en.wikipedia.org/wiki/Reverse_proxy" + +[integration] +yunohost = ">= 11.2" +architectures = "all" +multi_instance = true +ldap = "not_relevant" +sso = "not_relevant" +disk = "50M" +ram.build = "50M" +ram.runtime = "50M" + +[install] + [install.domain] + type = "domain" + + [install.path] + type = "path" + default = "/redirect" + help = "Be careful when using this app in reverse-proxy mode: the target may require to be installed at the root of a domain (or subdomain), meaning the path is just '/'!" + + [install.redirect_type] + ask.en = "Redirect type" + ask.fr = "Type de redirection" + type = "select" + choices.redirect = "Explicit redirection (HTTP 302). Redirect people to a different page." + choices.reverseproxy = "Reverse-proxy (nginx proxy_pass). Expose an app, typically something that you manually installed (with or without Docker) locally or an another machine." + default = "redirect" + + [install.target] + ask.en = "Target" + ask.fr = "Cible" + type = "url" + help = "This may be something like https://some.other.website (for explicit redirect) or http://127.0.0.1:1234 for reverse-proxies." + + [install.init_main_permission] + type = "group" + default = "visitors" + +[resources] + # Meh we gotta keep this otherwise migrations from the v1 era will fail + # because they assume a system user resource existed in v1 and will want to + # delete it if not present anymore in the manifest ... + [resources.system_user] + + [resources.permissions] + main.url = "/" diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..d271360 --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +URL_REGEX_VALID='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' +URL_REGEX_SECURE='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' + +_validate_redirect_uri() { + if [[ ! $target =~ $URL_REGEX_VALID ]]; then + ynh_die --message="Invalid destination: $target" 1 + fi + + # Avoid uncrypted remote destination with reverse proxy mode + # Indeed the SSO send the password in all requests in HTTP headers + if [[ "$redirect_type" = "reverseproxy" ]] && [[ ! $target =~ $URL_REGEX_SECURE ]]; then + ynh_die --message="For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $target" 1 + fi +} diff --git a/scripts/backup b/scripts/backup index 01b1bbe..942c232 100644 --- a/scripts/backup +++ b/scripts/backup @@ -8,28 +8,12 @@ source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -# Retrieve arguments -app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) - #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= # Copy the conf files -ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" +ynh_backup --src_path="/etc/nginx/conf.d/${domain}.d/${app}.conf" #================================================= # END OF SCRIPT diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..ce47a56 --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,26 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# MODIFY URL IN NGINX CONF +#================================================= +ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2 + +mv ../conf/{"nginx-$redirect_type.conf",nginx.conf} +ynh_change_url_nginx_config + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/install b/scripts/install index 77acee9..351e62d 100644 --- a/scripts/install +++ b/scripts/install @@ -6,85 +6,18 @@ # IMPORT GENERIC HELPERS #================================================= +source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -# Retrieve arguments -app=$YNH_APP_INSTANCE_NAME -domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -redirect_type=$YNH_APP_ARG_REDIRECT_TYPE -redirect_path=$YNH_APP_ARG_REDIRECT_PATH - -# Check domain/path availability -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - -# Validate redirect path -url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' -[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1 - -# Avoid uncrypted remote destination with reverse proxy mode -# Indeed the SSO send the password in all requests in HTTP headers -url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' -[[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \ -"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1 - -# Save extra settings -ynh_app_setting_set --app=$app --key=redirect_type --value=$redirect_type -ynh_app_setting_set --app=$app --key=redirect_path --value=$redirect_path +_validate_redirect_uri #================================================= # CONFIGURE NGINX #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=1 -# Nginx configuration -for FILE in $(ls ../conf/nginx-*.conf) -do - ynh_replace_string "YNH_LOCATION" "$path_url" $FILE -done -if [ "$redirect_type" = "public_302" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf - cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf -elif [ "$redirect_type" = "public_301" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf - cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf -elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf - cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf -fi - -#================================================= -# CONFIGURE SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=2 - -# Make app public if necessary -if [ "$redirect_type" != "private_proxy" ] -then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_permission_update --permission="main" --add="visitors" -fi - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload +mv ../conf/{"nginx-$redirect_type.conf",nginx.conf} +ynh_add_nginx_config #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 304eab7..5ea4099 100644 --- a/scripts/remove +++ b/scripts/remove @@ -8,28 +8,12 @@ source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -# Retrieve arguments -app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) - #================================================= # REMOVE NGINX CONFIGURATION #================================================= -# Remove configuration files -ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf - -#================================================= -# RELOAD NGINX AND PHP-FPM -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload +# Remove the dedicated NGINX config +ynh_remove_nginx_config #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index 1cade86..060d0d0 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,58 +1,11 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= +ynh_restore_file --origin_path="/etc/nginx/conf.d/${domain}.d/${app}.conf" -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= - -# Retrieve arguments -app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type) -redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path) - -# Validate redirect path -url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' -[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1 - -# Check configuration files -NGINX_CONF="/etc/nginx/conf.d/${domain}.d/${app}.conf" -[[ -f $NGINX_CONF ]] && ynh_die "The NGINX configuration already exists at '${NGINX_CONF}'. You should safely delete it before restoring this app." - -# Restore configuration files -ynh_restore_file "$NGINX_CONF" - -#================================================= -# SETUP SSOWAT -#================================================= - -# Make app public if necessary -if [ "$redirect_type" != "private_proxy" ] -then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_permission_update --permission="main" --add="visitors" -fi - -#================================================= -# RELOAD NGINX AND PHP-FPM -#================================================= ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 93caed4..3420a87 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,137 +1,31 @@ - #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - +source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= - -# Retrieve arguments -app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type) -redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path) - #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -# Fix is_public as a boolean value -# Default value for redirect_type if upgrading from https://github.com/scith/redirect_ynh -if [ -z "$redirect_type" ]; -then - redirect_type="proxy" - ynh_app_setting_set $app 'redirect_type' $redirect_type +if [[ "${redirect_type:-}" == *"proxy"* ]]; then + redirect_type="reverseproxy" +else + redirect_type="redirect" fi +ynh_app_setting_set --app=$app --key='redirect_type' --value=$redirect_type -# Migrate away from old stuff with 'is_public' and old redirect type names -is_public=$(ynh_app_setting_get "$app" is_public) -if [ -n "$is_public" ] -then - if [ "$is_public" = "Yes" ]; then - is_public=1 - elif [ "$is_public" = "No" ]; then - is_public=0 - fi - - if [ "$is_public" = "0" ] && [ "$redirect_type" != "proxy" ]; then - echo "WARNING: You previously had a 'supposedly' private 301 or 302 redirection... but it was found that it was public all along and it is not easy to create such a private redirection. Your 301 or 302 redirection will be re-flagged as public..." >&2 - is_public=1 - fi - - if [ "$redirect_type" == "proxy" ] && [ "$is_public" = "1" ] - then - redirect_type="public_proxy" - elif [ "$redirect_type" == "proxy" ] && [ "$is_public" = "0" ] - then - redirect_type="private_proxy" - elif [ "$redirect_type" == "visible_302" ] - then - redirect_type="public_302" - elif [ "$redirect_type" == "visible_301" ] - then - redirect_type="public_301" - fi - - ynh_app_setting_set $app 'redirect_type' $redirect_type +if [[ -z "${target:-}" ]] && [[ -n "${redirect_path:-}" ]]; then + target="$redirect_path" + ynh_app_setting_delete --app=$app --key=redirect_path + ynh_app_setting_set --app=$app --key=target --value="$target" fi -# Migrate legacy permissions to new system -if ynh_legacy_permissions_exists -then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -# Validate redirect path -url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' -[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1 - #================================================= # CONFIGURE NGINX #================================================= +ynh_script_progression --message="Configuring NGINX web server..." --weight=1 -# Nginx configuration -for FILE in $(ls ../conf/nginx-*.conf) -do - ynh_replace_string "YNH_LOCATION" "$path_url" $FILE -done -if [ "$redirect_type" = "public_302" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf - cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf -elif [ "$redirect_type" = "public_301" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf - cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf -elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf - cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf -fi - -#================================================= -# CONFIGURE SSOWAT -#================================================= - -# Make app public if necessary -if [ "$redirect_type" != "private_proxy" ] -then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_permission_update --permission="main" --add="visitors" -fi - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - -#================================================= -# END OF SCRIPT -#================================================= +mv ../conf/{nginx-$redirect_type.conf,nginx.conf} +ynh_add_nginx_config ynh_script_progression --message="Upgrade of $app completed" --last diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..c21a5f0 --- /dev/null +++ b/tests.toml @@ -0,0 +1,81 @@ +#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/tests.v1.schema.json + +test_format = 1.0 + +[default] + + args.redirect_type = "redirect" + args.target = "https://127.0.0.1" + + # Turns out 302 redirects cant be made private because they are interpreted before going through the sso ... + exclude = ["install.private"] + + [default.test_upgrade_from.09cf1c6b] + name = "v1 era" + args.domain = "domain.tld" + args.path = "/" + args.redirect_type = "visible_302" + args.redirect_path = "https://127.0.0.1" + args.is_public = true + +[reverseproxy] + + args.redirect_type = "reverseproxy" + args.target = "http://127.0.0.1:1234" + + exclude = ["install.private", "install.multi", "backup_restore", "change_url"] + + preinstall = """ + cat << EOF > /etc/systemd/system/whatever.service +[Unit] +Description=Whatever +After=network.target + +[Service] +WorkingDirectory=/redirect/ +ExecStart=python3 -m http.server -b 127.0.0.1 1234 +PrivateTmp=true + +[Install] +WantedBy=multi-user.target +EOF + + mkdir -p /redirect + mkdir -p /redirect/path + echo "helloworld" > /redirect/index.html + echo "helloworld" > /redirect/path/index.html + systemctl daemon-reload + systemctl enable whatever --now + true +""" + preupgrade = """ + cat << EOF > /etc/systemd/system/whatever.service +[Unit] +Description=Whatever +After=network.target + +[Service] +WorkingDirectory=/redirect/ +ExecStart=python3 -m http.server -b 127.0.0.1 1234 +PrivateTmp=true + +[Install] +WantedBy=multi-user.target +EOF + + mkdir -p /redirect + mkdir -p /redirect/path + echo "helloworld" > /redirect/index.html + echo "helloworld" > /redirect/path/index.html + systemctl daemon-reload + systemctl enable whatever --now + true +""" + + [reverseproxy.test_upgrade_from.09cf1c6b] + name = "v1 era" + args.domain = "domain.tld" + args.path = "/" + args.redirect_type = "proxy" + args.redirect_path = "http://127.0.0.1:1234" + args.is_public = true