From 3a06bf6c0be83aa9e430304ec80439296f9dd1ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 26 Sep 2023 21:24:14 +0200 Subject: [PATCH 01/24] v2 --- manifest.toml | 64 +++++++++++++++++++++++++++++++++++++++++++++++++ scripts/backup | 8 +++---- scripts/install | 26 ++++++++++---------- scripts/remove | 10 ++++---- scripts/restore | 14 +++++------ scripts/upgrade | 44 +++++++++++++++++----------------- 6 files changed, 115 insertions(+), 51 deletions(-) create mode 100644 manifest.toml diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..c1db00c --- /dev/null +++ b/manifest.toml @@ -0,0 +1,64 @@ +packaging_format = 2 + +id = "redirect" +name = "Redirect" +description.en = "Create a redirection or a proxy to another path" +description.fr = "Créer une redirection ou un proxy vers un autre emplacement" + +version = "1.0.2~ynh1" + +maintainers = ["alexAubin"] + +[upstream] +license = "AGPL-3.0-or-later" +code = "https://github.com/YunoHost-Apps/redirect_ynh" +website = "https://github.com/YunoHost-Apps/redirect_ynh" +cpe = "???" # FIXME: optional but recommended if relevant, this is meant to contain the Common Platform Enumeration, which is sort of a standard id for applications defined by the NIST. In particular, Yunohost may use this is in the future to easily track CVE (=security reports) related to apps. The CPE may be obtained by searching here: https://nvd.nist.gov/products/cpe/search. For example, for Nextcloud, the CPE is 'cpe:2.3:a:nextcloud:nextcloud' (no need to include the version number) +fund = "???" # FIXME: optional but recommended (or remove if irrelevant / not applicable). This is meant to be an URL where people can financially support this app, especially when its development is based on volunteers and/or financed by its community. YunoHost may later advertise it in the webadmin. + +[integration] +yunohost = ">= 4.2.0" +architectures = "all" # FIXME: can be replaced by a list of supported archs using the dpkg --print-architecture nomenclature (amd64/i386/armhf/arm64), for example: ["amd64", "i386"] +multi_instance = true +ldap = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "sso" key : the "ldap" key corresponds to wether or not a user *can* login on the app using its YunoHost credentials. +sso = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "ldap" key : the "sso" key corresponds to wether or not a user is *automatically logged-in* on the app when logged-in on the YunoHost portal. +disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... +ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... + +[install] + [install.domain] + # this is a generic question - ask strings are automatically handled by Yunohost's core + type = "domain" + + [install.path] + # this is a generic question - ask strings are automatically handled by Yunohost's core + type = "path" + default = "/redirect" + + [install.redirect_path] + ask.en = "Redirect destination path" + ask.fr = "Emplacement de destination" + type = "string" + example = "http://127.0.0.1:8080/app/" + default = "http://127.0.0.1" + + [install.redirect_type] + ask.en = "Redirect type" + ask.fr = "Type de redirection" + type = "string" + default = "public_302" + + [install.redirect_type.choices] +public_302 = "Visible redirect (302, temporary). Everybody will be able to access it." +public_301 = "Visible redirect (301, permanent). Everybody will be able to access it." +public_proxy = "Proxy, invisible (NGINX proxy_pass). Everybody will be able to access it." +private_proxy = "Proxy, invisible (NGINX proxy_pass). Only accessible for allowed users." + +[resources] + [resources.system_user] + + [resources.install_dir] + + [resources.permissions] + main.url = "/" diff --git a/scripts/backup b/scripts/backup index 01b1bbe..fe765d8 100644 --- a/scripts/backup +++ b/scripts/backup @@ -13,16 +13,16 @@ source /usr/share/yunohost/helpers #================================================= # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_print_info --message="Loading installation settings..." +#REMOVEME? ynh_print_info --message="Loading installation settings..." # Retrieve arguments -app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) +#REMOVEME? app=$YNH_APP_INSTANCE_NAME +#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/install b/scripts/install index 77acee9..6e8847e 100644 --- a/scripts/install +++ b/scripts/install @@ -13,21 +13,21 @@ source /usr/share/yunohost/helpers #================================================= # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= # Retrieve arguments -app=$YNH_APP_INSTANCE_NAME -domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -redirect_type=$YNH_APP_ARG_REDIRECT_TYPE -redirect_path=$YNH_APP_ARG_REDIRECT_PATH +#REMOVEME? app=$YNH_APP_INSTANCE_NAME +#REMOVEME? domain=$YNH_APP_ARG_DOMAIN +#REMOVEME? path=$YNH_APP_ARG_PATH +#REMOVEME? redirect_type=$YNH_APP_ARG_REDIRECT_TYPE +#REMOVEME? redirect_path=$YNH_APP_ARG_REDIRECT_PATH # Check domain/path availability -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url +#REMOVEME? ynh_webpath_register --app=$app --domain=$domain --path=$path # Validate redirect path url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' @@ -41,7 +41,7 @@ url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+) # Save extra settings ynh_app_setting_set --app=$app --key=redirect_type --value=$redirect_type -ynh_app_setting_set --app=$app --key=redirect_path --value=$redirect_path +#REMOVEME? ynh_app_setting_set --app=$app --key=redirect_path --value=$redirect_path #================================================= # CONFIGURE NGINX @@ -51,7 +51,7 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Nginx configuration for FILE in $(ls ../conf/nginx-*.conf) do - ynh_replace_string "YNH_LOCATION" "$path_url" $FILE + ynh_replace_string "YNH_LOCATION" "$path" $FILE done if [ "$redirect_type" = "public_302" ]; then @@ -70,21 +70,21 @@ fi #================================================= # CONFIGURE SSOWAT #================================================= -ynh_script_progression --message="Configuring permissions..." --weight=2 +#REMOVEME? ynh_script_progression --message="Configuring permissions..." --weight=2 # Make app public if necessary if [ "$redirect_type" != "private_proxy" ] then # unprotected_uris allows SSO credentials to be passed anyway. - ynh_permission_update --permission="main" --add="visitors" +#REMOVEME? ynh_permission_update --permission="main" --add="visitors" fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1 -ynh_systemd_action --service_name=nginx --action=reload +#REMOVEME? ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 304eab7..9f3f534 100644 --- a/scripts/remove +++ b/scripts/remove @@ -11,11 +11,11 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1 # Retrieve arguments -app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) +#REMOVEME? app=$YNH_APP_INSTANCE_NAME +#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) #================================================= # REMOVE NGINX CONFIGURATION @@ -27,9 +27,9 @@ ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1 -ynh_systemd_action --service_name=nginx --action=reload +#REMOVEME? ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index 1cade86..e78f9dc 100644 --- a/scripts/restore +++ b/scripts/restore @@ -13,18 +13,18 @@ source /usr/share/yunohost/helpers #================================================= # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= # Retrieve arguments -app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type) -redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path) +#REMOVEME? app=$YNH_APP_INSTANCE_NAME +#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) +#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) +#REMOVEME? redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type) +#REMOVEME? redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path) # Validate redirect path url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' @@ -45,7 +45,7 @@ ynh_restore_file "$NGINX_CONF" if [ "$redirect_type" != "private_proxy" ] then # unprotected_uris allows SSO credentials to be passed anyway. - ynh_permission_update --permission="main" --add="visitors" +#REMOVEME? ynh_permission_update --permission="main" --add="visitors" fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 93caed4..6db3d68 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -14,11 +14,11 @@ source /usr/share/yunohost/helpers #================================================= # Retrieve arguments -app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type) -redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path) +#REMOVEME? app=$YNH_APP_INSTANCE_NAME +#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) +#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) +#REMOVEME? redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type) +#REMOVEME? redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path) #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -33,24 +33,24 @@ then fi # Migrate away from old stuff with 'is_public' and old redirect type names -is_public=$(ynh_app_setting_get "$app" is_public) -if [ -n "$is_public" ] +#REMOVEME? #REMOVEME? is_public=$(ynh_app_setting_get "$app" is_public) +#REMOVEME? if [ -n "$is_public" ] then - if [ "$is_public" = "Yes" ]; then +#REMOVEME? if [ "$is_public" = "Yes" ]; then is_public=1 - elif [ "$is_public" = "No" ]; then +#REMOVEME? elif [ "$is_public" = "No" ]; then is_public=0 fi - if [ "$is_public" = "0" ] && [ "$redirect_type" != "proxy" ]; then +#REMOVEME? if [ "$is_public" = "0" ] && [ "$redirect_type" != "proxy" ]; then echo "WARNING: You previously had a 'supposedly' private 301 or 302 redirection... but it was found that it was public all along and it is not easy to create such a private redirection. Your 301 or 302 redirection will be re-flagged as public..." >&2 is_public=1 fi - if [ "$redirect_type" == "proxy" ] && [ "$is_public" = "1" ] +#REMOVEME? if [ "$redirect_type" == "proxy" ] && [ "$is_public" = "1" ] then redirect_type="public_proxy" - elif [ "$redirect_type" == "proxy" ] && [ "$is_public" = "0" ] +#REMOVEME? elif [ "$redirect_type" == "proxy" ] && [ "$is_public" = "0" ] then redirect_type="private_proxy" elif [ "$redirect_type" == "visible_302" ] @@ -65,9 +65,9 @@ then fi # Migrate legacy permissions to new system -if ynh_legacy_permissions_exists +#REMOVEME? if ynh_legacy_permissions_exists then - ynh_legacy_permissions_delete_all +#REMOVEME? ynh_legacy_permissions_delete_all ynh_app_setting_delete --app=$app --key=is_public fi @@ -77,13 +77,13 @@ fi #================================================= # Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { +#REMOVEME? ynh_backup_before_upgrade +#REMOVEME? ynh_clean_setup () { # restore it if the upgrade fails - ynh_restore_upgradebackup +#REMOVEME? ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors # Validate redirect path url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' @@ -96,7 +96,7 @@ url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%= # Nginx configuration for FILE in $(ls ../conf/nginx-*.conf) do - ynh_replace_string "YNH_LOCATION" "$path_url" $FILE + ynh_replace_string "YNH_LOCATION" "$path" $FILE done if [ "$redirect_type" = "public_302" ]; then @@ -120,15 +120,15 @@ fi if [ "$redirect_type" != "private_proxy" ] then # unprotected_uris allows SSO credentials to be passed anyway. - ynh_permission_update --permission="main" --add="visitors" +#REMOVEME? ynh_permission_update --permission="main" --add="visitors" fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1 -ynh_systemd_action --service_name=nginx --action=reload +#REMOVEME? ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT From a98e0caf2937c0e76050ca6b96c763f1f2e547ae Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 26 Sep 2023 19:24:23 +0000 Subject: [PATCH 02/24] Auto-update README --- README.md | 3 ++- README_fr.md | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 63e9d26..40033d3 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,8 @@ It shall NOT be edited by hand. # Redirect for YunoHost -[![Integration level](https://dash.yunohost.org/integration/redirect.svg)](https://dash.yunohost.org/appci/app/redirect) ![Working status](https://ci-apps.yunohost.org/ci/badges/redirect.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/redirect.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/redirect.svg)](https://dash.yunohost.org/appci/app/redirect) ![Working status](https://ci-apps.yunohost.org/ci/badges/redirect.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/redirect.maintain.svg) + [![Install Redirect with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=redirect) *[Lire ce readme en français.](./README_fr.md)* diff --git a/README_fr.md b/README_fr.md index 115335e..7d400a2 100644 --- a/README_fr.md +++ b/README_fr.md @@ -5,7 +5,8 @@ It shall NOT be edited by hand. # Redirect pour YunoHost -[![Niveau d’intégration](https://dash.yunohost.org/integration/redirect.svg)](https://dash.yunohost.org/appci/app/redirect) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/redirect.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/redirect.maintain.svg) +[![Niveau d’intégration](https://dash.yunohost.org/integration/redirect.svg)](https://dash.yunohost.org/appci/app/redirect) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/redirect.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/redirect.maintain.svg) + [![Installer Redirect avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=redirect) *[Read this readme in english.](./README.md)* From 627eab8d37d734c8e3bbe83225eb372b96cd97f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 26 Sep 2023 21:36:36 +0200 Subject: [PATCH 03/24] v2 --- doc/{DISCLAIMER.md => ADMIN.md} | 0 doc/{DISCLAIMER_fr.md => ADMIN_fr.md} | 0 manifest.json | 67 --------------------------- manifest.toml | 27 +++++------ scripts/backup | 16 ------- scripts/install | 33 +++---------- scripts/remove | 16 ------- scripts/restore | 17 ++----- tests.toml | 10 ++++ 9 files changed, 30 insertions(+), 156 deletions(-) rename doc/{DISCLAIMER.md => ADMIN.md} (100%) rename doc/{DISCLAIMER_fr.md => ADMIN_fr.md} (100%) delete mode 100644 manifest.json create mode 100644 tests.toml diff --git a/doc/DISCLAIMER.md b/doc/ADMIN.md similarity index 100% rename from doc/DISCLAIMER.md rename to doc/ADMIN.md diff --git a/doc/DISCLAIMER_fr.md b/doc/ADMIN_fr.md similarity index 100% rename from doc/DISCLAIMER_fr.md rename to doc/ADMIN_fr.md diff --git a/manifest.json b/manifest.json deleted file mode 100644 index ea811b4..0000000 --- a/manifest.json +++ /dev/null @@ -1,67 +0,0 @@ -{ - "name": "Redirect", - "id": "redirect", - "packaging_format": 1, - "description": { - "en": "Create a redirection or a proxy to another path", - "fr": "Créer une redirection ou un proxy vers un autre emplacement" - }, - "version": "1.0.2~ynh1", - "license": "AGPL-3.0-or-later", - "url": "https://github.com/YunoHost-Apps/redirect_ynh", - "upstream": { - "license": "AGPL-3.0-or-later", - "code": "https://github.com/YunoHost-Apps/redirect_ynh" - }, - "maintainer": { - "name": "alexAubin", - "email": "alex.aubin@mailoo.org" - }, - "requirements": { - "yunohost": ">= 4.2.0" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install" : [ - { - "name": "domain", - "type": "domain", - "example": "domain.org" - }, - { - "name": "path", - "type": "path", - "example": "/redirect", - "default": "/redirect" - }, - { - "name": "redirect_path", - "type": "string", - "ask": { - "en": "Redirect destination path", - "fr": "Emplacement de destination" - }, - "example": "http://127.0.0.1:8080/app/", - "default": "http://127.0.0.1" - }, - { - "name": "redirect_type", - "type": "string", - "ask": { - "en": "Redirect type", - "fr": "Type de redirection" - }, - "choices": { - "public_302": "Visible redirect (302, temporary). Everybody will be able to access it.", - "public_301": "Visible redirect (301, permanent). Everybody will be able to access it.", - "public_proxy": "Proxy, invisible (NGINX proxy_pass). Everybody will be able to access it.", - "private_proxy": "Proxy, invisible (NGINX proxy_pass). Only accessible for allowed users." - }, - "default": "public_302" - } - ] - } -} diff --git a/manifest.toml b/manifest.toml index c1db00c..bfb56a7 100644 --- a/manifest.toml +++ b/manifest.toml @@ -11,28 +11,23 @@ maintainers = ["alexAubin"] [upstream] license = "AGPL-3.0-or-later" -code = "https://github.com/YunoHost-Apps/redirect_ynh" website = "https://github.com/YunoHost-Apps/redirect_ynh" -cpe = "???" # FIXME: optional but recommended if relevant, this is meant to contain the Common Platform Enumeration, which is sort of a standard id for applications defined by the NIST. In particular, Yunohost may use this is in the future to easily track CVE (=security reports) related to apps. The CPE may be obtained by searching here: https://nvd.nist.gov/products/cpe/search. For example, for Nextcloud, the CPE is 'cpe:2.3:a:nextcloud:nextcloud' (no need to include the version number) -fund = "???" # FIXME: optional but recommended (or remove if irrelevant / not applicable). This is meant to be an URL where people can financially support this app, especially when its development is based on volunteers and/or financed by its community. YunoHost may later advertise it in the webadmin. [integration] -yunohost = ">= 4.2.0" -architectures = "all" # FIXME: can be replaced by a list of supported archs using the dpkg --print-architecture nomenclature (amd64/i386/armhf/arm64), for example: ["amd64", "i386"] +yunohost = ">= 11.2" +architectures = "all" multi_instance = true -ldap = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "sso" key : the "ldap" key corresponds to wether or not a user *can* login on the app using its YunoHost credentials. -sso = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "ldap" key : the "sso" key corresponds to wether or not a user is *automatically logged-in* on the app when logged-in on the YunoHost portal. -disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... -ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... -ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +ldap = false +sso = false +disk = "50M" +ram.build = "50M" +ram.runtime = "50M" [install] [install.domain] - # this is a generic question - ask strings are automatically handled by Yunohost's core type = "domain" [install.path] - # this is a generic question - ask strings are automatically handled by Yunohost's core type = "path" default = "/redirect" @@ -50,10 +45,10 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen default = "public_302" [install.redirect_type.choices] -public_302 = "Visible redirect (302, temporary). Everybody will be able to access it." -public_301 = "Visible redirect (301, permanent). Everybody will be able to access it." -public_proxy = "Proxy, invisible (NGINX proxy_pass). Everybody will be able to access it." -private_proxy = "Proxy, invisible (NGINX proxy_pass). Only accessible for allowed users." + public_302 = "Visible redirect (302, temporary). Everybody will be able to access it." + public_301 = "Visible redirect (301, permanent). Everybody will be able to access it." + public_proxy = "Proxy, invisible (NGINX proxy_pass). Everybody will be able to access it." + private_proxy = "Proxy, invisible (NGINX proxy_pass). Only accessible for allowed users." [resources] [resources.system_user] diff --git a/scripts/backup b/scripts/backup index fe765d8..5598312 100644 --- a/scripts/backup +++ b/scripts/backup @@ -8,22 +8,6 @@ source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -#REMOVEME? ynh_print_info --message="Loading installation settings..." - -# Retrieve arguments -#REMOVEME? app=$YNH_APP_INSTANCE_NAME -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) - #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= diff --git a/scripts/install b/scripts/install index 6e8847e..c5a3057 100644 --- a/scripts/install +++ b/scripts/install @@ -8,26 +8,12 @@ source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -# Retrieve arguments -#REMOVEME? app=$YNH_APP_INSTANCE_NAME -#REMOVEME? domain=$YNH_APP_ARG_DOMAIN -#REMOVEME? path=$YNH_APP_ARG_PATH -#REMOVEME? redirect_type=$YNH_APP_ARG_REDIRECT_TYPE -#REMOVEME? redirect_path=$YNH_APP_ARG_REDIRECT_PATH - -# Check domain/path availability -#REMOVEME? ynh_webpath_register --app=$app --domain=$domain --path=$path +redirect_type=$YNH_APP_ARG_REDIRECT_TYPE +redirect_path=$YNH_APP_ARG_REDIRECT_PATH # Validate redirect path url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' @@ -39,9 +25,9 @@ url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+) [[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \ "For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1 -# Save extra settings +# Save extra settings ynh_app_setting_set --app=$app --key=redirect_type --value=$redirect_type -#REMOVEME? ynh_app_setting_set --app=$app --key=redirect_path --value=$redirect_path +ynh_app_setting_set --app=$app --key=redirect_path --value=$redirect_path #================================================= # CONFIGURE NGINX @@ -70,22 +56,15 @@ fi #================================================= # CONFIGURE SSOWAT #================================================= -#REMOVEME? ynh_script_progression --message="Configuring permissions..." --weight=2 +ynh_script_progression --message="Configuring permissions..." --weight=2 # Make app public if necessary if [ "$redirect_type" != "private_proxy" ] then # unprotected_uris allows SSO credentials to be passed anyway. -#REMOVEME? ynh_permission_update --permission="main" --add="visitors" + ynh_permission_update --permission="main" --add="visitors" fi -#================================================= -# RELOAD NGINX -#================================================= -#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -#REMOVEME? ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index 9f3f534..008b047 100644 --- a/scripts/remove +++ b/scripts/remove @@ -8,15 +8,6 @@ source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1 - -# Retrieve arguments -#REMOVEME? app=$YNH_APP_INSTANCE_NAME -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) - #================================================= # REMOVE NGINX CONFIGURATION #================================================= @@ -24,13 +15,6 @@ source /usr/share/yunohost/helpers # Remove configuration files ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf -#================================================= -# RELOAD NGINX AND PHP-FPM -#================================================= -#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -#REMOVEME? ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index e78f9dc..1f4533c 100644 --- a/scripts/restore +++ b/scripts/restore @@ -8,23 +8,12 @@ source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - #================================================= # LOAD SETTINGS #================================================= -# Retrieve arguments -#REMOVEME? app=$YNH_APP_INSTANCE_NAME -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) -#REMOVEME? redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type) -#REMOVEME? redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path) +redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type) +redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path) # Validate redirect path url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' @@ -45,7 +34,7 @@ ynh_restore_file "$NGINX_CONF" if [ "$redirect_type" != "private_proxy" ] then # unprotected_uris allows SSO credentials to be passed anyway. -#REMOVEME? ynh_permission_update --permission="main" --add="visitors" + ynh_permission_update --permission="main" --add="visitors" fi #================================================= diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..4cfe8c7 --- /dev/null +++ b/tests.toml @@ -0,0 +1,10 @@ +test_format = 1.0 + +[default] + + # ------------------------------- + # Default args to use for install + # ------------------------------- + + args.redirect_type = "public_302" + args.redirect_path = "http://127.0.0.1" \ No newline at end of file From 0b33bed94e01257501907aa94bd2b25518d6e8fe Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 26 Sep 2023 19:36:46 +0000 Subject: [PATCH 04/24] Auto-update README --- README.md | 23 +---------------------- README_fr.md | 23 +---------------------- 2 files changed, 2 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index 40033d3..e96c451 100644 --- a/README.md +++ b/README.md @@ -24,30 +24,9 @@ In technical terms: this app only adds a NGINX configuration snippet with either **Shipped version:** 1.0.2~ynh1 -## Disclaimers / important information - -## Redirect type - -### Visible redirect - -The client will be redirected to another url or external website - -- `your-domain.com -> another-domain.net` -- `your-domain.com/foo -> another-domain.net/bar` - -### Invisible redirect (a.k.a "reverse-proxy") - -Visitor's address bar will remain the same. Typically used to integrate into YunoHost a manually-installed app into the portal. - -- `you-domain.com/foo -> http://172.0.0.1:8080/app` - -**IMPORTANT:** you may have to further tweak the `redirect.conf` in the nginx configuration, depending on your needs! - -**IMPORTANT:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ MUST be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/. For example : an Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/ - ## Documentation and resources -* Upstream app code repository: +* Official app website: * YunoHost documentation for this app: * Report a bug: diff --git a/README_fr.md b/README_fr.md index 7d400a2..e474cec 100644 --- a/README_fr.md +++ b/README_fr.md @@ -24,30 +24,9 @@ En terme technique: cette app se contente de rajouter le morceau de configuratio **Version incluse :** 1.0.2~ynh1 -## Avertissements / informations importantes - -## Types de redirection - -### Redirection visible - -Le client sera redirigé vers une autre URL ou site externe - -- `votre-domaine.com -> un-autre-domaine.net` -- `votre-domaine.com/foo -> un-autre-domaine.net/bar` - -### Redirection invisible (a.k.a "reverse-proxy") - -L'adresse du client restera inchangé dans le navigateur. Typiquement utilisé pour intéger dans YunoHost une application installée manuellement. - -- `you-domain.com/foo -> http://172.0.0.1:8080/app` - -**IMPORTANT:** il vous faudra peut-être bricoler manuellement `redirect.conf` dans la configuration nginx, en fonction de vos besoins. - -**IMPORTANT:** Certaines apps ne supportent pas d'être redirigées depuis un chemin différent à cause du fonctionnement des liens relatifs ... Cela signifie que par exemple une app hébergée sur `http://127.0.0.1:5050/app/` DOIT être routé sur `http://domaine.tld/app/` et PAS http://domaine.tld/unautrechemin/. Par exemple: un conteneur Docker Odoo tourne sur `http://127.0.0.1:8069/`. Il ne sera pas capable de fonctionné correctement si il est routé sur `http://domaine.tld/odoo/` ! Il faut forcément l'installer à la racine d'un domaine, par exemple `http://odoo.domaine.tld/` - ## Documentations et ressources -* Dépôt de code officiel de l’app : +* Site officiel de l’app : * Documentation YunoHost pour cette app : * Signaler un bug : From 29ec80be005cb7b96449e04567bed92418aac6f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 26 Sep 2023 21:40:29 +0200 Subject: [PATCH 05/24] cleaning --- scripts/restore | 3 --- scripts/upgrade | 52 +++++++++---------------------------------------- 2 files changed, 9 insertions(+), 46 deletions(-) diff --git a/scripts/restore b/scripts/restore index 1f4533c..46c2ea9 100644 --- a/scripts/restore +++ b/scripts/restore @@ -12,9 +12,6 @@ source /usr/share/yunohost/helpers # LOAD SETTINGS #================================================= -redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type) -redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path) - # Validate redirect path url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' [[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1 diff --git a/scripts/upgrade b/scripts/upgrade index 6db3d68..f0461df 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,17 +9,6 @@ source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= - -# Retrieve arguments -#REMOVEME? app=$YNH_APP_INSTANCE_NAME -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) -#REMOVEME? redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type) -#REMOVEME? redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path) - #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -33,24 +22,25 @@ then fi # Migrate away from old stuff with 'is_public' and old redirect type names -#REMOVEME? #REMOVEME? is_public=$(ynh_app_setting_get "$app" is_public) -#REMOVEME? if [ -n "$is_public" ] +is_public=$(ynh_app_setting_get "$app" is_public) + +if [ -n "$is_public" ] then -#REMOVEME? if [ "$is_public" = "Yes" ]; then + if [ "$is_public" = "Yes" ]; then is_public=1 -#REMOVEME? elif [ "$is_public" = "No" ]; then + elif [ "$is_public" = "No" ]; then is_public=0 fi -#REMOVEME? if [ "$is_public" = "0" ] && [ "$redirect_type" != "proxy" ]; then + if [ "$is_public" = "0" ] && [ "$redirect_type" != "proxy" ]; then echo "WARNING: You previously had a 'supposedly' private 301 or 302 redirection... but it was found that it was public all along and it is not easy to create such a private redirection. Your 301 or 302 redirection will be re-flagged as public..." >&2 is_public=1 fi -#REMOVEME? if [ "$redirect_type" == "proxy" ] && [ "$is_public" = "1" ] +if [ "$redirect_type" == "proxy" ] && [ "$is_public" = "1" ] then redirect_type="public_proxy" -#REMOVEME? elif [ "$redirect_type" == "proxy" ] && [ "$is_public" = "0" ] + elif [ "$redirect_type" == "proxy" ] && [ "$is_public" = "0" ] then redirect_type="private_proxy" elif [ "$redirect_type" == "visible_302" ] @@ -64,27 +54,10 @@ then ynh_app_setting_set $app 'redirect_type' $redirect_type fi -# Migrate legacy permissions to new system -#REMOVEME? if ynh_legacy_permissions_exists -then -#REMOVEME? ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -# Backup the current version of the app -#REMOVEME? ynh_backup_before_upgrade -#REMOVEME? ynh_clean_setup () { - # restore it if the upgrade fails -#REMOVEME? ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - # Validate redirect path url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' [[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1 @@ -120,16 +93,9 @@ fi if [ "$redirect_type" != "private_proxy" ] then # unprotected_uris allows SSO credentials to be passed anyway. -#REMOVEME? ynh_permission_update --permission="main" --add="visitors" + ynh_permission_update --permission="main" --add="visitors" fi -#================================================= -# RELOAD NGINX -#================================================= -#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -#REMOVEME? ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= From 14e1d450b39e916c6fe14b4cb70f7707beb03d0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Thu, 2 Nov 2023 23:27:15 +0100 Subject: [PATCH 06/24] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index bfb56a7..97529a2 100644 --- a/manifest.toml +++ b/manifest.toml @@ -41,7 +41,7 @@ ram.runtime = "50M" [install.redirect_type] ask.en = "Redirect type" ask.fr = "Type de redirection" - type = "string" + type = "select" default = "public_302" [install.redirect_type.choices] From 201a344d7f7540d2e637f758d5808ae31272b83b Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Thu, 2 Nov 2023 22:27:19 +0000 Subject: [PATCH 07/24] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e96c451..5547653 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ In technical terms: this app only adds a NGINX configuration snippet with either ## Documentation and resources * Official app website: -* YunoHost documentation for this app: +* YunoHost Store: * Report a bug: ## Developer info diff --git a/README_fr.md b/README_fr.md index e474cec..be2a83f 100644 --- a/README_fr.md +++ b/README_fr.md @@ -27,7 +27,7 @@ En terme technique: cette app se contente de rajouter le morceau de configuratio ## Documentations et ressources * Site officiel de l’app : -* Documentation YunoHost pour cette app : +* YunoHost Store: * Signaler un bug : ## Informations pour les développeurs From 77fd86c09e2103b7c3db464f476c9a7e942fca89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Thu, 2 Nov 2023 23:27:49 +0100 Subject: [PATCH 08/24] Update manifest.toml --- manifest.toml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifest.toml b/manifest.toml index 97529a2..25769bf 100644 --- a/manifest.toml +++ b/manifest.toml @@ -44,11 +44,11 @@ ram.runtime = "50M" type = "select" default = "public_302" - [install.redirect_type.choices] - public_302 = "Visible redirect (302, temporary). Everybody will be able to access it." - public_301 = "Visible redirect (301, permanent). Everybody will be able to access it." - public_proxy = "Proxy, invisible (NGINX proxy_pass). Everybody will be able to access it." - private_proxy = "Proxy, invisible (NGINX proxy_pass). Only accessible for allowed users." + #[install.redirect_type.choices] + choices.public_302 = "Visible redirect (302, temporary). Everybody will be able to access it." + choices.public_301 = "Visible redirect (301, permanent). Everybody will be able to access it." + choices.public_proxy = "Proxy, invisible (NGINX proxy_pass). Everybody will be able to access it." + choices.private_proxy = "Proxy, invisible (NGINX proxy_pass). Only accessible for allowed users." [resources] [resources.system_user] From 5548c1311163371f61c7a8ce1f96f7f10a3e230c Mon Sep 17 00:00:00 2001 From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> Date: Tue, 5 Dec 2023 00:07:01 +0100 Subject: [PATCH 09/24] Apply suggestions from code review --- manifest.toml | 7 +++---- scripts/install | 5 ----- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/manifest.toml b/manifest.toml index 25769bf..74bbd11 100644 --- a/manifest.toml +++ b/manifest.toml @@ -7,7 +7,7 @@ description.fr = "Créer une redirection ou un proxy vers un autre emplacement" version = "1.0.2~ynh1" -maintainers = ["alexAubin"] +maintainers = [] [upstream] license = "AGPL-3.0-or-later" @@ -17,8 +17,8 @@ website = "https://github.com/YunoHost-Apps/redirect_ynh" yunohost = ">= 11.2" architectures = "all" multi_instance = true -ldap = false -sso = false +ldap = "not_relevant" +sso = "not_relevant" disk = "50M" ram.build = "50M" ram.runtime = "50M" @@ -36,7 +36,6 @@ ram.runtime = "50M" ask.fr = "Emplacement de destination" type = "string" example = "http://127.0.0.1:8080/app/" - default = "http://127.0.0.1" [install.redirect_type] ask.en = "Redirect type" diff --git a/scripts/install b/scripts/install index c5a3057..698c6d5 100644 --- a/scripts/install +++ b/scripts/install @@ -12,8 +12,6 @@ source /usr/share/yunohost/helpers # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -redirect_type=$YNH_APP_ARG_REDIRECT_TYPE -redirect_path=$YNH_APP_ARG_REDIRECT_PATH # Validate redirect path url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' @@ -25,9 +23,6 @@ url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+) [[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \ "For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1 -# Save extra settings -ynh_app_setting_set --app=$app --key=redirect_type --value=$redirect_type -ynh_app_setting_set --app=$app --key=redirect_path --value=$redirect_path #================================================= # CONFIGURE NGINX From ba487163d5f3c63e79af7fde1788863412fed3d2 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 5 Dec 2023 00:54:55 +0100 Subject: [PATCH 10/24] Drastically simplify app because everything is way too complex.. --- conf/nginx-redirect.conf | 3 + ...inx-proxy.conf => nginx-reverseproxy.conf} | 6 +- conf/nginx-visible-301.conf | 3 - conf/nginx-visible-302.conf | 3 - manifest.toml | 29 +++--- scripts/install | 46 +-------- scripts/remove | 4 +- scripts/restore | 36 +------ scripts/upgrade | 94 +++---------------- 9 files changed, 39 insertions(+), 185 deletions(-) create mode 100644 conf/nginx-redirect.conf rename conf/{nginx-proxy.conf => nginx-reverseproxy.conf} (83%) delete mode 100644 conf/nginx-visible-301.conf delete mode 100644 conf/nginx-visible-302.conf diff --git a/conf/nginx-redirect.conf b/conf/nginx-redirect.conf new file mode 100644 index 0000000..8ef882a --- /dev/null +++ b/conf/nginx-redirect.conf @@ -0,0 +1,3 @@ +location __PATH__/ { + return 302 __TARGET__$request_uri; +} diff --git a/conf/nginx-proxy.conf b/conf/nginx-reverseproxy.conf similarity index 83% rename from conf/nginx-proxy.conf rename to conf/nginx-reverseproxy.conf index 6d3a1ee..604d91e 100644 --- a/conf/nginx-proxy.conf +++ b/conf/nginx-reverseproxy.conf @@ -1,5 +1,7 @@ -location YNH_LOCATION { - proxy_pass YNH_REDIRECT_PATH; +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { + + proxy_pass __TARGET__; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; diff --git a/conf/nginx-visible-301.conf b/conf/nginx-visible-301.conf deleted file mode 100644 index 2b3ffb6..0000000 --- a/conf/nginx-visible-301.conf +++ /dev/null @@ -1,3 +0,0 @@ -location YNH_LOCATION { - return 301 YNH_REDIRECT_PATH$request_uri; -} diff --git a/conf/nginx-visible-302.conf b/conf/nginx-visible-302.conf deleted file mode 100644 index e1ffc66..0000000 --- a/conf/nginx-visible-302.conf +++ /dev/null @@ -1,3 +0,0 @@ -location YNH_LOCATION { - return 302 YNH_REDIRECT_PATH$request_uri; -} diff --git a/manifest.toml b/manifest.toml index 74bbd11..5c85b64 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Redirect" description.en = "Create a redirection or a proxy to another path" description.fr = "Créer une redirection ou un proxy vers un autre emplacement" -version = "1.0.2~ynh1" +version = "2.0~ynh1" maintainers = [] @@ -31,28 +31,27 @@ ram.runtime = "50M" type = "path" default = "/redirect" - [install.redirect_path] - ask.en = "Redirect destination path" - ask.fr = "Emplacement de destination" - type = "string" - example = "http://127.0.0.1:8080/app/" - [install.redirect_type] ask.en = "Redirect type" ask.fr = "Type de redirection" type = "select" - default = "public_302" + choices.redirect = "Explicit redirection (HTTP 302). Redirect people to another URL." + choices.reverseproxy = "Reverse-proxy (nginx proxy_pass). Expose an app, typically that you manually installed (with or without Docker) locally or an another machine." - #[install.redirect_type.choices] - choices.public_302 = "Visible redirect (302, temporary). Everybody will be able to access it." - choices.public_301 = "Visible redirect (301, permanent). Everybody will be able to access it." - choices.public_proxy = "Proxy, invisible (NGINX proxy_pass). Everybody will be able to access it." - choices.private_proxy = "Proxy, invisible (NGINX proxy_pass). Only accessible for allowed users." + [install.target] + ask.en = "Target" + ask.fr = "Cible" + type = "url" + example = "http://127.0.0.1:1312/" + + [install.init_main_permission] + default = "visitors" [resources] + # Meh we gotta keep this otherwise migrations from the v1 era will fail + # because they assume a system user resource existed in v1 and will want to + # delete it if not present anymore in the manifest ... [resources.system_user] - [resources.install_dir] - [resources.permissions] main.url = "/" diff --git a/scripts/install b/scripts/install index 698c6d5..b33ed9e 100644 --- a/scripts/install +++ b/scripts/install @@ -8,57 +8,19 @@ source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - - -# Validate redirect path -url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' -[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1 - # Avoid uncrypted remote destination with reverse proxy mode # Indeed the SSO send the password in all requests in HTTP headers url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' -[[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \ -"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1 - +[[ "$redirect_type" = "reverseproxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \ +"For secure reason, you can't use an unencrypted http remote destination coupled with ssowat for your reverse proxy: $redirect_path" 1 #================================================= # CONFIGURE NGINX #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=1 -# Nginx configuration -for FILE in $(ls ../conf/nginx-*.conf) -do - ynh_replace_string "YNH_LOCATION" "$path" $FILE -done -if [ "$redirect_type" = "public_302" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf - cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf -elif [ "$redirect_type" = "public_301" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf - cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf -elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf - cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf -fi - -#================================================= -# CONFIGURE SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=2 - -# Make app public if necessary -if [ "$redirect_type" != "private_proxy" ] -then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_permission_update --permission="main" --add="visitors" -fi +mv ../conf/{nginx-$redirect_type.conf,nginx.conf} +ynh_add_nginx_config #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 008b047..5ea4099 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,8 +12,8 @@ source /usr/share/yunohost/helpers # REMOVE NGINX CONFIGURATION #================================================= -# Remove configuration files -ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf +# Remove the dedicated NGINX config +ynh_remove_nginx_config #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index 46c2ea9..f8838c7 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,44 +1,10 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= +ynh_restore_file "/etc/nginx/conf.d/${domain}.d/${app}.conf" -# Validate redirect path -url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' -[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1 - -# Check configuration files -NGINX_CONF="/etc/nginx/conf.d/${domain}.d/${app}.conf" -[[ -f $NGINX_CONF ]] && ynh_die "The NGINX configuration already exists at '${NGINX_CONF}'. You should safely delete it before restoring this app." - -# Restore configuration files -ynh_restore_file "$NGINX_CONF" - -#================================================= -# SETUP SSOWAT -#================================================= - -# Make app public if necessary -if [ "$redirect_type" != "private_proxy" ] -then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_permission_update --permission="main" --add="visitors" -fi - -#================================================= -# RELOAD NGINX AND PHP-FPM -#================================================= ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index f0461df..3605880 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,103 +1,31 @@ - #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source /usr/share/yunohost/helpers #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -# Fix is_public as a boolean value -# Default value for redirect_type if upgrading from https://github.com/scith/redirect_ynh -if [ -z "$redirect_type" ]; +if [[ "${redirect_type:-}" == *"proxy"* ]] then - redirect_type="proxy" - ynh_app_setting_set $app 'redirect_type' $redirect_type + redirect_type="reverseproxy" +else + redirect_type="redirect" fi +ynh_app_setting_set $app 'redirect_type' $redirect_type -# Migrate away from old stuff with 'is_public' and old redirect type names -is_public=$(ynh_app_setting_get "$app" is_public) - -if [ -n "$is_public" ] +if [[ -z "${target:-}" ]] && [[ -n "${redirect_path:-}" ]] then - if [ "$is_public" = "Yes" ]; then - is_public=1 - elif [ "$is_public" = "No" ]; then - is_public=0 - fi - - if [ "$is_public" = "0" ] && [ "$redirect_type" != "proxy" ]; then - echo "WARNING: You previously had a 'supposedly' private 301 or 302 redirection... but it was found that it was public all along and it is not easy to create such a private redirection. Your 301 or 302 redirection will be re-flagged as public..." >&2 - is_public=1 - fi - -if [ "$redirect_type" == "proxy" ] && [ "$is_public" = "1" ] - then - redirect_type="public_proxy" - elif [ "$redirect_type" == "proxy" ] && [ "$is_public" = "0" ] - then - redirect_type="private_proxy" - elif [ "$redirect_type" == "visible_302" ] - then - redirect_type="public_302" - elif [ "$redirect_type" == "visible_301" ] - then - redirect_type="public_301" - fi - - ynh_app_setting_set $app 'redirect_type' $redirect_type + target="$redirect_path" + ynh_app_setting_set $app target "$redirect_path" fi -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= - -# Validate redirect path -url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' -[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1 - #================================================= # CONFIGURE NGINX #================================================= +ynh_script_progression --message="Configuring NGINX web server..." --weight=1 -# Nginx configuration -for FILE in $(ls ../conf/nginx-*.conf) -do - ynh_replace_string "YNH_LOCATION" "$path" $FILE -done -if [ "$redirect_type" = "public_302" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf - cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf -elif [ "$redirect_type" = "public_301" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf - cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf -elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ]; -then - ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf - cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf -fi - -#================================================= -# CONFIGURE SSOWAT -#================================================= - -# Make app public if necessary -if [ "$redirect_type" != "private_proxy" ] -then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_permission_update --permission="main" --add="visitors" -fi - -#================================================= -# END OF SCRIPT -#================================================= +mv ../conf/{nginx-$redirect_type.conf,nginx.conf} +ynh_add_nginx_config ynh_script_progression --message="Upgrade of $app completed" --last From a7a1271d98e15e88d6b0b10030919273f684d4a5 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Mon, 4 Dec 2023 23:55:05 +0000 Subject: [PATCH 11/24] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5547653..f522bf8 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ This application allows to integrate a custom tile in YunoHost's user portal. Ty In technical terms: this app only adds a NGINX configuration snippet with either `redirect` or `proxy_pass` rule, and a YunoHost tile + appropriate SSOwat configuration. -**Shipped version:** 1.0.2~ynh1 +**Shipped version:** 2.0~ynh1 ## Documentation and resources * Official app website: diff --git a/README_fr.md b/README_fr.md index be2a83f..ddb7971 100644 --- a/README_fr.md +++ b/README_fr.md @@ -23,7 +23,7 @@ Cette application permet d'intégrée une tuile personalisée dans le portail ut En terme technique: cette app se contente de rajouter le morceau de configuration NGINX approprié avec soit `redirect` ou `proxy_pass`, et la tuile YunoHost + configuration SSOwat correspondante. -**Version incluse :** 1.0.2~ynh1 +**Version incluse :** 2.0~ynh1 ## Documentations et ressources * Site officiel de l’app : From 3bf42a51f34cd0fb9bec2bb331ff5c737536321c Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 5 Dec 2023 01:01:08 +0100 Subject: [PATCH 12/24] Implement tests --- check_process | 21 --------------------- tests.toml | 20 +++++++++++++++----- 2 files changed, 15 insertions(+), 26 deletions(-) delete mode 100644 check_process diff --git a/check_process b/check_process deleted file mode 100644 index 7d507d0..0000000 --- a/check_process +++ /dev/null @@ -1,21 +0,0 @@ -;; Test complet - ; Manifest - domain="domain.tld" - path="/path" - redirect_type="public_302" - redirect_path="http://127.0.0.1" - ; Checks - pkg_linter=1 - setup_sub_dir=1 - setup_root=1 - setup_nourl=0 - setup_private=0 - setup_private=1 - setup_public=1 - upgrade=1 - backup_restore=1 - multi_instance=1 - change_url=0 -;;; Options -Email= -Notification=none diff --git a/tests.toml b/tests.toml index 4cfe8c7..08e60d4 100644 --- a/tests.toml +++ b/tests.toml @@ -2,9 +2,19 @@ test_format = 1.0 [default] - # ------------------------------- - # Default args to use for install - # ------------------------------- + args.redirect_type = "redirect" + args.target = "https://fr.wikipedia.org" - args.redirect_type = "public_302" - args.redirect_path = "http://127.0.0.1" \ No newline at end of file + test_upgrade_from.09cf1c6b.name = "v1 era" + test_upgrade_from.09cf1c6b.args.redirect_type = "visible_302" + test_upgrade_from.09cf1c6b.args.redirect_path = "https://fr.wikipedia.org" + + +[reverseproxy] + + args.redirect_type = "reverseproxy" + args.target = "http://127.0.0.1:80" + + test_upgrade_from.09cf1c6b.name = "v1 era" + test_upgrade_from.09cf1c6b.args.redirect_type = "proxy_public" + test_upgrade_from.09cf1c6b.args.redirect_path = "http://127.0.0.1:80" From 9f05482862506cc946d4e65ec82b0e85bca7efe0 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 5 Dec 2023 01:08:20 +0100 Subject: [PATCH 13/24] Zbmlgrerg --- README.md | 2 +- README_fr.md | 2 +- conf/nginx-redirect.conf | 2 +- manifest.toml | 4 +++- scripts/install | 4 ++-- tests.toml | 12 ++++++++---- 6 files changed, 16 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index f522bf8..e813f34 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ In technical terms: this app only adds a NGINX configuration snippet with either **Shipped version:** 2.0~ynh1 ## Documentation and resources -* Official app website: +* Official app website: * YunoHost Store: * Report a bug: diff --git a/README_fr.md b/README_fr.md index ddb7971..f333130 100644 --- a/README_fr.md +++ b/README_fr.md @@ -26,7 +26,7 @@ En terme technique: cette app se contente de rajouter le morceau de configuratio **Version incluse :** 2.0~ynh1 ## Documentations et ressources -* Site officiel de l’app : +* Site officiel de l’app : * YunoHost Store: * Signaler un bug : diff --git a/conf/nginx-redirect.conf b/conf/nginx-redirect.conf index 8ef882a..731c42d 100644 --- a/conf/nginx-redirect.conf +++ b/conf/nginx-redirect.conf @@ -1,3 +1,3 @@ -location __PATH__/ { +location __PATH__ { return 302 __TARGET__$request_uri; } diff --git a/manifest.toml b/manifest.toml index 5c85b64..f9a59d6 100644 --- a/manifest.toml +++ b/manifest.toml @@ -11,7 +11,7 @@ maintainers = [] [upstream] license = "AGPL-3.0-or-later" -website = "https://github.com/YunoHost-Apps/redirect_ynh" +website = "https://en.wikipedia.org/wiki/Reverse_proxy" [integration] yunohost = ">= 11.2" @@ -37,6 +37,7 @@ ram.runtime = "50M" type = "select" choices.redirect = "Explicit redirection (HTTP 302). Redirect people to another URL." choices.reverseproxy = "Reverse-proxy (nginx proxy_pass). Expose an app, typically that you manually installed (with or without Docker) locally or an another machine." + default = "redirect" [install.target] ask.en = "Target" @@ -45,6 +46,7 @@ ram.runtime = "50M" example = "http://127.0.0.1:1312/" [install.init_main_permission] + type = "group" default = "visitors" [resources] diff --git a/scripts/install b/scripts/install index b33ed9e..979fcfd 100644 --- a/scripts/install +++ b/scripts/install @@ -11,8 +11,8 @@ source /usr/share/yunohost/helpers # Avoid uncrypted remote destination with reverse proxy mode # Indeed the SSO send the password in all requests in HTTP headers url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' -[[ "$redirect_type" = "reverseproxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \ -"For secure reason, you can't use an unencrypted http remote destination coupled with ssowat for your reverse proxy: $redirect_path" 1 +[[ "$redirect_type" = "reverseproxy" ]] && [[ ! "$target" =~ $url_regex ]] && ynh_die \ +"For secure reason, you can't use an unencrypted http remote destination coupled with ssowat for your reverse proxy: $target" 1 #================================================= # CONFIGURE NGINX diff --git a/tests.toml b/tests.toml index 08e60d4..a92406c 100644 --- a/tests.toml +++ b/tests.toml @@ -3,18 +3,22 @@ test_format = 1.0 [default] args.redirect_type = "redirect" - args.target = "https://fr.wikipedia.org" + args.target = "http://127.0.0.1" test_upgrade_from.09cf1c6b.name = "v1 era" + test_upgrade_from.09cf1c6b.args.domain = "domain.tld" test_upgrade_from.09cf1c6b.args.redirect_type = "visible_302" - test_upgrade_from.09cf1c6b.args.redirect_path = "https://fr.wikipedia.org" + test_upgrade_from.09cf1c6b.args.redirect_path = "http://127.0.0.1" [reverseproxy] args.redirect_type = "reverseproxy" - args.target = "http://127.0.0.1:80" + args.target = "http://127.0.0.1" + + exclude = ["install.private", "install.multi", "backup_restore"] test_upgrade_from.09cf1c6b.name = "v1 era" + test_upgrade_from.09cf1c6b.args.domain = "domain.tld" test_upgrade_from.09cf1c6b.args.redirect_type = "proxy_public" - test_upgrade_from.09cf1c6b.args.redirect_path = "http://127.0.0.1:80" + test_upgrade_from.09cf1c6b.args.redirect_path = "http://127.0.0.1" From 1fcd6721caefdcdc049547c185b8a0055658a717 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> Date: Tue, 5 Dec 2023 13:29:53 +0100 Subject: [PATCH 14/24] Update tests.toml --- tests.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests.toml b/tests.toml index a92406c..0528ebc 100644 --- a/tests.toml +++ b/tests.toml @@ -20,5 +20,5 @@ test_format = 1.0 test_upgrade_from.09cf1c6b.name = "v1 era" test_upgrade_from.09cf1c6b.args.domain = "domain.tld" - test_upgrade_from.09cf1c6b.args.redirect_type = "proxy_public" + test_upgrade_from.09cf1c6b.args.redirect_type = "proxy" test_upgrade_from.09cf1c6b.args.redirect_path = "http://127.0.0.1" From b7a72ef22936a004eb2aaa28db82cb2cd15aa7a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Tue, 12 Dec 2023 17:06:16 +0100 Subject: [PATCH 15/24] Add toml schemas urls, tests.toml reformatting --- manifest.toml | 2 ++ tests.toml | 20 ++++++++++++-------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/manifest.toml b/manifest.toml index f9a59d6..fad8287 100644 --- a/manifest.toml +++ b/manifest.toml @@ -1,3 +1,5 @@ +#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/manifest.v2.schema.json + packaging_format = 2 id = "redirect" diff --git a/tests.toml b/tests.toml index 0528ebc..288a9dd 100644 --- a/tests.toml +++ b/tests.toml @@ -1,3 +1,5 @@ +#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/tests.v1.schema.json + test_format = 1.0 [default] @@ -5,10 +7,11 @@ test_format = 1.0 args.redirect_type = "redirect" args.target = "http://127.0.0.1" - test_upgrade_from.09cf1c6b.name = "v1 era" - test_upgrade_from.09cf1c6b.args.domain = "domain.tld" - test_upgrade_from.09cf1c6b.args.redirect_type = "visible_302" - test_upgrade_from.09cf1c6b.args.redirect_path = "http://127.0.0.1" + [default.test_upgrade_from.09cf1c6b] + name = "v1 era" + args.domain = "domain.tld" + args.redirect_type = "visible_302" + args.redirect_path = "http://127.0.0.1" [reverseproxy] @@ -18,7 +21,8 @@ test_format = 1.0 exclude = ["install.private", "install.multi", "backup_restore"] - test_upgrade_from.09cf1c6b.name = "v1 era" - test_upgrade_from.09cf1c6b.args.domain = "domain.tld" - test_upgrade_from.09cf1c6b.args.redirect_type = "proxy" - test_upgrade_from.09cf1c6b.args.redirect_path = "http://127.0.0.1" + [reverseproxy.test_upgrade_from.09cf1c6b] + name = "v1 era" + args.domain = "domain.tld" + args.redirect_type = "proxy" + args.redirect_path = "http://127.0.0.1" From 2a7d414d11d0fe93b865c98b9d29dff871d3b75e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Tue, 12 Dec 2023 17:07:15 +0100 Subject: [PATCH 16/24] write validate_redirect_uri in _common.sh --- scripts/_common.sh | 32 ++++++++++++++++++++++++++++++++ scripts/install | 9 +++------ scripts/upgrade | 1 + 3 files changed, 36 insertions(+), 6 deletions(-) create mode 100644 scripts/_common.sh diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..dee0ea0 --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +#================================================= +# COMMON VARIABLES +#================================================= + +#================================================= +# PERSONAL HELPERS +#================================================= + +URL_REGEX_VALID='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' +URL_REGEX_SECURE='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' + +_validate_redirect_uri() { + if [[ ! $target =~ $URL_REGEX_VALID ]]; then + ynh_die "Invalid destination: $target" 1 + fi + + # Avoid uncrypted remote destination with reverse proxy mode + # Indeed the SSO send the password in all requests in HTTP headers + if [[ "$redirect_type" = "proxy" ]] && [[ ! $target =~ $URL_REGEX_SECURE ]]; then + ynh_die "For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $target" 1 + fi +} + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= diff --git a/scripts/install b/scripts/install index 979fcfd..351e62d 100644 --- a/scripts/install +++ b/scripts/install @@ -6,20 +6,17 @@ # IMPORT GENERIC HELPERS #================================================= +source _common.sh source /usr/share/yunohost/helpers -# Avoid uncrypted remote destination with reverse proxy mode -# Indeed the SSO send the password in all requests in HTTP headers -url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' -[[ "$redirect_type" = "reverseproxy" ]] && [[ ! "$target" =~ $url_regex ]] && ynh_die \ -"For secure reason, you can't use an unencrypted http remote destination coupled with ssowat for your reverse proxy: $target" 1 +_validate_redirect_uri #================================================= # CONFIGURE NGINX #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=1 -mv ../conf/{nginx-$redirect_type.conf,nginx.conf} +mv ../conf/{"nginx-$redirect_type.conf",nginx.conf} ynh_add_nginx_config #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 3605880..639b139 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,5 +1,6 @@ #!/bin/bash +source _common.sh source /usr/share/yunohost/helpers #================================================= From 61d756ad99e8c1c19aae3a141cec079ff7983405 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Tue, 12 Dec 2023 17:07:28 +0100 Subject: [PATCH 17/24] upgrade.sh: delete redirect_path legacy setting --- scripts/upgrade | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 639b139..f317e68 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -7,18 +7,17 @@ source /usr/share/yunohost/helpers # ENSURE DOWNWARD COMPATIBILITY #================================================= -if [[ "${redirect_type:-}" == *"proxy"* ]] -then +if [[ "${redirect_type:-}" == *"proxy"* ]]; then redirect_type="reverseproxy" else redirect_type="redirect" fi ynh_app_setting_set $app 'redirect_type' $redirect_type -if [[ -z "${target:-}" ]] && [[ -n "${redirect_path:-}" ]] -then +if [[ -z "${target:-}" ]] && [[ -n "${redirect_path:-}" ]]; then target="$redirect_path" - ynh_app_setting_set $app target "$redirect_path" + ynh_app_setting_delete --app=$app --key=redirect_path + ynh_app_setting_set --app=$app --key=target --value="$redirect_path" fi #================================================= From de11beb6c5ccd72a6264da38ad60ff092df3ae32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Tue, 12 Dec 2023 17:17:01 +0100 Subject: [PATCH 18/24] Add a change_url script --- scripts/change_url | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 scripts/change_url diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..ce47a56 --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,26 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# MODIFY URL IN NGINX CONF +#================================================= +ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2 + +mv ../conf/{"nginx-$redirect_type.conf",nginx.conf} +ynh_change_url_nginx_config + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Change of URL completed for $app" --last From 83d04b763fe08ec8ee03d3c200c62cee8e9ae45b Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 31 Dec 2023 18:50:07 +0100 Subject: [PATCH 19/24] ci: add a dummy service to be able to test reverseproxy mode --- conf/nginx-redirect.conf | 2 +- scripts/_common.sh | 36 ++++++++++++++++++++++-------------- scripts/install | 14 ++++++++++++++ scripts/restore | 7 +++++++ scripts/upgrade | 6 ++++++ tests.toml | 31 ++++++++++++++++++++----------- 6 files changed, 70 insertions(+), 26 deletions(-) diff --git a/conf/nginx-redirect.conf b/conf/nginx-redirect.conf index 731c42d..1ee1b6a 100644 --- a/conf/nginx-redirect.conf +++ b/conf/nginx-redirect.conf @@ -1,3 +1,3 @@ location __PATH__ { - return 302 __TARGET__$request_uri; + return 302 __TARGET__; } diff --git a/scripts/_common.sh b/scripts/_common.sh index dee0ea0..ebc643a 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,13 +1,5 @@ #!/bin/bash -#================================================= -# COMMON VARIABLES -#================================================= - -#================================================= -# PERSONAL HELPERS -#================================================= - URL_REGEX_VALID='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' URL_REGEX_SECURE='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' @@ -23,10 +15,26 @@ _validate_redirect_uri() { fi } -#================================================= -# EXPERIMENTAL HELPERS -#================================================= +_add_dummy_service() { + cat << EOF > /etc/systemd/system/whatever.service +[Unit] +Description=Whatever +After=network.target -#================================================= -# FUTURE OFFICIAL HELPERS -#================================================= +[Service] +WorkingDirectory=/redirect/ +ExecStart=python3 -m http.server -b 127.0.0.1 1234 +PrivateTmp=true + +[Install] +WantedBy=multi-user.target +EOF + + mkdir -p /redirect + echo "helloworld" > /redirect/index.html + systemctl daemon-reload + ynh_systemd_action --service_name=whatever --action=enable + ynh_systemd_action --service_name=whatever --action=restart + + true +} diff --git a/scripts/install b/scripts/install index 351e62d..d44668d 100644 --- a/scripts/install +++ b/scripts/install @@ -11,6 +11,12 @@ source /usr/share/yunohost/helpers _validate_redirect_uri +# When testing on the CI, we need a service to test the reverse-proxying +if [[ ${PACKAGE_CHECK_EXEC} == "1" ]] && [[ "$redirect_type" == "reverseproxy" ]] +then + _add_dummy_service +fi + #================================================= # CONFIGURE NGINX #================================================= @@ -19,6 +25,14 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 mv ../conf/{"nginx-$redirect_type.conf",nginx.conf} ynh_add_nginx_config + +if [[ ${PACKAGE_CHECK_EXEC} == "1" ]] && [[ "$redirect_type" == "reverseproxy" ]] +then + systemctl status whatever >&2 + sleep 3 +fi + + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index f8838c7..de715e2 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,5 +1,6 @@ #!/bin/bash +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers ynh_restore_file "/etc/nginx/conf.d/${domain}.d/${app}.conf" @@ -7,6 +8,12 @@ ynh_restore_file "/etc/nginx/conf.d/${domain}.d/${app}.conf" ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload +# When testing on the CI, we need a service to test the reverse-proxying +if [[ ${PACKAGE_CHECK_EXEC} == "1" ]] && [[ "$redirect_type" == "reverseproxy" ]] +then + _add_dummy_service +fi + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index f317e68..8f8a22c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -20,6 +20,12 @@ if [[ -z "${target:-}" ]] && [[ -n "${redirect_path:-}" ]]; then ynh_app_setting_set --app=$app --key=target --value="$redirect_path" fi +# When testing on the CI, we need a service to test the reverse-proxying +if [[ ${PACKAGE_CHECK_EXEC} == "1" ]] && [[ "$redirect_type" == "reverseproxy" ]] +then + _add_dummy_service +fi + #================================================= # CONFIGURE NGINX #================================================= diff --git a/tests.toml b/tests.toml index 288a9dd..44f0e46 100644 --- a/tests.toml +++ b/tests.toml @@ -4,25 +4,34 @@ test_format = 1.0 [default] - args.redirect_type = "redirect" - args.target = "http://127.0.0.1" + args.redirect_type = "reverseproxy" + args.target = "http://127.0.0.1:1234/" + + exclude = ["install.private", "install.multi", "backup_restore", "change_url"] [default.test_upgrade_from.09cf1c6b] name = "v1 era" args.domain = "domain.tld" - args.redirect_type = "visible_302" - args.redirect_path = "http://127.0.0.1" + args.path = "/" + args.redirect_type = "proxy" + args.redirect_path = "http://127.0.0.1:1234/" + args.is_public = true -[reverseproxy] +[redirect] - args.redirect_type = "reverseproxy" - args.target = "http://127.0.0.1" + args.redirect_type = "redirect" + args.target = "https://127.0.0.1" - exclude = ["install.private", "install.multi", "backup_restore"] + # Turns out 302 redirects cant be made private because they are interpreted before going through the sso ... + exclude = ["install.private"] - [reverseproxy.test_upgrade_from.09cf1c6b] + [redirect.test_upgrade_from.09cf1c6b] name = "v1 era" args.domain = "domain.tld" - args.redirect_type = "proxy" - args.redirect_path = "http://127.0.0.1" + args.path = "/" + args.redirect_type = "visible_302" + args.redirect_path = "https://127.0.0.1" + args.is_public = true + + From b0f9fe9b22b93de42251c50063a43c7112fd7e21 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 2 Jan 2024 17:43:58 +0100 Subject: [PATCH 20/24] Moar tweaking/cleaning x_x --- conf/nginx-redirect.conf | 2 +- doc/ADMIN.md | 19 +------------------ doc/ADMIN_fr.md | 19 +------------------ manifest.toml | 7 ++++--- scripts/_common.sh | 2 +- scripts/install | 8 -------- tests.toml | 31 ++++++++++++++----------------- 7 files changed, 22 insertions(+), 66 deletions(-) diff --git a/conf/nginx-redirect.conf b/conf/nginx-redirect.conf index 1ee1b6a..731c42d 100644 --- a/conf/nginx-redirect.conf +++ b/conf/nginx-redirect.conf @@ -1,3 +1,3 @@ location __PATH__ { - return 302 __TARGET__; + return 302 __TARGET__$request_uri; } diff --git a/doc/ADMIN.md b/doc/ADMIN.md index 446e514..ecce686 100644 --- a/doc/ADMIN.md +++ b/doc/ADMIN.md @@ -1,18 +1 @@ -## Redirect type - -### Visible redirect - -The client will be redirected to another url or external website - -- `your-domain.com -> another-domain.net` -- `your-domain.com/foo -> another-domain.net/bar` - -### Invisible redirect (a.k.a "reverse-proxy") - -Visitor's address bar will remain the same. Typically used to integrate into YunoHost a manually-installed app into the portal. - -- `you-domain.com/foo -> http://172.0.0.1:8080/app` - -**IMPORTANT:** you may have to further tweak the `redirect.conf` in the nginx configuration, depending on your needs! - -**IMPORTANT:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ MUST be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/. For example : an Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/ +The nginx configuration can be further tweaked in `/etc/nginx/conf.d/__DOMAIN__.d/__APP__.conf` diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md index e7c511f..c71e4dc 100644 --- a/doc/ADMIN_fr.md +++ b/doc/ADMIN_fr.md @@ -1,18 +1 @@ -## Types de redirection - -### Redirection visible - -Le client sera redirigé vers une autre URL ou site externe - -- `votre-domaine.com -> un-autre-domaine.net` -- `votre-domaine.com/foo -> un-autre-domaine.net/bar` - -### Redirection invisible (a.k.a "reverse-proxy") - -L'adresse du client restera inchangé dans le navigateur. Typiquement utilisé pour intéger dans YunoHost une application installée manuellement. - -- `you-domain.com/foo -> http://172.0.0.1:8080/app` - -**IMPORTANT:** il vous faudra peut-être bricoler manuellement `redirect.conf` dans la configuration nginx, en fonction de vos besoins. - -**IMPORTANT:** Certaines apps ne supportent pas d'être redirigées depuis un chemin différent à cause du fonctionnement des liens relatifs ... Cela signifie que par exemple une app hébergée sur `http://127.0.0.1:5050/app/` DOIT être routé sur `http://domaine.tld/app/` et PAS http://domaine.tld/unautrechemin/. Par exemple: un conteneur Docker Odoo tourne sur `http://127.0.0.1:8069/`. Il ne sera pas capable de fonctionné correctement si il est routé sur `http://domaine.tld/odoo/` ! Il faut forcément l'installer à la racine d'un domaine, par exemple `http://odoo.domaine.tld/` +La configuration nginx peut être trouvée dans `/etc/nginx/conf.d/__DOMAIN__.d/__APP__.conf` diff --git a/manifest.toml b/manifest.toml index fad8287..34058f7 100644 --- a/manifest.toml +++ b/manifest.toml @@ -32,20 +32,21 @@ ram.runtime = "50M" [install.path] type = "path" default = "/redirect" + help = "Be careful when using this app in reverse-proxy mode: the target may require to be installed at the root of a domain (or subdomain), meaning the path is just '/'!" [install.redirect_type] ask.en = "Redirect type" ask.fr = "Type de redirection" type = "select" - choices.redirect = "Explicit redirection (HTTP 302). Redirect people to another URL." - choices.reverseproxy = "Reverse-proxy (nginx proxy_pass). Expose an app, typically that you manually installed (with or without Docker) locally or an another machine." + choices.redirect = "Explicit redirection (HTTP 302). Redirect people to a different page." + choices.reverseproxy = "Reverse-proxy (nginx proxy_pass). Expose an app, typically something that you manually installed (with or without Docker) locally or an another machine." default = "redirect" [install.target] ask.en = "Target" ask.fr = "Cible" type = "url" - example = "http://127.0.0.1:1312/" + help = "This may be something like https://some.other.website (for explicit redirect) or http://127.0.0.1:1234 for reverse-proxies." [install.init_main_permission] type = "group" diff --git a/scripts/_common.sh b/scripts/_common.sh index ebc643a..cb2aa26 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -10,7 +10,7 @@ _validate_redirect_uri() { # Avoid uncrypted remote destination with reverse proxy mode # Indeed the SSO send the password in all requests in HTTP headers - if [[ "$redirect_type" = "proxy" ]] && [[ ! $target =~ $URL_REGEX_SECURE ]]; then + if [[ "$redirect_type" = "reverseproxy" ]] && [[ ! $target =~ $URL_REGEX_SECURE ]]; then ynh_die "For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $target" 1 fi } diff --git a/scripts/install b/scripts/install index d44668d..4e7432c 100644 --- a/scripts/install +++ b/scripts/install @@ -25,14 +25,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 mv ../conf/{"nginx-$redirect_type.conf",nginx.conf} ynh_add_nginx_config - -if [[ ${PACKAGE_CHECK_EXEC} == "1" ]] && [[ "$redirect_type" == "reverseproxy" ]] -then - systemctl status whatever >&2 - sleep 3 -fi - - #================================================= # END OF SCRIPT #================================================= diff --git a/tests.toml b/tests.toml index 44f0e46..e1c4173 100644 --- a/tests.toml +++ b/tests.toml @@ -4,29 +4,13 @@ test_format = 1.0 [default] - args.redirect_type = "reverseproxy" - args.target = "http://127.0.0.1:1234/" - - exclude = ["install.private", "install.multi", "backup_restore", "change_url"] - - [default.test_upgrade_from.09cf1c6b] - name = "v1 era" - args.domain = "domain.tld" - args.path = "/" - args.redirect_type = "proxy" - args.redirect_path = "http://127.0.0.1:1234/" - args.is_public = true - - -[redirect] - args.redirect_type = "redirect" args.target = "https://127.0.0.1" # Turns out 302 redirects cant be made private because they are interpreted before going through the sso ... exclude = ["install.private"] - [redirect.test_upgrade_from.09cf1c6b] + [default.test_upgrade_from.09cf1c6b] name = "v1 era" args.domain = "domain.tld" args.path = "/" @@ -34,4 +18,17 @@ test_format = 1.0 args.redirect_path = "https://127.0.0.1" args.is_public = true +[reverseproxy] + args.redirect_type = "reverseproxy" + args.target = "http://127.0.0.1:1234" + + exclude = ["install.private", "install.multi", "backup_restore", "change_url"] + + [reverseproxy.test_upgrade_from.09cf1c6b] + name = "v1 era" + args.domain = "domain.tld" + args.path = "/" + args.redirect_type = "proxy" + args.redirect_path = "http://127.0.0.1:1234" + args.is_public = true From 5063d6f8d94e14020c8fe4745c97866b4a425797 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 2 Jan 2024 19:04:47 +0100 Subject: [PATCH 21/24] Moar test debug .. --- scripts/_common.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/_common.sh b/scripts/_common.sh index cb2aa26..e106b18 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -31,7 +31,9 @@ WantedBy=multi-user.target EOF mkdir -p /redirect + mkdir -p /redirect/path echo "helloworld" > /redirect/index.html + echo "helloworld" > /redirect/path/index.html systemctl daemon-reload ynh_systemd_action --service_name=whatever --action=enable ynh_systemd_action --service_name=whatever --action=restart From 2684e5142745ae5a7baf004db47b21e53b067637 Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 2 Jan 2024 23:05:32 +0100 Subject: [PATCH 22/24] Just adding some getops --- scripts/_common.sh | 4 ++-- scripts/backup | 2 +- scripts/restore | 2 +- scripts/upgrade | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index e106b18..7849e16 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,13 +5,13 @@ URL_REGEX_SECURE='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(: _validate_redirect_uri() { if [[ ! $target =~ $URL_REGEX_VALID ]]; then - ynh_die "Invalid destination: $target" 1 + ynh_die --message="Invalid destination: $target" 1 fi # Avoid uncrypted remote destination with reverse proxy mode # Indeed the SSO send the password in all requests in HTTP headers if [[ "$redirect_type" = "reverseproxy" ]] && [[ ! $target =~ $URL_REGEX_SECURE ]]; then - ynh_die "For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $target" 1 + ynh_die --message="For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $target" 1 fi } diff --git a/scripts/backup b/scripts/backup index 5598312..942c232 100644 --- a/scripts/backup +++ b/scripts/backup @@ -13,7 +13,7 @@ source /usr/share/yunohost/helpers #================================================= # Copy the conf files -ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" +ynh_backup --src_path="/etc/nginx/conf.d/${domain}.d/${app}.conf" #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index de715e2..926294b 100644 --- a/scripts/restore +++ b/scripts/restore @@ -3,7 +3,7 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -ynh_restore_file "/etc/nginx/conf.d/${domain}.d/${app}.conf" +ynh_restore_file --origin_path="/etc/nginx/conf.d/${domain}.d/${app}.conf" ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index 8f8a22c..52b7cad 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,12 +12,12 @@ if [[ "${redirect_type:-}" == *"proxy"* ]]; then else redirect_type="redirect" fi -ynh_app_setting_set $app 'redirect_type' $redirect_type +ynh_app_setting_set --app=$app --key='redirect_type' --value=$redirect_type if [[ -z "${target:-}" ]] && [[ -n "${redirect_path:-}" ]]; then target="$redirect_path" ynh_app_setting_delete --app=$app --key=redirect_path - ynh_app_setting_set --app=$app --key=target --value="$redirect_path" + ynh_app_setting_set --app=$app --key=target --value="$target" fi # When testing on the CI, we need a service to test the reverse-proxying From e931634e46a681c58fc1cb17b0928540b272d8c0 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 6 Jan 2024 17:08:06 +0100 Subject: [PATCH 23/24] Attempt to move the dummy service setup to preinstall/preupgrade instructions in tests.toml, avoid poluting the actual scripts --- scripts/_common.sh | 26 ------------------------ scripts/install | 6 ------ scripts/restore | 6 ------ scripts/upgrade | 6 ------ tests.toml | 49 ++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 49 insertions(+), 44 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 7849e16..d271360 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -14,29 +14,3 @@ _validate_redirect_uri() { ynh_die --message="For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $target" 1 fi } - -_add_dummy_service() { - cat << EOF > /etc/systemd/system/whatever.service -[Unit] -Description=Whatever -After=network.target - -[Service] -WorkingDirectory=/redirect/ -ExecStart=python3 -m http.server -b 127.0.0.1 1234 -PrivateTmp=true - -[Install] -WantedBy=multi-user.target -EOF - - mkdir -p /redirect - mkdir -p /redirect/path - echo "helloworld" > /redirect/index.html - echo "helloworld" > /redirect/path/index.html - systemctl daemon-reload - ynh_systemd_action --service_name=whatever --action=enable - ynh_systemd_action --service_name=whatever --action=restart - - true -} diff --git a/scripts/install b/scripts/install index 4e7432c..351e62d 100644 --- a/scripts/install +++ b/scripts/install @@ -11,12 +11,6 @@ source /usr/share/yunohost/helpers _validate_redirect_uri -# When testing on the CI, we need a service to test the reverse-proxying -if [[ ${PACKAGE_CHECK_EXEC} == "1" ]] && [[ "$redirect_type" == "reverseproxy" ]] -then - _add_dummy_service -fi - #================================================= # CONFIGURE NGINX #================================================= diff --git a/scripts/restore b/scripts/restore index 926294b..060d0d0 100644 --- a/scripts/restore +++ b/scripts/restore @@ -8,12 +8,6 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/${domain}.d/${app}.conf" ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload -# When testing on the CI, we need a service to test the reverse-proxying -if [[ ${PACKAGE_CHECK_EXEC} == "1" ]] && [[ "$redirect_type" == "reverseproxy" ]] -then - _add_dummy_service -fi - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 52b7cad..3420a87 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -20,12 +20,6 @@ if [[ -z "${target:-}" ]] && [[ -n "${redirect_path:-}" ]]; then ynh_app_setting_set --app=$app --key=target --value="$target" fi -# When testing on the CI, we need a service to test the reverse-proxying -if [[ ${PACKAGE_CHECK_EXEC} == "1" ]] && [[ "$redirect_type" == "reverseproxy" ]] -then - _add_dummy_service -fi - #================================================= # CONFIGURE NGINX #================================================= diff --git a/tests.toml b/tests.toml index e1c4173..86d54c9 100644 --- a/tests.toml +++ b/tests.toml @@ -25,6 +25,55 @@ test_format = 1.0 exclude = ["install.private", "install.multi", "backup_restore", "change_url"] + preinstall = """ + cat << EOF > /etc/systemd/system/whatever.service +[Unit] +Description=Whatever +After=network.target + +[Service] +WorkingDirectory=/redirect/ +ExecStart=python3 -m http.server -b 127.0.0.1 1234 +PrivateTmp=true + +[Install] +WantedBy=multi-user.target +EOF + + mkdir -p /redirect + mkdir -p /redirect/path + echo "helloworld" > /redirect/index.html + echo "helloworld" > /redirect/path/index.html + systemctl daemon-reload + ynh_systemd_action --service_name=whatever --action=enable + ynh_systemd_action --service_name=whatever --action=restart + true +""" + preupgrade = """ + cat << EOF > /etc/systemd/system/whatever.service +[Unit] +Description=Whatever +After=network.target + +[Service] +WorkingDirectory=/redirect/ +ExecStart=python3 -m http.server -b 127.0.0.1 1234 +PrivateTmp=true + +[Install] +WantedBy=multi-user.target +EOF + + mkdir -p /redirect + mkdir -p /redirect/path + echo "helloworld" > /redirect/index.html + echo "helloworld" > /redirect/path/index.html + systemctl daemon-reload + ynh_systemd_action --service_name=whatever --action=enable + ynh_systemd_action --service_name=whatever --action=restart + true +""" + [reverseproxy.test_upgrade_from.09cf1c6b] name = "v1 era" args.domain = "domain.tld" From 62c1bdfdcc73c8eac547192335c7a75e0a52aa7e Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 6 Jan 2024 18:12:31 +0100 Subject: [PATCH 24/24] Merp --- tests.toml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests.toml b/tests.toml index 86d54c9..c21a5f0 100644 --- a/tests.toml +++ b/tests.toml @@ -45,8 +45,7 @@ EOF echo "helloworld" > /redirect/index.html echo "helloworld" > /redirect/path/index.html systemctl daemon-reload - ynh_systemd_action --service_name=whatever --action=enable - ynh_systemd_action --service_name=whatever --action=restart + systemctl enable whatever --now true """ preupgrade = """ @@ -69,8 +68,7 @@ EOF echo "helloworld" > /redirect/index.html echo "helloworld" > /redirect/path/index.html systemctl daemon-reload - ynh_systemd_action --service_name=whatever --action=enable - ynh_systemd_action --service_name=whatever --action=restart + systemctl enable whatever --now true """