#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= # source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= # This is a multi-instance app, meaning it can be installed several times independently # The id of the app as stated in the manifest is available as $YNH_APP_ID # The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) # The app instance name is available as $YNH_APP_INSTANCE_NAME # - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample # - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 # - ynhexample__{N} for the subsequent installations, with N=3,4, ... # The app instance name is probably what you are interested the most, since this is # guaranteed to be unique. This is a good unique identifier to define installation path, # db names, ... app=$YNH_APP_INSTANCE_NAME # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN path=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC redirect_type=$YNH_APP_ARG_REDIRECT_TYPE redirect_path=$YNH_APP_ARG_REDIRECT_PATH # Remove trailing slash to path path=${path%/} #force location to be / or /foo location=${path:-/} # Check domain/path availability yunohost app checkurl $domain$path -a $app \ || ynh_die "Path not available: $domain$path" # Validate redirect path url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' [[ ! $redirect_path =~ $url_regex ]] && ynh_die \ "Invalid destination: $redirect_path" 1 # Avoid uncrypted remote destination with reverse proxy mode # Indeed the SSO send the password in all requests in HTTP headers url_regex='(http://(127.\d+.\d+.\d+|localhost)(:\d+)?/|https://)[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' [[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \ "For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1 # Save extra settings yunohost app setting $app is_public -v "$is_public" yunohost app setting $app redirect_type -v "$redirect_type" yunohost app setting $app redirect_path -v "$redirect_path" # Nginx configuration sed -i "s@YNH_LOCATION@$location@g" ../conf/nginx-*.conf if [ "$redirect_type" = "visible_302" ]; then sed -i "s@YNH_REDIRECT_PATH@$redirect_path@g" ../conf/nginx-visible-302.conf cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf elif [ "$redirect_type" = "visible_301" ]; then sed -i "s@YNH_REDIRECT_PATH@$redirect_path@g" ../conf/nginx-visible-301.conf cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf elif [ "$redirect_type" = "proxy" ]; then sed -i "s@YNH_REDIRECT_PATH@$redirect_path@g" ../conf/nginx-proxy.conf cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf fi #================================================= # SETUP SSOWAT #================================================= if [[ "$is_public" -eq 0 ]] then # Remove the public access ynh_app_setting_delete "$app" skipped_uris fi # Make app public if necessary if [[ "$is_public" -eq 1 ]] then # unprotected_uris allows SSO credentials to be passed anyway. ynh_app_setting_set "$app" unprotected_uris "/" fi # Reload Nginx and regenerate SSOwat conf service nginx reload yunohost app ssowatconf