#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= # Retrieve arguments app=$YNH_APP_INSTANCE_NAME domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH redirect_type=$YNH_APP_ARG_REDIRECT_TYPE redirect_path=$YNH_APP_ARG_REDIRECT_PATH is_public=${YNH_APP_ARG_IS_PUBLIC:-1} propagate_subpath=$(echo $YNH_APP_ARG_REDIRECT_TYPE | grep -q subpath && echo 1 || echo 0) frame_ancestors="'none'" client_max_body_size="1m" #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." --weight=1 # Validate redirect path url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' [[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1 # Avoid uncrypted remote destination with reverse proxy mode # Indeed the SSO send the password in all requests in HTTP headers url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' [[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \ "For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1 if [ $is_public -eq 0 ] && [[ $redirect_type != "proxy" ]] then is_public=1 YNH_APP_ARG_IS_PUBLIC=1 ynh_warn "HTTP private redirection are not supported. Your redirection has been reflagged as public." fi # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." --weight=1 # Save extra settings ynh_app_setting_set --app=$app --key=redirect_type --value=$redirect_type ynh_app_setting_set --app=$app --key=redirect_path --value=$redirect_path ynh_app_setting_set --app=$app --key=frame_ancestors --value="'none'" ynh_app_setting_set --app=$app --key=client_max_body_size --value="1m" #================================================= # SPECIFIC SETUP #================================================= ynh_script_progression --message="Preparing NGINX web server configuration..." --weight=1 cp ../conf/nginx-$redirect_type.conf ../conf/nginx.conf #================================================= #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 # Make app public if necessary if [ $is_public -eq 1 ] then # Everyone can access the app. # The "main" permission is automatically created before the install script. if [[ $redirect_type != "proxy" ]] then ynh_permission_update --permission="main" --add="visitors" --protected=1 else ynh_permission_update --permission="main" --add="visitors" fi fi #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last