2016-06-20 23:43:51 +02:00
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
2018-05-26 10:27:01 +02:00
|
|
|
|
#=================================================
|
|
|
|
|
|
# GENERIC START
|
|
|
|
|
|
#=================================================
|
|
|
|
|
|
# IMPORT GENERIC HELPERS
|
|
|
|
|
|
#=================================================
|
2016-06-20 23:43:51 +02:00
|
|
|
|
|
2018-05-26 10:27:01 +02:00
|
|
|
|
source /usr/share/yunohost/helpers
|
|
|
|
|
|
|
|
|
|
|
|
#=================================================
|
|
|
|
|
|
# MANAGE SCRIPT FAILURE
|
|
|
|
|
|
#=================================================
|
|
|
|
|
|
|
|
|
|
|
|
# Exit if an error occurs during the execution of the script
|
|
|
|
|
|
ynh_abort_if_errors
|
|
|
|
|
|
|
|
|
|
|
|
#=================================================
|
|
|
|
|
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
|
|
|
|
#=================================================
|
2016-06-20 23:43:51 +02:00
|
|
|
|
|
|
|
|
|
|
# Retrieve arguments
|
2019-05-15 18:42:44 +02:00
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
2016-06-20 23:43:51 +02:00
|
|
|
|
domain=$YNH_APP_ARG_DOMAIN
|
2019-05-09 19:57:27 +02:00
|
|
|
|
path_url=$YNH_APP_ARG_PATH
|
2016-06-20 23:43:51 +02:00
|
|
|
|
redirect_type=$YNH_APP_ARG_REDIRECT_TYPE
|
|
|
|
|
|
redirect_path=$YNH_APP_ARG_REDIRECT_PATH
|
|
|
|
|
|
|
|
|
|
|
|
# Check domain/path availability
|
2021-01-23 15:21:17 +01:00
|
|
|
|
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
|
2016-06-20 23:43:51 +02:00
|
|
|
|
|
|
|
|
|
|
# Validate redirect path
|
|
|
|
|
|
url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
|
2019-04-29 20:49:40 +02:00
|
|
|
|
[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1
|
2016-06-20 23:43:51 +02:00
|
|
|
|
|
2019-09-14 19:58:58 +02:00
|
|
|
|
# Avoid uncrypted remote destination with reverse proxy mode
|
|
|
|
|
|
# Indeed the SSO send the password in all requests in HTTP headers
|
2019-09-16 22:46:52 +02:00
|
|
|
|
url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$'
|
2019-09-14 19:58:58 +02:00
|
|
|
|
[[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \
|
|
|
|
|
|
"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1
|
|
|
|
|
|
|
2016-06-20 23:43:51 +02:00
|
|
|
|
# Save extra settings
|
2021-01-23 15:21:17 +01:00
|
|
|
|
ynh_app_setting_set --app=$app --key=redirect_type --value=$redirect_type
|
|
|
|
|
|
ynh_app_setting_set --app=$app --key=redirect_path --value=$redirect_path
|
2016-06-20 23:43:51 +02:00
|
|
|
|
|
2019-05-15 18:42:44 +02:00
|
|
|
|
#=================================================
|
|
|
|
|
|
# CONFIGURE NGINX
|
|
|
|
|
|
#=================================================
|
2021-01-23 15:21:17 +01:00
|
|
|
|
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
|
2019-05-15 18:42:44 +02:00
|
|
|
|
|
2016-06-20 23:43:51 +02:00
|
|
|
|
# Nginx configuration
|
2019-04-29 20:49:40 +02:00
|
|
|
|
for FILE in $(ls ../conf/nginx-*.conf)
|
|
|
|
|
|
do
|
2019-05-09 23:08:09 +02:00
|
|
|
|
ynh_replace_string "YNH_LOCATION" "$path_url" $FILE
|
2019-04-29 20:49:40 +02:00
|
|
|
|
done
|
2019-05-15 18:35:57 +02:00
|
|
|
|
if [ "$redirect_type" = "public_302" ];
|
2016-06-20 23:43:51 +02:00
|
|
|
|
then
|
2019-04-29 20:49:40 +02:00
|
|
|
|
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf
|
2018-05-26 10:01:42 +02:00
|
|
|
|
cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf
|
2019-05-15 18:35:57 +02:00
|
|
|
|
elif [ "$redirect_type" = "public_301" ];
|
2016-06-20 23:43:51 +02:00
|
|
|
|
then
|
2019-04-29 20:49:40 +02:00
|
|
|
|
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf
|
2018-05-26 10:01:42 +02:00
|
|
|
|
cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf
|
2019-05-15 18:35:57 +02:00
|
|
|
|
elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ];
|
2016-06-20 23:43:51 +02:00
|
|
|
|
then
|
2019-04-29 20:49:40 +02:00
|
|
|
|
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf
|
2018-05-26 10:01:42 +02:00
|
|
|
|
cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf
|
2016-06-20 23:43:51 +02:00
|
|
|
|
fi
|
|
|
|
|
|
|
2018-05-26 10:27:01 +02:00
|
|
|
|
#=================================================
|
2019-05-15 18:42:44 +02:00
|
|
|
|
# CONFIGURE SSOWAT
|
2018-05-26 10:27:01 +02:00
|
|
|
|
#=================================================
|
2021-01-23 15:21:17 +01:00
|
|
|
|
ynh_script_progression --message="Configuring permissions..." --weight=2
|
2018-05-26 10:27:01 +02:00
|
|
|
|
|
2016-06-20 23:43:51 +02:00
|
|
|
|
# Make app public if necessary
|
2019-05-15 18:35:57 +02:00
|
|
|
|
if [ "$redirect_type" != "private_proxy" ]
|
2016-06-20 23:43:51 +02:00
|
|
|
|
then
|
2018-05-26 10:27:01 +02:00
|
|
|
|
# unprotected_uris allows SSO credentials to be passed anyway.
|
2021-01-23 15:21:17 +01:00
|
|
|
|
ynh_permission_update --permission="main" --add="visitors"
|
2016-06-20 23:43:51 +02:00
|
|
|
|
fi
|
|
|
|
|
|
|
2021-01-23 15:21:17 +01:00
|
|
|
|
#=================================================
|
|
|
|
|
|
# RELOAD NGINX
|
|
|
|
|
|
#=================================================
|
|
|
|
|
|
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
|
|
|
|
|
|
|
|
|
|
|
|
ynh_systemd_action --service_name=nginx --action=reload
|
|
|
|
|
|
|
|
|
|
|
|
#=================================================
|
|
|
|
|
|
# END OF SCRIPT
|
|
|
|
|
|
#=================================================
|
|
|
|
|
|
|
|
|
|
|
|
ynh_script_progression --message="Installation of $app completed" --last
|
