YunoHost-Apps/reverseproxy_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/reverseproxy_ynh.git synced 2024-09-03 20:16:23 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1 from YunoHost-Apps/moredocs

Browse source 
Fix all the tests!
This commit is contained in:
selfhoster1312 2023-01-10 21:52:06 +01:00 committed by GitHub
commit 11f672c696
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 97 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -37,6 +37,10 @@ To support relative URLs from the backend, accessing the application via `http(s
It is possible that your backend service does not support setting up a "base URL" (custom web path). In that case, you will have to install the application on a dedicated (sub)domain. It is possible that your backend service does not support setting up a "base URL" (custom web path). In that case, you will have to install the application on a dedicated (sub)domain.
### Plaintext localhost backend
Plaintext HTTP backend is only allowed on localhost. For now, only 127.X.X.X is allowed. 10.X.X.X should also be supported.
## Documentation and resources ## Documentation and resources
* Official app website: <https://en.wikipedia.org/wiki/Reverse_proxy> * Official app website: <https://en.wikipedia.org/wiki/Reverse_proxy>

4
README_fr.md
View file

@ -37,6 +37,10 @@ Pour supporter les URLs relatives depuis le backend, accéder à l'application v
Il est possible que votre service backend ne supporte pas de configurer une "base URL" (chemin web personnalisé). Dans ce cas, il faudra installer l'application sur un (sous-)domaine dédié. Il est possible que votre service backend ne supporte pas de configurer une "base URL" (chemin web personnalisé). Dans ce cas, il faudra installer l'application sur un (sous-)domaine dédié.
### Backend localhost en clair (plaintext)
Les connexions en clair en HTTP au backend ne sont autorisées qu'en localhost sur les adresses 127.X.X.X. Il faudrait aussi supporter 10.X.X.X.
## Documentations et ressources ## Documentations et ressources
* Site officiel de l'app : <https://en.wikipedia.org/wiki/Reverse_proxy> * Site officiel de l'app : <https://en.wikipedia.org/wiki/Reverse_proxy>

7
check_process
View file

@ -2,20 +2,19 @@
; Manifest ; Manifest
domain="domain.tld" domain="domain.tld"
path="/path" path="/path"
proxy_path="http://127.0.0.1" proxy_path="http://127.0.0.1:6787"
assets_path="" assets_path="/usr/share/yunohost/admin"
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=1 setup_sub_dir=1
setup_root=1 setup_root=1
setup_nourl=0 setup_nourl=0
setup_private=0
setup_private=1 setup_private=1
setup_public=1 setup_public=1
upgrade=1 upgrade=1
backup_restore=1 backup_restore=1
multi_instance=1 multi_instance=1
change_url=0 change_url=1
;;; Options ;;; Options
Email= Email=
Notification=none Notification=none

17
conf/nginx.conf
View file

@ -1,4 +1,4 @@
location @__NAME____proxy { location @__NAME__--proxy {
proxy_pass __PROXY_PATH__; proxy_pass __PROXY_PATH__;
proxy_redirect off; proxy_redirect off;
proxy_set_header Host $host; proxy_set_header Host $host;
@ -12,17 +12,16 @@ location @__NAME____proxy {
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
more_clear_input_headers 'Accept-Encoding'; more_clear_input_headers 'Accept-Encoding';
} }
# Support relative URLs # Support relative URLs
location = __PATH_URL__ { __REDIRECT_BLOCK__
return 302 __PATH_URL__/;
}
location __PATH_URL__/ { location __PATH_URL_SLASH__ {
alias __ASSETS_PATH__; # Include SSOWAT user panel.
try_files $uri @__NAME____proxy; include conf.d/yunohost_panel.conf.inc;
__ASSETS_ALIAS__
__TRY_FILES__
} }

4
doc/DISCLAIMER.md
View file

@ -5,3 +5,7 @@ The request is transmitted as-is to the backend server. This usually means that
To support relative URLs from the backend, accessing the application via `http(s)://example.com/proxy` will permanent redirect (302) to `http(s)://example.com/proxy/` (trailing slash). Otherwise, a relative link like `<link rel="stylesheet" href="style.css">` would try to load `http(s)://example.com/style.css` which would fail. To support relative URLs from the backend, accessing the application via `http(s)://example.com/proxy` will permanent redirect (302) to `http(s)://example.com/proxy/` (trailing slash). Otherwise, a relative link like `<link rel="stylesheet" href="style.css">` would try to load `http(s)://example.com/style.css` which would fail.
It is possible that your backend service does not support setting up a "base URL" (custom web path). In that case, you will have to install the application on a dedicated (sub)domain. It is possible that your backend service does not support setting up a "base URL" (custom web path). In that case, you will have to install the application on a dedicated (sub)domain.
### Plaintext localhost backend
Plaintext HTTP backend is only allowed on localhost. For now, only 127.X.X.X is allowed. 10.X.X.X should also be supported.

4
doc/DISCLAIMER_fr.md
View file

@ -5,3 +5,7 @@ La requête est transmise telle-quelle au serveur backend. Cela veut usuellement
Pour supporter les URLs relatives depuis le backend, accéder à l'application via `http(s)://example.com/proxy` produit une redirection permanente (302) vers `http(s)://example.com/proxy/` (avec le slash de fin). Sinon, un lien relatif comme `<link rel="stylesheet" href="style.css">` essayerait de charger `http(s)://example.com/style.css`, ce qui échouerait. Pour supporter les URLs relatives depuis le backend, accéder à l'application via `http(s)://example.com/proxy` produit une redirection permanente (302) vers `http(s)://example.com/proxy/` (avec le slash de fin). Sinon, un lien relatif comme `<link rel="stylesheet" href="style.css">` essayerait de charger `http(s)://example.com/style.css`, ce qui échouerait.
Il est possible que votre service backend ne supporte pas de configurer une "base URL" (chemin web personnalisé). Dans ce cas, il faudra installer l'application sur un (sous-)domaine dédié. Il est possible que votre service backend ne supporte pas de configurer une "base URL" (chemin web personnalisé). Dans ce cas, il faudra installer l'application sur un (sous-)domaine dédié.
### Backend localhost en clair (plaintext)
Les connexions en clair en HTTP au backend ne sont autorisées qu'en localhost sur les adresses 127.X.X.X. Il faudrait aussi supporter 10.X.X.X.

38
scripts/_common.sh
View file

@ -3,8 +3,6 @@
# - plaintext http is only allowed to localhost (to avoid leaking credentials on the network) # - plaintext http is only allowed to localhost (to avoid leaking credentials on the network)
# - http(s) destination is webroot, no additional component allowed (eg. http://localhost:1234/test is invalid) # - http(s) destination is webroot, no additional component allowed (eg. http://localhost:1234/test is invalid)
rp_validate_proxy_path() { rp_validate_proxy_path() {
proxy_path="$1"
if [[ ! $proxy_path =~ '^unix:/' ]]; then if [[ ! $proxy_path =~ '^unix:/' ]]; then
url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$'
[[ ! $proxy_path =~ $url_regex ]] && ynh_die \ [[ ! $proxy_path =~ $url_regex ]] && ynh_die \
@ -24,3 +22,39 @@ rp_validate_proxy_path() {
fi fi
fi fi
} }
# Verify that the requested assets path is valid
# - is a local folder
# - ends with a /
# Sets the alias line for serving static files,
# and the try_files line for trying those static files first
rp_validate_assets_path() {
if [[ "$assets_path" = "" ]]; then
assets_alias="# No static files to serve"
try_files="try_files /dev/null @${app}--proxy;"
else
if [ ! -d "$assets_path" ]; then
ynh_die "Requested assets path "$assets_path" does not exist" 1
fi
if [[ ! "$assets_path" =~ /$ ]]; then
# Append missing trailing /
assets_path=""${assets_path}"/"
fi
assets_alias="alias $assets_path;"
try_files="try_files \$uri \$uri/ @${app}--proxy;"
fi
}
# When the app is not in the webroot (path_url = /), need to add a redirect block
# to app/ so relative URLs work
rp_handle_webroot() {
if [[ "$path_url" = "/" ]]; then
path_url_slash="/"
redirect_block="# Not needed for webroot"
else
path_url_slash=""$path_url"/"
redirect_block="location = "$path_url" { return 302 "$path_url_slash"; }"
fi
}

1
scripts/backup
View file

@ -23,6 +23,7 @@ ynh_print_info --message="Loading installation settings..."
# Retrieve arguments # Retrieve arguments
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
#================================================= #=================================================
# BACKUP THE NGINX CONFIGURATION # BACKUP THE NGINX CONFIGURATION

20
scripts/change_url
View file

@ -39,10 +39,28 @@ path_url="$new_path"
domain="$old_domain" domain="$old_domain"
proxy_path="$(ynh_app_setting_get --app=$app --key=proxy_path)" proxy_path="$(ynh_app_setting_get --app=$app --key=proxy_path)"
assets_path="$(ynh_app_setting_get --app=$app --key=assets_path)" assets_path="$(ynh_app_setting_get --app=$app --key=assets_path)"
# Validate reverse proxy destination
rp_validate_proxy_path
# Validate assets_path
rp_validate_assets_path
# Special case for "/" path_url
rp_handle_webroot
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
ynh_add_nginx_config ynh_add_nginx_config
# Move file to new domain if domain has changed # Move file to new domain if domain has changed
[[ "$old_domain" != "$new_domain" ]] && mv /etc/nginx/conf.d/$old_domain.d/$app.conf /etc/nginx/conf.d/$new_domain.d/$app.conf if [[ "$old_domain" != "$new_domain" ]]; then
new_nginx_conf_path=/etc/nginx/conf.d/$new_domain.d/$app.conf
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path $new_nginx_conf_path
ynh_store_file_checksum --file="$new_nginx_conf_path"
fi
#================================================= #=================================================

9
scripts/install
View file

@ -26,7 +26,6 @@ domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH path_url=$YNH_APP_ARG_PATH
proxy_path=$YNH_APP_ARG_PROXY_PATH proxy_path=$YNH_APP_ARG_PROXY_PATH
assets_path=$YNH_APP_ARG_ASSETS_PATH assets_path=$YNH_APP_ARG_ASSETS_PATH
[[ "$assets_path" = "" ]] && assets_path="/dev/null"
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
#================================================= #=================================================
@ -37,7 +36,13 @@ is_public=$YNH_APP_ARG_IS_PUBLIC
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
# Validate reverse proxy destination # Validate reverse proxy destination
rp_validate_proxy_path "$proxy_path" rp_validate_proxy_path
# Validate assets_path
rp_validate_assets_path
# Special case for "/" path_url
rp_handle_webroot
# Save extra settings # Save extra settings
ynh_app_setting_set --app=$app --key=proxy_path --value=$proxy_path ynh_app_setting_set --app=$app --key=proxy_path --value=$proxy_path

8
scripts/upgrade
View file

@ -39,7 +39,13 @@ ynh_abort_if_errors
#================================================= #=================================================
# Validate proxy destination # Validate proxy destination
rp_validate_proxy_path "$proxy_path" rp_validate_proxy_path
# Validate assets_path
rp_validate_assets_path
# Special case for "/" path_url
rp_handle_webroot
# Configure nginx # Configure nginx
ynh_script_progression --message="Configuring NGINX web server..." --weight=1 ynh_script_progression --message="Configuring NGINX web server..." --weight=1