First release of reverseproxy_ynh

This commit is contained in:
selfhoster1312 2023-01-08 14:33:31 +01:00
parent 62718ad5c4
commit 3e05849509
17 changed files with 269 additions and 323 deletions

View file

@ -3,64 +3,56 @@ N.B.: This README was automatically generated by https://github.com/YunoHost/app
It shall NOT be edited by hand. It shall NOT be edited by hand.
--> -->
# Redirect for YunoHost # Reverse Proxy for YunoHost
[![Integration level](https://dash.yunohost.org/integration/redirect.svg)](https://dash.yunohost.org/appci/app/redirect) ![Working status](https://ci-apps.yunohost.org/ci/badges/redirect.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/redirect.maintain.svg) [![Integration level](https://dash.yunohost.org/integration/reverseproxy.svg)](https://dash.yunohost.org/appci/app/reverseproxy) ![Working status](https://ci-apps.yunohost.org/ci/badges/reverseproxy.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/reverseproxy.maintain.svg)
[![Install Redirect with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=redirect) [![Install Reverse Proxy with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=reverseproxy)
*[Lire ce readme en français.](./README_fr.md)* *[Lire ce readme en français.](./README_fr.md)*
> *This package allows you to install Redirect quickly and simply on a YunoHost server. > *This package allows you to install Reverse Proxy quickly and simply on a YunoHost server.
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
## Overview ## Overview
This application allows to integrate a custom tile in YunoHost's user portal. Typical use cases include: This application allows to configure a HTTP(S) reverse proxy to serve another web service, as well as an (optional) static assets directory to serve directly from nginx. The application appears as a tile in the SSOWat panel, unless configured otherwise after install. The access to the application can be made public.
- **visible 301/302 redirect** : having a "virtual" app tile that's just a redirection to another url or external website
- **invisible redirect / reverse-proxy** : creating an app tile for a local app listening on a specific port, or a Docker container, or an app hosted on another machine
In technical terms: this app only adds a NGINX configuration snippet with either `redirect` or `proxy_pass` rule, and a YunoHost tile + appropriate SSOwat configuration. The supported backends are:
- plaintext HTTP to localhost (127.x.x.x)
- HTTPS to any destination
- socket file on local disk
Please be aware that SSOWat sends user credentials in plaintext to the backend, so do not use this application to reverse-proxy a service you don't trust (for example to mirror a site hosted by someone else).
**Shipped version:** 1.0.2~ynh1 **Shipped version:** 0.1~ynh1
## Disclaimers / important information ## Disclaimers / important information
## Redirect type ### Backend web path
### Visible redirect The request is transmitted as-is to the backend server. This usually means that the backend service shoudl be aware of the web path used to access the service. For example, if using the application is installed to `example.com/proxy`, your backend application should produce absolute links starting with `example.com/proxy/` too.
The client will be redirected to another url or external website To support relative URLs from the backend, accessing the application via `http(s)://example.com/proxy` will permanent redirect (302) to `http(s)://example.com/proxy/` (trailing slash). Otherwise, a relative link like `<link rel="stylesheet" href="style.css">` would try to load `http(s)://example.com/style.css` which would fail.
- `your-domain.com -> another-domain.net` It is possible that your backend service does not support setting up a "base URL" (custom web path). In that case, you will have to install the application on a dedicated (sub)domain.
- `your-domain.com/foo -> another-domain.net/bar`
### Invisible redirect (a.k.a "reverse-proxy")
Visitor's address bar will remain the same. Typically used to integrate into YunoHost a manually-installed app into the portal.
- `you-domain.com/foo -> http://172.0.0.1:8080/app`
**IMPORTANT:** you may have to further tweak the `redirect.conf` in the nginx configuration, depending on your needs!
**IMPORTANT:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ MUST be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/. For example : an Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/
## Documentation and resources ## Documentation and resources
* Official app website: <https://github.com/YunoHost-Apps/redirect_ynh> * Official app website: <https://en.wikipedia.org/wiki/Reverse_proxy>
* YunoHost documentation for this app: <https://yunohost.org/app_redirect> * YunoHost documentation for this app: <https://yunohost.org/app_reverseproxy>
* Report a bug: <https://github.com/YunoHost-Apps/redirect_ynh/issues> * Report a bug: <https://github.com/YunoHost-Apps/reverseproxy_ynh/issues>
## Developer info ## Developer info
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/redirect_ynh/tree/testing). Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/reverseproxy_ynh/tree/testing).
To try the testing branch, please proceed like that. To try the testing branch, please proceed like that.
``` bash ``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/redirect_ynh/tree/testing --debug sudo yunohost app install https://github.com/YunoHost-Apps/reverseproxy_ynh/tree/testing --debug
or or
sudo yunohost app upgrade redirect -u https://github.com/YunoHost-Apps/redirect_ynh/tree/testing --debug sudo yunohost app upgrade reverseproxy -u https://github.com/YunoHost-Apps/reverseproxy_ynh/tree/testing --debug
``` ```
**More info regarding app packaging:** <https://yunohost.org/packaging_apps> **More info regarding app packaging:** <https://yunohost.org/packaging_apps>

View file

@ -3,64 +3,56 @@ N.B.: This README was automatically generated by https://github.com/YunoHost/app
It shall NOT be edited by hand. It shall NOT be edited by hand.
--> -->
# Redirect pour YunoHost # Reverse Proxy pour YunoHost
[![Niveau d'intégration](https://dash.yunohost.org/integration/redirect.svg)](https://dash.yunohost.org/appci/app/redirect) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/redirect.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/redirect.maintain.svg) [![Niveau d'intégration](https://dash.yunohost.org/integration/reverseproxy.svg)](https://dash.yunohost.org/appci/app/reverseproxy) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/reverseproxy.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/reverseproxy.maintain.svg)
[![Installer Redirect avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=redirect) [![Installer Reverse Proxy avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=reverseproxy)
*[Read this readme in english.](./README.md)* *[Read this readme in english.](./README.md)*
> *Ce package vous permet d'installer Redirect rapidement et simplement sur un serveur YunoHost. > *Ce package vous permet d'installer Reverse Proxy rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
## Vue d'ensemble ## Vue d'ensemble
Cette application permet d'intégrée une tuile personalisée dans le portail utilisateur de YunoHost. Les cas d'usage typiques sont: Cette application permet de configurer un reverse proxy HTTP(S) pour servir un autre service web, ainsi qu'un dossier (optionnel) pour les assets statiques qui sera servi directement depuis nginx. L'application apparaît comme tuile dans le panel SSOWat, sauf si elle a été configurée autrement après l'installation. L'accès à l'application peut être rendu public.
- **redirection 301/302 visible** : avoir une tuile d'app "virtuelle" qui se contente de rediriger vers une autre url ou un site externe
- **redirection invisible / reverse-proxy** : créer une tuile pour une application locale écoutant sur un port précis, ou bien un conteneur Docker, ou encore une app hébergée sur une autre machine
En terme technique: cette app se contente de rajouter le morceau de configuration NGINX approprié avec soit `redirect` ou `proxy_pass`, et la tuile YunoHost + configuration SSOwat correspondante. Les backends supportés sont:
- HTTP en clair (plaintext) vers localhost (127.x.x.x)
- HTTPS vers n'importe quelle destination
- fichier socket sur disque local
Attention, SSOWat envoie les identifiants des utilisateurices en clair jusqu'au backend, donc n'utilisez pas cette application pour reverse-proxy un service dans lequel vous n'avez pas confiance (par exemple pour mirrorer un site hébergé par une autre personne).
**Version incluse :** 1.0.2~ynh1 **Version incluse :** 0.1~ynh1
## Avertissements / informations importantes ## Avertissements / informations importantes
## Types de redirection ### Chemin web du backend
### Redirection visible La requête est transmise telle-quelle au serveur backend. Cela veut usuellement dire que le service backend doit avoir connaissance du chemin web utilisé pour accéder au service. Par exemple, si l'application est installée sur `example.com/proxy`, votre application backend devrait produire des liens absolus commençant par `example.com/proxy/`.
Le client sera redirigé vers une autre URL ou site externe Pour supporter les URLs relatives depuis le backend, accéder à l'application via `http(s)://example.com/proxy` produit une redirection permanente (302) vers `http(s)://example.com/proxy/` (avec le slash de fin). Sinon, un lien relatif comme `<link rel="stylesheet" href="style.css">` essayerait de charger `http(s)://example.com/style.css`, ce qui échouerait.
- `votre-domaine.com -> un-autre-domaine.net` Il est possible que votre service backend ne supporte pas de configurer une "base URL" (chemin web personnalisé). Dans ce cas, il faudra installer l'application sur un (sous-)domaine dédié.
- `votre-domaine.com/foo -> un-autre-domaine.net/bar`
### Redirection invisible (a.k.a "reverse-proxy")
L'adresse du client restera inchangé dans le navigateur. Typiquement utilisé pour intéger dans YunoHost une application installée manuellement.
- `you-domain.com/foo -> http://172.0.0.1:8080/app`
**IMPORTANT:** il vous faudra peut-être bricoler manuellement `redirect.conf` dans la configuration nginx, en fonction de vos besoins.
**IMPORTANT:** Certaines apps ne supportent pas d'être redirigées depuis un chemin différent à cause du fonctionnement des liens relatifs ... Cela signifie que par exemple une app hébergée sur `http://127.0.0.1:5050/app/` DOIT être routé sur `http://domaine.tld/app/` et PAS http://domaine.tld/unautrechemin/. Par exemple: un conteneur Docker Odoo tourne sur `http://127.0.0.1:8069/`. Il ne sera pas capable de fonctionné correctement si il est routé sur `http://domaine.tld/odoo/` ! Il faut forcément l'installer à la racine d'un domaine, par exemple `http://odoo.domaine.tld/`
## Documentations et ressources ## Documentations et ressources
* Site officiel de l'app : <https://github.com/YunoHost-Apps/redirect_ynh> * Site officiel de l'app : <https://en.wikipedia.org/wiki/Reverse_proxy>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_redirect> * Documentation YunoHost pour cette app : <https://yunohost.org/app_reverseproxy>
* Signaler un bug : <https://github.com/YunoHost-Apps/redirect_ynh/issues> * Signaler un bug : <https://github.com/YunoHost-Apps/reverseproxy_ynh/issues>
## Informations pour les développeurs ## Informations pour les développeurs
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/redirect_ynh/tree/testing). Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/reverseproxy_ynh/tree/testing).
Pour essayer la branche testing, procédez comme suit. Pour essayer la branche testing, procédez comme suit.
``` bash ``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/redirect_ynh/tree/testing --debug sudo yunohost app install https://github.com/YunoHost-Apps/reverseproxy_ynh/tree/testing --debug
ou ou
sudo yunohost app upgrade redirect -u https://github.com/YunoHost-Apps/redirect_ynh/tree/testing --debug sudo yunohost app upgrade reverseproxy -u https://github.com/YunoHost-Apps/reverseproxy_ynh/tree/testing --debug
``` ```
**Plus d'infos sur le packaging d'applications :** <https://yunohost.org/packaging_apps> **Plus d'infos sur le packaging d'applications :** <https://yunohost.org/packaging_apps>

View file

@ -1,3 +0,0 @@
location YNH_LOCATION {
return 301 YNH_REDIRECT_PATH$request_uri;
}

View file

@ -1,3 +0,0 @@
location YNH_LOCATION {
return 302 YNH_REDIRECT_PATH$request_uri;
}

View file

@ -1,5 +1,5 @@
location YNH_LOCATION { location @YNH_APPNAME__proxy {
proxy_pass YNH_REDIRECT_PATH; proxy_pass YNH_PROXY_PATH;
proxy_redirect off; proxy_redirect off;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
@ -16,3 +16,13 @@ location YNH_LOCATION {
include conf.d/yunohost_panel.conf.inc; include conf.d/yunohost_panel.conf.inc;
more_clear_input_headers 'Accept-Encoding'; more_clear_input_headers 'Accept-Encoding';
} }
# Support relative URLs
location = YNH_LOCATION {
return 302 YNH_LOCATION/;
}
location YNH_LOCATION/ {
alias YNH_ASSETS_PATH;
try_files $uri @YNH_APPNAME__proxy;
}

View file

@ -1,5 +1,9 @@
This application allows to integrate a custom tile in YunoHost's user portal. Typical use cases include: This application allows to configure a HTTP(S) reverse proxy to serve another web service, as well as an (optional) static assets directory to serve directly from nginx. The application appears as a tile in the SSOWat panel, unless configured otherwise after install. The access to the application can be made public.
- **visible 301/302 redirect** : having a "virtual" app tile that's just a redirection to another url or external website
- **invisible redirect / reverse-proxy** : creating an app tile for a local app listening on a specific port, or a Docker container, or an app hosted on another machine
In technical terms: this app only adds a NGINX configuration snippet with either `redirect` or `proxy_pass` rule, and a YunoHost tile + appropriate SSOwat configuration. The supported backends are:
- plaintext HTTP to localhost (127.x.x.x)
- HTTPS to any destination
- socket file on local disk
Please be aware that SSOWat sends user credentials in plaintext to the backend, so do not use this application to reverse-proxy a service you don't trust (for example to mirror a site hosted by someone else).

View file

@ -1,5 +1,9 @@
Cette application permet d'intégrée une tuile personalisée dans le portail utilisateur de YunoHost. Les cas d'usage typiques sont: Cette application permet de configurer un reverse proxy HTTP(S) pour servir un autre service web, ainsi qu'un dossier (optionnel) pour les assets statiques qui sera servi directement depuis nginx. L'application apparaît comme tuile dans le panel SSOWat, sauf si elle a été configurée autrement après l'installation. L'accès à l'application peut être rendu public.
- **redirection 301/302 visible** : avoir une tuile d'app "virtuelle" qui se contente de rediriger vers une autre url ou un site externe
- **redirection invisible / reverse-proxy** : créer une tuile pour une application locale écoutant sur un port précis, ou bien un conteneur Docker, ou encore une app hébergée sur une autre machine
En terme technique: cette app se contente de rajouter le morceau de configuration NGINX approprié avec soit `redirect` ou `proxy_pass`, et la tuile YunoHost + configuration SSOwat correspondante. Les backends supportés sont:
- HTTP en clair (plaintext) vers localhost (127.x.x.x)
- HTTPS vers n'importe quelle destination
- fichier socket sur disque local
Attention, SSOWat envoie les identifiants des utilisateurices en clair jusqu'au backend, donc n'utilisez pas cette application pour reverse-proxy un service dans lequel vous n'avez pas confiance (par exemple pour mirrorer un site hébergé par une autre personne).

View file

@ -1,18 +1,7 @@
## Redirect type ### Backend web path
### Visible redirect The request is transmitted as-is to the backend server. This usually means that the backend service shoudl be aware of the web path used to access the service. For example, if using the application is installed to `example.com/proxy`, your backend application should produce absolute links starting with `example.com/proxy/` too.
The client will be redirected to another url or external website To support relative URLs from the backend, accessing the application via `http(s)://example.com/proxy` will permanent redirect (302) to `http(s)://example.com/proxy/` (trailing slash). Otherwise, a relative link like `<link rel="stylesheet" href="style.css">` would try to load `http(s)://example.com/style.css` which would fail.
- `your-domain.com -> another-domain.net` It is possible that your backend service does not support setting up a "base URL" (custom web path). In that case, you will have to install the application on a dedicated (sub)domain.
- `your-domain.com/foo -> another-domain.net/bar`
### Invisible redirect (a.k.a "reverse-proxy")
Visitor's address bar will remain the same. Typically used to integrate into YunoHost a manually-installed app into the portal.
- `you-domain.com/foo -> http://172.0.0.1:8080/app`
**IMPORTANT:** you may have to further tweak the `redirect.conf` in the nginx configuration, depending on your needs!
**IMPORTANT:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ MUST be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/. For example : an Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/

View file

@ -1,18 +1,7 @@
## Types de redirection ### Chemin web du backend
### Redirection visible La requête est transmise telle-quelle au serveur backend. Cela veut usuellement dire que le service backend doit avoir connaissance du chemin web utilisé pour accéder au service. Par exemple, si l'application est installée sur `example.com/proxy`, votre application backend devrait produire des liens absolus commençant par `example.com/proxy/`.
Le client sera redirigé vers une autre URL ou site externe Pour supporter les URLs relatives depuis le backend, accéder à l'application via `http(s)://example.com/proxy` produit une redirection permanente (302) vers `http(s)://example.com/proxy/` (avec le slash de fin). Sinon, un lien relatif comme `<link rel="stylesheet" href="style.css">` essayerait de charger `http(s)://example.com/style.css`, ce qui échouerait.
- `votre-domaine.com -> un-autre-domaine.net` Il est possible que votre service backend ne supporte pas de configurer une "base URL" (chemin web personnalisé). Dans ce cas, il faudra installer l'application sur un (sous-)domaine dédié.
- `votre-domaine.com/foo -> un-autre-domaine.net/bar`
### Redirection invisible (a.k.a "reverse-proxy")
L'adresse du client restera inchangé dans le navigateur. Typiquement utilisé pour intéger dans YunoHost une application installée manuellement.
- `you-domain.com/foo -> http://172.0.0.1:8080/app`
**IMPORTANT:** il vous faudra peut-être bricoler manuellement `redirect.conf` dans la configuration nginx, en fonction de vos besoins.
**IMPORTANT:** Certaines apps ne supportent pas d'être redirigées depuis un chemin différent à cause du fonctionnement des liens relatifs ... Cela signifie que par exemple une app hébergée sur `http://127.0.0.1:5050/app/` DOIT être routé sur `http://domaine.tld/app/` et PAS http://domaine.tld/unautrechemin/. Par exemple: un conteneur Docker Odoo tourne sur `http://127.0.0.1:8069/`. Il ne sera pas capable de fonctionné correctement si il est routé sur `http://domaine.tld/odoo/` ! Il faut forcément l'installer à la racine d'un domaine, par exemple `http://odoo.domaine.tld/`

View file

@ -1,21 +1,20 @@
{ {
"name": "Redirect", "name": "Reverse Proxy",
"id": "redirect", "id": "reverseproxy",
"packaging_format": 1, "packaging_format": 1,
"description": { "description": {
"en": "Create a redirection or a proxy to another path", "en": "Create a reverse proxy to a socket/port, optionally serve static files from folder",
"fr": "Créer une redirection ou un proxy vers un autre emplacement" "fr": "Créer un reverse proxy vers un socket/port, optionnellement servir des fichiers statiques depuis un dossier"
}, },
"version": "1.0.2~ynh1", "version": "0.1~ynh1",
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
"url": "https://github.com/YunoHost-Apps/redirect_ynh", "url": "https://en.wikipedia.org/wiki/Reverse_proxy",
"upstream": { "upstream": {
"license": "AGPL-3.0-or-later", "website": "https://en.wikipedia.org/wiki/Reverse_proxy"
"website": "https://github.com/YunoHost-Apps/redirect_ynh"
}, },
"maintainer": { "maintainer": {
"name": "alexAubin", "name": "selfhoster1312",
"email": "alex.aubin@mailoo.org" "email": "selfhoster1312@kl.netlib.re"
}, },
"requirements": { "requirements": {
"yunohost": ">= 4.2.0" "yunohost": ">= 4.2.0"
@ -28,39 +27,36 @@
"install" : [ "install" : [
{ {
"name": "domain", "name": "domain",
"type": "domain", "type": "domain"
"example": "domain.org"
}, },
{ {
"name": "path", "name": "path",
"type": "path", "type": "path",
"example": "/redirect", "example": "/proxy"
"default": "/redirect"
}, },
{ {
"name": "redirect_path", "name": "proxy_path",
"type": "string", "type": "string",
"ask": { "ask": {
"en": "Redirect destination path", "en": "Redirect destination path (unix:/file for socket)",
"fr": "Emplacement de destination" "fr": "Emplacement de destination (unix:/fichier pour socket)"
}, },
"example": "http://127.0.0.1:8080/app/", "example": "http://127.0.0.1:8080/app/"
"default": "http://127.0.0.1"
}, },
{ {
"name": "redirect_type", "name": "is_public",
"type": "boolean",
"default": false
},
{
"name": "assets_path",
"type": "string", "type": "string",
"ask": { "ask": {
"en": "Redirect type", "en": "Static assets folder",
"fr": "Type de redirection" "fr": "Dossier pour les fichiers statiques"
}, },
"choices": { "optional": true,
"public_302": "Visible redirect (302, temporary). Everybody will be able to access it.", "example": "/opt/foo/www/"
"public_301": "Visible redirect (301, permanent). Everybody will be able to access it.",
"public_proxy": "Proxy, invisible (NGINX proxy_pass). Everybody will be able to access it.",
"private_proxy": "Proxy, invisible (NGINX proxy_pass). Only accessible for allowed users."
},
"default": "public_302"
} }
] ]
} }

53
scripts/_common.sh Normal file
View file

@ -0,0 +1,53 @@
# Verify that the requested reverse proxy destination is valid:
# - protocol is http(s):// or unix: for socket file
# - plaintext http is only allowed to localhost (to avoid leaking credentials on the network)
# - http(s) destination is webroot, no additional component allowed (eg. http://localhost:1234/test is invalid)
rp_validate_proxy_path() {
proxy_path="$1"
if [[ ! $proxy_path =~ '^unix:/' ]]; then
url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$'
[[ ! $proxy_path =~ $url_regex ]] && ynh_die \
"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $proxy_path" 1
fi
# Don't allow trailing slash or additional URI components in proxy_path
if [[ "$proxy_path" =~ ^https?:// ]]; then
res="${proxy_path//[^\/]}"
if [[ "${#res}" != "2" ]]; then
if [[ "${#res}" = "3" ]] && [[ "$proxy_path" =~ /$ ]]; then
# If it's only one trailing slash (no more components), just remove it
proxy_path="${proxy_path::-1}"
else
ynh_die "Reverse proxy URL cannot contain additional slashes or components: $proxy_path" 1
fi
fi
fi
}
# Make reverse proxy public if $1 is 1
# Yunohost boolean params are 1 if true
rp_make_permissions() {
#ynh_script_progression --message="Configuring permissions..." --weight=2
if [ $1 = 1 ]; then
ynh_permission_update --permission="main" --add="visitors"
fi
}
# (re)generate nginx config
rp_make_webconfig() {
#ynh_script_progression --message="Configuring NGINX web server..." --weight=1
# Nginx configuration
ynh_replace_string "YNH_LOCATION" "$path_url" ../conf/nginx.conf
ynh_replace_string "YNH_PROXY_PATH" "$proxy_path" ../conf/nginx.conf
ynh_replace_string "YNH_APPNAME" "$app" ../conf/nginx.conf
ynh_replace_string "YNH_ASSETS_PATH" "$assets_path" ../conf/nginx.conf
cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
}
rp_reload_web() {
#ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
}

View file

@ -6,6 +6,7 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#================================================= #=================================================
@ -22,7 +23,6 @@ ynh_print_info --message="Loading installation settings..."
# Retrieve arguments # Retrieve arguments
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
#================================================= #=================================================
# BACKUP THE NGINX CONFIGURATION # BACKUP THE NGINX CONFIGURATION

52
scripts/change_url Normal file
View file

@ -0,0 +1,52 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
source _common.sh
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
app=$YNH_APP_INSTANCE_NAME
old_domain=$YNH_APP_OLD_DOMAIN
new_domain=$YNH_APP_NEW_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_path=$YNH_APP_NEW_PATH
# Path availability is already checked for
#=================================================
# CONFIGURE NGINX
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
# Nginx configuration
ynh_replace_string "$old_path {" "$new_path {" /etc/nginx/conf.d/$old_domain.d/$app.conf
ynh_replace_string "${old_path}/ {" "${new_path}/ {" /etc/nginx/conf.d/$old_domain.d/$app.conf
ynh_replace_string "302 ${old_path}/" "302 ${new_path}/" /etc/nginx/conf.d/$old_domain.d/$app.conf
# Maybe only path part has changed... only move file if domain has changed
[[ "$old_domain" != "$new_domain" ]] && mv /etc/nginx/conf.d/$old_domain.d/$app.conf /etc/nginx/conf.d/$new_domain.d/$app.conf
# Reload nginx
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
rp_reload_web
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Changing URL of $app completed" --last

View file

@ -6,6 +6,7 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#================================================= #=================================================
@ -23,68 +24,36 @@ ynh_abort_if_errors
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH path_url=$YNH_APP_ARG_PATH
redirect_type=$YNH_APP_ARG_REDIRECT_TYPE proxy_path=$YNH_APP_ARG_PROXY_PATH
redirect_path=$YNH_APP_ARG_REDIRECT_PATH assets_path=$YNH_APP_ARG_ASSETS_PATH
[[ "$assets_path" = "" ]] && assets_path="/dev/null"
is_public=$YNH_APP_ARG_IS_PUBLIC
#=================================================
# REVERSE PROXY LOGIC
#=================================================
# Check domain/path availability # Check domain/path availability
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
# Validate redirect path # Validate reverse proxy destination
url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' rp_validate_proxy_path "$proxy_path"
[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1
# Avoid uncrypted remote destination with reverse proxy mode # Save extra settings
# Indeed the SSO send the password in all requests in HTTP headers ynh_app_setting_set --app=$app --key=proxy_path --value=$proxy_path
url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' ynh_app_setting_set --app=$app --key=assets_path --value=$assets_path
[[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \
"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1
# Save extra settings # Configure nginx
ynh_app_setting_set --app=$app --key=redirect_type --value=$redirect_type
ynh_app_setting_set --app=$app --key=redirect_path --value=$redirect_path
#=================================================
# CONFIGURE NGINX
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1 ynh_script_progression --message="Configuring NGINX web server..." --weight=1
rp_make_webconfig
# Nginx configuration
for FILE in $(ls ../conf/nginx-*.conf)
do
ynh_replace_string "YNH_LOCATION" "$path_url" $FILE
done
if [ "$redirect_type" = "public_302" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf
cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf
elif [ "$redirect_type" = "public_301" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf
cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf
elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf
cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf
fi
#=================================================
# CONFIGURE SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=2
# Make app public if necessary # Make app public if necessary
if [ "$redirect_type" != "private_proxy" ] ynh_script_progression --message="Configuring permissions..." --weight=2
then rp_make_permissions $is_public
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_permission_update --permission="main" --add="visitors"
fi
#================================================= # Reload nginx
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_script_progression --message="Reloading NGINX web server..." --weight=1
rp_reload_web
ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

View file

@ -6,6 +6,7 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#================================================= #=================================================
@ -24,12 +25,9 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
# Remove configuration files # Remove configuration files
ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf
#================================================= # Reload nginx
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_script_progression --message="Reloading NGINX web server..." --weight=1
rp_reload_web
ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

View file

@ -6,6 +6,7 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#================================================= #=================================================
@ -23,12 +24,11 @@ ynh_abort_if_errors
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path) path_url=$(ynh_app_setting_get --app=$app --key=path)
redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type) proxy_path=$(ynh_app_setting_get --app=$app --key=proxy_path)
redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path) assets_path=$(ynh_app_setting_get --app=$app --key=assets_path)
# Validate redirect path # Revalidate destination path
url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]' rp_validate_proxy_path "$proxy_path"
[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1
# Check configuration files # Check configuration files
NGINX_CONF="/etc/nginx/conf.d/${domain}.d/${app}.conf" NGINX_CONF="/etc/nginx/conf.d/${domain}.d/${app}.conf"
@ -37,23 +37,8 @@ NGINX_CONF="/etc/nginx/conf.d/${domain}.d/${app}.conf"
# Restore configuration files # Restore configuration files
ynh_restore_file "$NGINX_CONF" ynh_restore_file "$NGINX_CONF"
#================================================= # Reload nginx
# SETUP SSOWAT rp_reload_web
#=================================================
# Make app public if necessary
if [ "$redirect_type" != "private_proxy" ]
then
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_permission_update --permission="main" --add="visitors"
fi
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

View file

@ -7,6 +7,7 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#================================================= #=================================================
@ -17,60 +18,8 @@ source /usr/share/yunohost/helpers
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path) path_url=$(ynh_app_setting_get --app=$app --key=path)
redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type) proxy_path=$(ynh_app_setting_get --app=$app --key=proxy_path)
redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path) assets_path=$(ynh_app_setting_get --app=$app --key=assets_path)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
# Fix is_public as a boolean value
# Default value for redirect_type if upgrading from https://github.com/scith/redirect_ynh
if [ -z "$redirect_type" ];
then
redirect_type="proxy"
ynh_app_setting_set $app 'redirect_type' $redirect_type
fi
# Migrate away from old stuff with 'is_public' and old redirect type names
is_public=$(ynh_app_setting_get "$app" is_public)
if [ -n "$is_public" ]
then
if [ "$is_public" = "Yes" ]; then
is_public=1
elif [ "$is_public" = "No" ]; then
is_public=0
fi
if [ "$is_public" = "0" ] && [ "$redirect_type" != "proxy" ]; then
echo "WARNING: You previously had a 'supposedly' private 301 or 302 redirection... but it was found that it was public all along and it is not easy to create such a private redirection. Your 301 or 302 redirection will be re-flagged as public..." >&2
is_public=1
fi
if [ "$redirect_type" == "proxy" ] && [ "$is_public" = "1" ]
then
redirect_type="public_proxy"
elif [ "$redirect_type" == "proxy" ] && [ "$is_public" = "0" ]
then
redirect_type="private_proxy"
elif [ "$redirect_type" == "visible_302" ]
then
redirect_type="public_302"
elif [ "$redirect_type" == "visible_301" ]
then
redirect_type="public_301"
fi
ynh_app_setting_set $app 'redirect_type' $redirect_type
fi
# Migrate legacy permissions to new system
if ynh_legacy_permissions_exists
then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
#================================================= #=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
@ -85,50 +34,20 @@ ynh_clean_setup () {
# Exit if an error occurs during the execution of the script # Exit if an error occurs during the execution of the script
ynh_abort_if_errors ynh_abort_if_errors
# Validate redirect path
url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1
#================================================= #=================================================
# CONFIGURE NGINX # REVERSE PROXY LOGIC
#================================================= #=================================================
# Nginx configuration # Validate proxy destination
for FILE in $(ls ../conf/nginx-*.conf) rp_validate_proxy_path "$proxy_path"
do
ynh_replace_string "YNH_LOCATION" "$path_url" $FILE
done
if [ "$redirect_type" = "public_302" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf
cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf
elif [ "$redirect_type" = "public_301" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf
cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf
elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf
cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf
fi
#================================================= # Configure nginx
# CONFIGURE SSOWAT ynh_script_progression --message="Configuring NGINX web server..." --weight=1
#================================================= rp_make_webconfig
# Make app public if necessary # Reload nginx
if [ "$redirect_type" != "private_proxy" ]
then
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_permission_update --permission="main" --add="visitors"
fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_script_progression --message="Reloading NGINX web server..." --weight=1
rp_reload_web
ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT