YunoHost-Apps/reverseproxy_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/reverseproxy_ynh.git synced 2024-09-03 20:16:23 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

First release of reverseproxy_ynh

Browse source
This commit is contained in:
selfhoster1312 2023-01-08 14:33:31 +01:00
parent 62718ad5c4
commit 3e05849509
17 changed files with 269 additions and 323 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
README.md
View file

@ -3,64 +3,56 @@ N.B.: This README was automatically generated by https://github.com/YunoHost/app
It shall NOT be edited by hand.
-->
# Redirect for YunoHost
# Reverse Proxy for YunoHost
[![Integration level](https://dash.yunohost.org/integration/redirect.svg)](https://dash.yunohost.org/appci/app/redirect) ![Working status](https://ci-apps.yunohost.org/ci/badges/redirect.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/redirect.maintain.svg)
[![Install Redirect with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=redirect)
[![Integration level](https://dash.yunohost.org/integration/reverseproxy.svg)](https://dash.yunohost.org/appci/app/reverseproxy) ![Working status](https://ci-apps.yunohost.org/ci/badges/reverseproxy.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/reverseproxy.maintain.svg)
[![Install Reverse Proxy with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=reverseproxy)
*[Lire ce readme en français.](./README_fr.md)*
> *This package allows you to install Redirect quickly and simply on a YunoHost server.
> *This package allows you to install Reverse Proxy quickly and simply on a YunoHost server.
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
## Overview
This application allows to integrate a custom tile in YunoHost's user portal. Typical use cases include:
- **visible 301/302 redirect** : having a "virtual" app tile that's just a redirection to another url or external website
- **invisible redirect / reverse-proxy** : creating an app tile for a local app listening on a specific port, or a Docker container, or an app hosted on another machine
This application allows to configure a HTTP(S) reverse proxy to serve another web service, as well as an (optional) static assets directory to serve directly from nginx. The application appears as a tile in the SSOWat panel, unless configured otherwise after install. The access to the application can be made public.
In technical terms: this app only adds a NGINX configuration snippet with either `redirect` or `proxy_pass` rule, and a YunoHost tile + appropriate SSOwat configuration.
The supported backends are:
- plaintext HTTP to localhost (127.x.x.x)
- HTTPS to any destination
- socket file on local disk
Please be aware that SSOWat sends user credentials in plaintext to the backend, so do not use this application to reverse-proxy a service you don't trust (for example to mirror a site hosted by someone else).
**Shipped version:** 1.0.2~ynh1
**Shipped version:** 0.1~ynh1
## Disclaimers / important information
## Redirect type
### Backend web path
### Visible redirect
The request is transmitted as-is to the backend server. This usually means that the backend service shoudl be aware of the web path used to access the service. For example, if using the application is installed to `example.com/proxy`, your backend application should produce absolute links starting with `example.com/proxy/` too.
The client will be redirected to another url or external website
To support relative URLs from the backend, accessing the application via `http(s)://example.com/proxy` will permanent redirect (302) to `http(s)://example.com/proxy/` (trailing slash). Otherwise, a relative link like `<link rel="stylesheet" href="style.css">` would try to load `http(s)://example.com/style.css` which would fail.
- `your-domain.com -> another-domain.net`
- `your-domain.com/foo -> another-domain.net/bar`
### Invisible redirect (a.k.a "reverse-proxy")
Visitor's address bar will remain the same. Typically used to integrate into YunoHost a manually-installed app into the portal.
- `you-domain.com/foo -> http://172.0.0.1:8080/app`
**IMPORTANT:** you may have to further tweak the `redirect.conf` in the nginx configuration, depending on your needs!
**IMPORTANT:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ MUST be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/. For example : an Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/
It is possible that your backend service does not support setting up a "base URL" (custom web path). In that case, you will have to install the application on a dedicated (sub)domain.
## Documentation and resources
* Official app website: <https://github.com/YunoHost-Apps/redirect_ynh>
* YunoHost documentation for this app: <https://yunohost.org/app_redirect>
* Report a bug: <https://github.com/YunoHost-Apps/redirect_ynh/issues>
* Official app website: <https://en.wikipedia.org/wiki/Reverse_proxy>
* YunoHost documentation for this app: <https://yunohost.org/app_reverseproxy>
* Report a bug: <https://github.com/YunoHost-Apps/reverseproxy_ynh/issues>
## Developer info
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/redirect_ynh/tree/testing).
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/reverseproxy_ynh/tree/testing).
To try the testing branch, please proceed like that.
``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/redirect_ynh/tree/testing --debug
sudo yunohost app install https://github.com/YunoHost-Apps/reverseproxy_ynh/tree/testing --debug
or
sudo yunohost app upgrade redirect -u https://github.com/YunoHost-Apps/redirect_ynh/tree/testing --debug
sudo yunohost app upgrade reverseproxy -u https://github.com/YunoHost-Apps/reverseproxy_ynh/tree/testing --debug
```
**More info regarding app packaging:** <https://yunohost.org/packaging_apps>

54
README_fr.md
View file

@ -3,64 +3,56 @@ N.B.: This README was automatically generated by https://github.com/YunoHost/app
It shall NOT be edited by hand.
-->
# Redirect pour YunoHost
# Reverse Proxy pour YunoHost
[![Niveau d'intégration](https://dash.yunohost.org/integration/redirect.svg)](https://dash.yunohost.org/appci/app/redirect) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/redirect.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/redirect.maintain.svg)
[![Installer Redirect avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=redirect)
[![Niveau d'intégration](https://dash.yunohost.org/integration/reverseproxy.svg)](https://dash.yunohost.org/appci/app/reverseproxy) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/reverseproxy.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/reverseproxy.maintain.svg)
[![Installer Reverse Proxy avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=reverseproxy)
*[Read this readme in english.](./README.md)*
> *Ce package vous permet d'installer Redirect rapidement et simplement sur un serveur YunoHost.
> *Ce package vous permet d'installer Reverse Proxy rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
## Vue d'ensemble
Cette application permet d'intégrée une tuile personalisée dans le portail utilisateur de YunoHost. Les cas d'usage typiques sont:
- **redirection 301/302 visible** : avoir une tuile d'app "virtuelle" qui se contente de rediriger vers une autre url ou un site externe
- **redirection invisible / reverse-proxy** : créer une tuile pour une application locale écoutant sur un port précis, ou bien un conteneur Docker, ou encore une app hébergée sur une autre machine
Cette application permet de configurer un reverse proxy HTTP(S) pour servir un autre service web, ainsi qu'un dossier (optionnel) pour les assets statiques qui sera servi directement depuis nginx. L'application apparaît comme tuile dans le panel SSOWat, sauf si elle a été configurée autrement après l'installation. L'accès à l'application peut être rendu public.
En terme technique: cette app se contente de rajouter le morceau de configuration NGINX approprié avec soit `redirect` ou `proxy_pass`, et la tuile YunoHost + configuration SSOwat correspondante.
Les backends supportés sont:
- HTTP en clair (plaintext) vers localhost (127.x.x.x)
- HTTPS vers n'importe quelle destination
- fichier socket sur disque local
Attention, SSOWat envoie les identifiants des utilisateurices en clair jusqu'au backend, donc n'utilisez pas cette application pour reverse-proxy un service dans lequel vous n'avez pas confiance (par exemple pour mirrorer un site hébergé par une autre personne).
**Version incluse :** 1.0.2~ynh1
**Version incluse :** 0.1~ynh1
## Avertissements / informations importantes
## Types de redirection
### Chemin web du backend
### Redirection visible
La requête est transmise telle-quelle au serveur backend. Cela veut usuellement dire que le service backend doit avoir connaissance du chemin web utilisé pour accéder au service. Par exemple, si l'application est installée sur `example.com/proxy`, votre application backend devrait produire des liens absolus commençant par `example.com/proxy/`.
Le client sera redirigé vers une autre URL ou site externe
Pour supporter les URLs relatives depuis le backend, accéder à l'application via `http(s)://example.com/proxy` produit une redirection permanente (302) vers `http(s)://example.com/proxy/` (avec le slash de fin). Sinon, un lien relatif comme `<link rel="stylesheet" href="style.css">` essayerait de charger `http(s)://example.com/style.css`, ce qui échouerait.
- `votre-domaine.com -> un-autre-domaine.net`
- `votre-domaine.com/foo -> un-autre-domaine.net/bar`
### Redirection invisible (a.k.a "reverse-proxy")
L'adresse du client restera inchangé dans le navigateur. Typiquement utilisé pour intéger dans YunoHost une application installée manuellement.
- `you-domain.com/foo -> http://172.0.0.1:8080/app`
**IMPORTANT:** il vous faudra peut-être bricoler manuellement `redirect.conf` dans la configuration nginx, en fonction de vos besoins.
**IMPORTANT:** Certaines apps ne supportent pas d'être redirigées depuis un chemin différent à cause du fonctionnement des liens relatifs ... Cela signifie que par exemple une app hébergée sur `http://127.0.0.1:5050/app/` DOIT être routé sur `http://domaine.tld/app/` et PAS http://domaine.tld/unautrechemin/. Par exemple: un conteneur Docker Odoo tourne sur `http://127.0.0.1:8069/`. Il ne sera pas capable de fonctionné correctement si il est routé sur `http://domaine.tld/odoo/` ! Il faut forcément l'installer à la racine d'un domaine, par exemple `http://odoo.domaine.tld/`
Il est possible que votre service backend ne supporte pas de configurer une "base URL" (chemin web personnalisé). Dans ce cas, il faudra installer l'application sur un (sous-)domaine dédié.
## Documentations et ressources
* Site officiel de l'app : <https://github.com/YunoHost-Apps/redirect_ynh>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_redirect>
* Signaler un bug : <https://github.com/YunoHost-Apps/redirect_ynh/issues>
* Site officiel de l'app : <https://en.wikipedia.org/wiki/Reverse_proxy>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_reverseproxy>
* Signaler un bug : <https://github.com/YunoHost-Apps/reverseproxy_ynh/issues>
## Informations pour les développeurs
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/redirect_ynh/tree/testing).
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/reverseproxy_ynh/tree/testing).
Pour essayer la branche testing, procédez comme suit.
``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/redirect_ynh/tree/testing --debug
sudo yunohost app install https://github.com/YunoHost-Apps/reverseproxy_ynh/tree/testing --debug
ou
sudo yunohost app upgrade redirect -u https://github.com/YunoHost-Apps/redirect_ynh/tree/testing --debug
sudo yunohost app upgrade reverseproxy -u https://github.com/YunoHost-Apps/reverseproxy_ynh/tree/testing --debug
```
**Plus d'infos sur le packaging d'applications :** <https://yunohost.org/packaging_apps>

3
conf/nginx-visible-301.conf
View file

@ -1,3 +0,0 @@
location YNH_LOCATION {
return 301 YNH_REDIRECT_PATH$request_uri;
}

3
conf/nginx-visible-302.conf
View file

@ -1,3 +0,0 @@
location YNH_LOCATION {
return 302 YNH_REDIRECT_PATH$request_uri;
}

14
conf/nginx-proxy.conf → conf/nginx.conf
View file

@ -1,5 +1,5 @@
location YNH_LOCATION {
proxy_pass YNH_REDIRECT_PATH;
location @YNH_APPNAME__proxy {
proxy_pass YNH_PROXY_PATH;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
@ -16,3 +16,13 @@ location YNH_LOCATION {
include conf.d/yunohost_panel.conf.inc;
more_clear_input_headers 'Accept-Encoding';
}
# Support relative URLs
location = YNH_LOCATION {
return 302 YNH_LOCATION/;
}
location YNH_LOCATION/ {
alias YNH_ASSETS_PATH;
try_files $uri @YNH_APPNAME__proxy;
}

12
doc/DESCRIPTION.md
View file

@ -1,5 +1,9 @@
This application allows to integrate a custom tile in YunoHost's user portal. Typical use cases include:
- **visible 301/302 redirect** : having a "virtual" app tile that's just a redirection to another url or external website
- **invisible redirect / reverse-proxy** : creating an app tile for a local app listening on a specific port, or a Docker container, or an app hosted on another machine
This application allows to configure a HTTP(S) reverse proxy to serve another web service, as well as an (optional) static assets directory to serve directly from nginx. The application appears as a tile in the SSOWat panel, unless configured otherwise after install. The access to the application can be made public.
In technical terms: this app only adds a NGINX configuration snippet with either `redirect` or `proxy_pass` rule, and a YunoHost tile + appropriate SSOwat configuration.
The supported backends are:
- plaintext HTTP to localhost (127.x.x.x)
- HTTPS to any destination
- socket file on local disk
Please be aware that SSOWat sends user credentials in plaintext to the backend, so do not use this application to reverse-proxy a service you don't trust (for example to mirror a site hosted by someone else).

12
doc/DESCRIPTION_fr.md
View file

@ -1,5 +1,9 @@
Cette application permet d'intégrée une tuile personalisée dans le portail utilisateur de YunoHost. Les cas d'usage typiques sont:
- **redirection 301/302 visible** : avoir une tuile d'app "virtuelle" qui se contente de rediriger vers une autre url ou un site externe
- **redirection invisible / reverse-proxy** : créer une tuile pour une application locale écoutant sur un port précis, ou bien un conteneur Docker, ou encore une app hébergée sur une autre machine
Cette application permet de configurer un reverse proxy HTTP(S) pour servir un autre service web, ainsi qu'un dossier (optionnel) pour les assets statiques qui sera servi directement depuis nginx. L'application apparaît comme tuile dans le panel SSOWat, sauf si elle a été configurée autrement après l'installation. L'accès à l'application peut être rendu public.
En terme technique: cette app se contente de rajouter le morceau de configuration NGINX approprié avec soit `redirect` ou `proxy_pass`, et la tuile YunoHost + configuration SSOwat correspondante.
Les backends supportés sont:
- HTTP en clair (plaintext) vers localhost (127.x.x.x)
- HTTPS vers n'importe quelle destination
- fichier socket sur disque local
Attention, SSOWat envoie les identifiants des utilisateurices en clair jusqu'au backend, donc n'utilisez pas cette application pour reverse-proxy un service dans lequel vous n'avez pas confiance (par exemple pour mirrorer un site hébergé par une autre personne).

19
doc/DISCLAIMER.md
View file

@ -1,18 +1,7 @@
## Redirect type
### Backend web path
### Visible redirect
The request is transmitted as-is to the backend server. This usually means that the backend service shoudl be aware of the web path used to access the service. For example, if using the application is installed to `example.com/proxy`, your backend application should produce absolute links starting with `example.com/proxy/` too.
The client will be redirected to another url or external website
To support relative URLs from the backend, accessing the application via `http(s)://example.com/proxy` will permanent redirect (302) to `http(s)://example.com/proxy/` (trailing slash). Otherwise, a relative link like `<link rel="stylesheet" href="style.css">` would try to load `http(s)://example.com/style.css` which would fail.
- `your-domain.com -> another-domain.net`
- `your-domain.com/foo -> another-domain.net/bar`
### Invisible redirect (a.k.a "reverse-proxy")
Visitor's address bar will remain the same. Typically used to integrate into YunoHost a manually-installed app into the portal.
- `you-domain.com/foo -> http://172.0.0.1:8080/app`
**IMPORTANT:** you may have to further tweak the `redirect.conf` in the nginx configuration, depending on your needs!
**IMPORTANT:** Many apps do not support being redirected to a different path due to relative links! This means that some apps being hosted for example on http://127.0.0.1:5050/app/ MUST be redirected to http://domain.tld/app/ and NOT http://domain.tld/someotherapp/. For example : an Odoo Docker container runs on http://127.0.0.1:8069/. You will not be able to redirect it to http://domain.tld/odoo/ ! You have to redirect it to the root, so for example http://odoo.domain.tld/
It is possible that your backend service does not support setting up a "base URL" (custom web path). In that case, you will have to install the application on a dedicated (sub)domain.

19
doc/DISCLAIMER_fr.md
View file

@ -1,18 +1,7 @@
## Types de redirection
### Chemin web du backend
### Redirection visible
La requête est transmise telle-quelle au serveur backend. Cela veut usuellement dire que le service backend doit avoir connaissance du chemin web utilisé pour accéder au service. Par exemple, si l'application est installée sur `example.com/proxy`, votre application backend devrait produire des liens absolus commençant par `example.com/proxy/`.
Le client sera redirigé vers une autre URL ou site externe
Pour supporter les URLs relatives depuis le backend, accéder à l'application via `http(s)://example.com/proxy` produit une redirection permanente (302) vers `http(s)://example.com/proxy/` (avec le slash de fin). Sinon, un lien relatif comme `<link rel="stylesheet" href="style.css">` essayerait de charger `http(s)://example.com/style.css`, ce qui échouerait.
- `votre-domaine.com -> un-autre-domaine.net`
- `votre-domaine.com/foo -> un-autre-domaine.net/bar`
### Redirection invisible (a.k.a "reverse-proxy")
L'adresse du client restera inchangé dans le navigateur. Typiquement utilisé pour intéger dans YunoHost une application installée manuellement.
- `you-domain.com/foo -> http://172.0.0.1:8080/app`
**IMPORTANT:** il vous faudra peut-être bricoler manuellement `redirect.conf` dans la configuration nginx, en fonction de vos besoins.
**IMPORTANT:** Certaines apps ne supportent pas d'être redirigées depuis un chemin différent à cause du fonctionnement des liens relatifs ... Cela signifie que par exemple une app hébergée sur `http://127.0.0.1:5050/app/` DOIT être routé sur `http://domaine.tld/app/` et PAS http://domaine.tld/unautrechemin/. Par exemple: un conteneur Docker Odoo tourne sur `http://127.0.0.1:8069/`. Il ne sera pas capable de fonctionné correctement si il est routé sur `http://domaine.tld/odoo/` ! Il faut forcément l'installer à la racine d'un domaine, par exemple `http://odoo.domaine.tld/`
Il est possible que votre service backend ne supporte pas de configurer une "base URL" (chemin web personnalisé). Dans ce cas, il faudra installer l'application sur un (sous-)domaine dédié.

54
manifest.json
View file

@ -1,21 +1,20 @@
{
"name": "Redirect",
"id": "redirect",
"name": "Reverse Proxy",
"id": "reverseproxy",
"packaging_format": 1,
"description": {
"en": "Create a redirection or a proxy to another path",
"fr": "Créer une redirection ou un proxy vers un autre emplacement"
"en": "Create a reverse proxy to a socket/port, optionally serve static files from folder",
"fr": "Créer un reverse proxy vers un socket/port, optionnellement servir des fichiers statiques depuis un dossier"
},
"version": "1.0.2~ynh1",
"version": "0.1~ynh1",
"license": "AGPL-3.0-or-later",
"url": "https://github.com/YunoHost-Apps/redirect_ynh",
"url": "https://en.wikipedia.org/wiki/Reverse_proxy",
"upstream": {
"license": "AGPL-3.0-or-later",
"website": "https://github.com/YunoHost-Apps/redirect_ynh"
"website": "https://en.wikipedia.org/wiki/Reverse_proxy"
},
"maintainer": {
"name": "alexAubin",
"email": "alex.aubin@mailoo.org"
"name": "selfhoster1312",
"email": "selfhoster1312@kl.netlib.re"
},
"requirements": {
"yunohost": ">= 4.2.0"
@ -28,39 +27,36 @@
"install" : [
{
"name": "domain",
"type": "domain",
"example": "domain.org"
"type": "domain"
},
{
"name": "path",
"type": "path",
"example": "/redirect",
"default": "/redirect"
"example": "/proxy"
},
{
"name": "redirect_path",
"name": "proxy_path",
"type": "string",
"ask": {
"en": "Redirect destination path",
"fr": "Emplacement de destination"
"en": "Redirect destination path (unix:/file for socket)",
"fr": "Emplacement de destination (unix:/fichier pour socket)"
},
"example": "http://127.0.0.1:8080/app/",
"default": "http://127.0.0.1"
"example": "http://127.0.0.1:8080/app/"
},
{
"name": "redirect_type",
"name": "is_public",
"type": "boolean",
"default": false
},
{
"name": "assets_path",
"type": "string",
"ask": {
"en": "Redirect type",
"fr": "Type de redirection"
"en": "Static assets folder",
"fr": "Dossier pour les fichiers statiques"
},
"choices": {
"public_302": "Visible redirect (302, temporary). Everybody will be able to access it.",
"public_301": "Visible redirect (301, permanent). Everybody will be able to access it.",
"public_proxy": "Proxy, invisible (NGINX proxy_pass). Everybody will be able to access it.",
"private_proxy": "Proxy, invisible (NGINX proxy_pass). Only accessible for allowed users."
},
"default": "public_302"
"optional": true,
"example": "/opt/foo/www/"
}
]
}

53
scripts/_common.sh Normal file
View file

@ -0,0 +1,53 @@
# Verify that the requested reverse proxy destination is valid:
# - protocol is http(s):// or unix: for socket file
# - plaintext http is only allowed to localhost (to avoid leaking credentials on the network)
# - http(s) destination is webroot, no additional component allowed (eg. http://localhost:1234/test is invalid)
rp_validate_proxy_path() {
proxy_path="$1"
if [[ ! $proxy_path =~ '^unix:/' ]]; then
url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$'
[[ ! $proxy_path =~ $url_regex ]] && ynh_die \
"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $proxy_path" 1
fi
# Don't allow trailing slash or additional URI components in proxy_path
if [[ "$proxy_path" =~ ^https?:// ]]; then
res="${proxy_path//[^\/]}"
if [[ "${#res}" != "2" ]]; then
if [[ "${#res}" = "3" ]] && [[ "$proxy_path" =~ /$ ]]; then
# If it's only one trailing slash (no more components), just remove it
proxy_path="${proxy_path::-1}"
else
ynh_die "Reverse proxy URL cannot contain additional slashes or components: $proxy_path" 1
fi
fi
fi
}
# Make reverse proxy public if $1 is 1
# Yunohost boolean params are 1 if true
rp_make_permissions() {
#ynh_script_progression --message="Configuring permissions..." --weight=2
if [ $1 = 1 ]; then
ynh_permission_update --permission="main" --add="visitors"
fi
}
# (re)generate nginx config
rp_make_webconfig() {
#ynh_script_progression --message="Configuring NGINX web server..." --weight=1
# Nginx configuration
ynh_replace_string "YNH_LOCATION" "$path_url" ../conf/nginx.conf
ynh_replace_string "YNH_PROXY_PATH" "$proxy_path" ../conf/nginx.conf
ynh_replace_string "YNH_APPNAME" "$app" ../conf/nginx.conf
ynh_replace_string "YNH_ASSETS_PATH" "$assets_path" ../conf/nginx.conf
cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
}
rp_reload_web() {
#ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
}

2
scripts/backup
View file

@ -6,6 +6,7 @@
# IMPORT GENERIC HELPERS
#=================================================
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -22,7 +23,6 @@ ynh_print_info --message="Loading installation settings..."
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
#=================================================
# BACKUP THE NGINX CONFIGURATION

52
scripts/change_url Normal file
View file

@ -0,0 +1,52 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
source _common.sh
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
app=$YNH_APP_INSTANCE_NAME
old_domain=$YNH_APP_OLD_DOMAIN
new_domain=$YNH_APP_NEW_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_path=$YNH_APP_NEW_PATH
# Path availability is already checked for
#=================================================
# CONFIGURE NGINX
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
# Nginx configuration
ynh_replace_string "$old_path {" "$new_path {" /etc/nginx/conf.d/$old_domain.d/$app.conf
ynh_replace_string "${old_path}/ {" "${new_path}/ {" /etc/nginx/conf.d/$old_domain.d/$app.conf
ynh_replace_string "302 ${old_path}/" "302 ${new_path}/" /etc/nginx/conf.d/$old_domain.d/$app.conf
# Maybe only path part has changed... only move file if domain has changed
[[ "$old_domain" != "$new_domain" ]] && mv /etc/nginx/conf.d/$old_domain.d/$app.conf /etc/nginx/conf.d/$new_domain.d/$app.conf
# Reload nginx
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
rp_reload_web
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Changing URL of $app completed" --last

71
scripts/install
View file

@ -6,6 +6,7 @@
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -23,68 +24,36 @@ ynh_abort_if_errors
app=$YNH_APP_INSTANCE_NAME
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
redirect_type=$YNH_APP_ARG_REDIRECT_TYPE
redirect_path=$YNH_APP_ARG_REDIRECT_PATH
proxy_path=$YNH_APP_ARG_PROXY_PATH
assets_path=$YNH_APP_ARG_ASSETS_PATH
[[ "$assets_path" = "" ]] && assets_path="/dev/null"
is_public=$YNH_APP_ARG_IS_PUBLIC
#=================================================
# REVERSE PROXY LOGIC
#=================================================
# Check domain/path availability
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
# Validate redirect path
url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1
# Validate reverse proxy destination
rp_validate_proxy_path "$proxy_path"
# Avoid uncrypted remote destination with reverse proxy mode
# Indeed the SSO send the password in all requests in HTTP headers
url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$'
[[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \
"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1
# Save extra settings
ynh_app_setting_set --app=$app --key=proxy_path --value=$proxy_path
ynh_app_setting_set --app=$app --key=assets_path --value=$assets_path
# Save extra settings
ynh_app_setting_set --app=$app --key=redirect_type --value=$redirect_type
ynh_app_setting_set --app=$app --key=redirect_path --value=$redirect_path
#=================================================
# CONFIGURE NGINX
#=================================================
# Configure nginx
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
# Nginx configuration
for FILE in $(ls ../conf/nginx-*.conf)
do
ynh_replace_string "YNH_LOCATION" "$path_url" $FILE
done
if [ "$redirect_type" = "public_302" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf
cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf
elif [ "$redirect_type" = "public_301" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf
cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf
elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf
cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf
fi
#=================================================
# CONFIGURE SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=2
rp_make_webconfig
# Make app public if necessary
if [ "$redirect_type" != "private_proxy" ]
then
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_permission_update --permission="main" --add="visitors"
fi
ynh_script_progression --message="Configuring permissions..." --weight=2
rp_make_permissions $is_public
#=================================================
# RELOAD NGINX
#=================================================
# Reload nginx
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
rp_reload_web
#=================================================
# END OF SCRIPT

8
scripts/remove
View file

@ -6,6 +6,7 @@
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -24,12 +25,9 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
# Remove configuration files
ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
# Reload nginx
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
rp_reload_web
#=================================================
# END OF SCRIPT

29
scripts/restore
View file

@ -6,6 +6,7 @@
# IMPORT GENERIC HELPERS
#=================================================
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -23,12 +24,11 @@ ynh_abort_if_errors
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type)
redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path)
proxy_path=$(ynh_app_setting_get --app=$app --key=proxy_path)
assets_path=$(ynh_app_setting_get --app=$app --key=assets_path)
# Validate redirect path
url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1
# Revalidate destination path
rp_validate_proxy_path "$proxy_path"
# Check configuration files
NGINX_CONF="/etc/nginx/conf.d/${domain}.d/${app}.conf"
@ -37,23 +37,8 @@ NGINX_CONF="/etc/nginx/conf.d/${domain}.d/${app}.conf"
# Restore configuration files
ynh_restore_file "$NGINX_CONF"
#=================================================
# SETUP SSOWAT
#=================================================
# Make app public if necessary
if [ "$redirect_type" != "private_proxy" ]
then
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_permission_update --permission="main" --add="visitors"
fi
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
# Reload nginx
rp_reload_web
#=================================================
# END OF SCRIPT

103
scripts/upgrade
View file

@ -7,6 +7,7 @@
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -17,60 +18,8 @@ source /usr/share/yunohost/helpers
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
redirect_type=$(ynh_app_setting_get --app=$app --key=redirect_type)
redirect_path=$(ynh_app_setting_get --app=$app --key=redirect_path)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
# Fix is_public as a boolean value
# Default value for redirect_type if upgrading from https://github.com/scith/redirect_ynh
if [ -z "$redirect_type" ];
then
redirect_type="proxy"
ynh_app_setting_set $app 'redirect_type' $redirect_type
fi
# Migrate away from old stuff with 'is_public' and old redirect type names
is_public=$(ynh_app_setting_get "$app" is_public)
if [ -n "$is_public" ]
then
if [ "$is_public" = "Yes" ]; then
is_public=1
elif [ "$is_public" = "No" ]; then
is_public=0
fi
if [ "$is_public" = "0" ] && [ "$redirect_type" != "proxy" ]; then
echo "WARNING: You previously had a 'supposedly' private 301 or 302 redirection... but it was found that it was public all along and it is not easy to create such a private redirection. Your 301 or 302 redirection will be re-flagged as public..." >&2
is_public=1
fi
if [ "$redirect_type" == "proxy" ] && [ "$is_public" = "1" ]
then
redirect_type="public_proxy"
elif [ "$redirect_type" == "proxy" ] && [ "$is_public" = "0" ]
then
redirect_type="private_proxy"
elif [ "$redirect_type" == "visible_302" ]
then
redirect_type="public_302"
elif [ "$redirect_type" == "visible_301" ]
then
redirect_type="public_301"
fi
ynh_app_setting_set $app 'redirect_type' $redirect_type
fi
# Migrate legacy permissions to new system
if ynh_legacy_permissions_exists
then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
proxy_path=$(ynh_app_setting_get --app=$app --key=proxy_path)
assets_path=$(ynh_app_setting_get --app=$app --key=assets_path)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
@ -85,50 +34,20 @@ ynh_clean_setup () {
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
# Validate redirect path
url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1
#=================================================
# CONFIGURE NGINX
# REVERSE PROXY LOGIC
#=================================================
# Nginx configuration
for FILE in $(ls ../conf/nginx-*.conf)
do
ynh_replace_string "YNH_LOCATION" "$path_url" $FILE
done
if [ "$redirect_type" = "public_302" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf
cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf
elif [ "$redirect_type" = "public_301" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf
cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf
elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf
cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf
fi
# Validate proxy destination
rp_validate_proxy_path "$proxy_path"
#=================================================
# CONFIGURE SSOWAT
#=================================================
# Configure nginx
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
rp_make_webconfig
# Make app public if necessary
if [ "$redirect_type" != "private_proxy" ]
then
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_permission_update --permission="main" --add="visitors"
fi
#=================================================
# RELOAD NGINX
#=================================================
# Reload nginx
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
rp_reload_web
#=================================================
# END OF SCRIPT