Merge pull request #6 from YunoHost-Apps/version-2

Version 2
This commit is contained in:
eric_G 2023-11-29 10:28:35 +01:00 committed by GitHub
commit e1bf0b59bd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 90 additions and 260 deletions

View file

@ -27,21 +27,7 @@ The supported backends are:
Please be aware that SSOWat sends user credentials in plaintext to the backend, so do not use this application to reverse-proxy a service you don't trust (for example to mirror a site hosted by someone else).
**Shipped version:** 0.2~ynh2
## Disclaimers / important information
### Backend web path
The request is transmitted as-is to the backend server. This usually means that the backend service shoudl be aware of the web path used to access the service. For example, if using the application is installed to `example.com/proxy`, your backend application should produce absolute links starting with `example.com/proxy/` too.
To support relative URLs from the backend, accessing the application via `http(s)://example.com/proxy` will permanent redirect (302) to `http(s)://example.com/proxy/` (trailing slash). Otherwise, a relative link like `<link rel="stylesheet" href="style.css">` would try to load `http(s)://example.com/style.css` which would fail.
It is possible that your backend service does not support setting up a "base URL" (custom web path). In that case, you will have to install the application on a dedicated (sub)domain.
### Plaintext localhost backend
Plaintext HTTP backend is only allowed on localhost. For now, only 127.X.X.X is allowed. 10.X.X.X should also be supported.
**Shipped version:** 0.2~ynh1
## Documentation and resources
* Official app website: <https://en.wikipedia.org/wiki/Reverse_proxy>

View file

@ -27,21 +27,7 @@ Les backends supportés sont:
Attention, SSOWat envoie les identifiants des utilisateurices en clair jusqu'au backend, donc n'utilisez pas cette application pour reverse-proxy un service dans lequel vous n'avez pas confiance (par exemple pour mirrorer un site hébergé par une autre personne).
**Version incluse :** 0.2~ynh2
## Avertissements / informations importantes
### Chemin web du backend
La requête est transmise telle-quelle au serveur backend. Cela veut usuellement dire que le service backend doit avoir connaissance du chemin web utilisé pour accéder au service. Par exemple, si l'application est installée sur `example.com/proxy`, votre application backend devrait produire des liens absolus commençant par `example.com/proxy/`.
Pour supporter les URLs relatives depuis le backend, accéder à l'application via `http(s)://example.com/proxy` produit une redirection permanente (302) vers `http(s)://example.com/proxy/` (avec le slash de fin). Sinon, un lien relatif comme `<link rel="stylesheet" href="style.css">` essayerait de charger `http(s)://example.com/style.css`, ce qui échouerait.
Il est possible que votre service backend ne supporte pas de configurer une "base URL" (chemin web personnalisé). Dans ce cas, il faudra installer l'application sur un (sous-)domaine dédié.
### Backend localhost en clair (plaintext)
Les connexions en clair en HTTP au backend ne sont autorisées qu'en localhost sur les adresses 127.X.X.X. Il faudrait aussi supporter 10.X.X.X.
**Version incluse :** 0.2~ynh1
## Documentations et ressources
* Site officiel de lapp : <https://en.wikipedia.org/wiki/Reverse_proxy>

View file

@ -1,20 +0,0 @@
;; Test complet
; Manifest
domain="domain.tld"
path="/path"
proxy_path="http://127.0.0.1:6787"
assets_path="/usr/share/yunohost/admin"
; Checks
pkg_linter=1
setup_sub_dir=1
setup_root=1
setup_nourl=0
setup_private=1
setup_public=1
upgrade=1
backup_restore=1
multi_instance=1
change_url=1
;;; Options
Email=
Notification=none

View file

@ -18,7 +18,7 @@ location @__NAME__--proxy {
# Support relative URLs
__REDIRECT_BLOCK__
location __PATH_URL_SLASH__ {
location __PATH_SLASH__ {
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;

View file

@ -1,8 +1,8 @@
### Backend web path
The request is transmitted as-is to the backend server. This usually means that the backend service shoudl be aware of the web path used to access the service. For example, if using the application is installed to `example.com/proxy`, your backend application should produce absolute links starting with `example.com/proxy/` too.
The request is transmitted as-is to the backend server. This usually means that the backend service shoudl be aware of the web path used to access the service. For example, if using the application is installed to `__DOMAIN__/proxy`, your backend application should produce absolute links starting with `__DOMAIN__/proxy/` too.
To support relative URLs from the backend, accessing the application via `http(s)://example.com/proxy` will permanent redirect (302) to `http(s)://example.com/proxy/` (trailing slash). Otherwise, a relative link like `<link rel="stylesheet" href="style.css">` would try to load `http(s)://example.com/style.css` which would fail.
To support relative URLs from the backend, accessing the application via `http(s)://__DOMAIN__/proxy` will permanent redirect (302) to `http(s)://__DOMAIN__/proxy/` (trailing slash). Otherwise, a relative link like `<link rel="stylesheet" href="style.css">` would try to load `http(s)://__DOMAIN__/style.css` which would fail.
It is possible that your backend service does not support setting up a "base URL" (custom web path). In that case, you will have to install the application on a dedicated (sub)domain.

View file

@ -1,8 +1,8 @@
### Chemin web du backend
La requête est transmise telle-quelle au serveur backend. Cela veut usuellement dire que le service backend doit avoir connaissance du chemin web utilisé pour accéder au service. Par exemple, si l'application est installée sur `example.com/proxy`, votre application backend devrait produire des liens absolus commençant par `example.com/proxy/`.
La requête est transmise telle-quelle au serveur backend. Cela veut usuellement dire que le service backend doit avoir connaissance du chemin web utilisé pour accéder au service. Par exemple, si l'application est installée sur `__DOMAIN__/proxy`, votre application backend devrait produire des liens absolus commençant par `__DOMAIN__/proxy/`.
Pour supporter les URLs relatives depuis le backend, accéder à l'application via `http(s)://example.com/proxy` produit une redirection permanente (302) vers `http(s)://example.com/proxy/` (avec le slash de fin). Sinon, un lien relatif comme `<link rel="stylesheet" href="style.css">` essayerait de charger `http(s)://example.com/style.css`, ce qui échouerait.
Pour supporter les URLs relatives depuis le backend, accéder à l'application via `http(s)://__DOMAIN__/proxy` produit une redirection permanente (302) vers `http(s)://__DOMAIN__/proxy/` (avec le slash de fin). Sinon, un lien relatif comme `<link rel="stylesheet" href="style.css">` essayerait de charger `http(s)://__DOMAIN__/style.css`, ce qui échouerait.
Il est possible que votre service backend ne supporte pas de configurer une "base URL" (chemin web personnalisé). Dans ce cas, il faudra installer l'application sur un (sous-)domaine dédié.

View file

@ -1,63 +0,0 @@
{
"name": "Reverse Proxy",
"id": "reverseproxy",
"packaging_format": 1,
"description": {
"en": "Create a reverse proxy to a socket/port, optionally serve static files from folder",
"fr": "Créer un reverse proxy vers un socket/port, optionnellement servir des fichiers statiques depuis un dossier"
},
"version": "0.2~ynh2",
"license": "AGPL-3.0-or-later",
"url": "https://en.wikipedia.org/wiki/Reverse_proxy",
"upstream": {
"website": "https://en.wikipedia.org/wiki/Reverse_proxy"
},
"maintainer": {
"name": "selfhoster1312",
"email": "selfhoster1312@kl.netlib.re"
},
"requirements": {
"yunohost": ">= 11.2"
},
"multi_instance": true,
"services": [
"nginx"
],
"arguments": {
"install" : [
{
"name": "domain",
"type": "domain"
},
{
"name": "path",
"type": "path",
"example": "/proxy"
},
{
"name": "proxy_path",
"type": "string",
"ask": {
"en": "Redirect destination path (unix:/file for socket)",
"fr": "Emplacement de destination (unix:/fichier pour socket)"
},
"example": "http://127.0.0.1:8080"
},
{
"name": "is_public",
"type": "boolean",
"default": false
},
{
"name": "assets_path",
"type": "string",
"ask": {
"en": "Static assets folder",
"fr": "Dossier pour les fichiers statiques"
},
"optional": true,
"example": "/opt/foo/www/"
}
]
}
}

59
manifest.toml Normal file
View file

@ -0,0 +1,59 @@
packaging_format = 2
id = "reverseproxy"
name = "Reverse Proxy"
description.en = "Create a reverse proxy to a socket/port, optionally serve static files from folder"
description.fr = "Créer un reverse proxy vers un socket/port, optionnellement servir des fichiers statiques depuis un dossier"
version = "0.2~ynh1"
maintainers = ["selfhoster1312"]
[upstream]
license = "AGPL-3.0-or-later"
website = "https://en.wikipedia.org/wiki/Reverse_proxy"
[integration]
yunohost = ">= 11.2"
architectures = "all"
multi_instance = true
ldap = "not_relevant"
sso = "not_relevant"
disk = "50M"
ram.build = "90M"
ram.runtime = "50M"
[install]
[install.domain]
type = "domain"
[install.path]
type = "path"
[install.proxy_path]
ask.en = "Redirect destination path (unix:/file for socket)"
ask.fr = "Emplacement de destination (unix:/fichier pour socket)"
type = "string"
example = "http://127.0.0.1:8080"
[install.init_main_permission]
type = "group"
default = false
[install.assets_path]
ask.en = "Static assets folder"
ask.fr = "Dossier pour les fichiers statiques"
type = "string"
optional = true
example = "/opt/foo/www/"
[resources]
[resources.system_user]
[resources.install_dir]
[resources.permissions]
main.url = "/"

View file

@ -47,14 +47,14 @@ rp_validate_assets_path() {
fi
}
# When the app is not in the webroot (path_url = /), need to add a redirect block
# When the app is not in the webroot (path = /), need to add a redirect block
# to app/ so relative URLs work
rp_handle_webroot() {
if [[ "$path_url" = "/" ]]; then
path_url_slash="/"
if [[ "$path" = "/" ]]; then
path_slash="/"
redirect_block="# Not needed for webroot"
else
path_url_slash=""$path_url"/"
redirect_block="location = "$path_url" { return 302 "$path_url_slash"; }"
path_slash=""$path"/"
redirect_block="location = "$path" { return 302 "$path_slash"; }"
fi
}

View file

@ -9,28 +9,12 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
# Copy the conf files
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf"
ynh_backup --src_path="/etc/nginx/conf.d/${domain}.d/${app}.conf"
#=================================================
# END OF SCRIPT

View file

@ -8,37 +8,15 @@
source /usr/share/yunohost/helpers
source _common.sh
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
app=$YNH_APP_INSTANCE_NAME
old_domain=$YNH_APP_OLD_DOMAIN
new_domain=$YNH_APP_NEW_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_path=$YNH_APP_NEW_PATH
# Path availability is already checked for
#=================================================
# REVERSEPROXY_YNH
#=================================================
# Nginx configuration
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
path_url="$new_path"
path="$new_path"
domain="$old_domain"
proxy_path="$(ynh_app_setting_get --app=$app --key=proxy_path)"
assets_path="$(ynh_app_setting_get --app=$app --key=assets_path)"
# Validate reverse proxy destination
rp_validate_proxy_path
@ -46,7 +24,7 @@ rp_validate_proxy_path
# Validate assets_path
rp_validate_assets_path
# Special case for "/" path_url
# Special case for "/" path
rp_handle_webroot
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
@ -56,10 +34,10 @@ ynh_add_nginx_config
# Move file to new domain if domain has changed
if [[ "$old_domain" != "$new_domain" ]]; then
new_nginx_conf_path=/etc/nginx/conf.d/$new_domain.d/$app.conf
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path $new_nginx_conf_path
ynh_store_file_checksum --file="$new_nginx_conf_path"
new_nginx_conf_path=/etc/nginx/conf.d/$new_domain.d/$app.conf
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path $new_nginx_conf_path
ynh_store_file_checksum --file="$new_nginx_conf_path"
fi

View file

@ -9,55 +9,23 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
proxy_path=$YNH_APP_ARG_PROXY_PATH
assets_path=$YNH_APP_ARG_ASSETS_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
#=================================================
# REVERSEPROXY_YNH
#=================================================
# Check domain/path availability
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
# Validate reverse proxy destination
rp_validate_proxy_path
# Validate assets_path
rp_validate_assets_path
# Special case for "/" path_url
# Special case for "/" path
rp_handle_webroot
# Save extra settings
ynh_app_setting_set --app=$app --key=proxy_path --value=$proxy_path
ynh_app_setting_set --app=$app --key=assets_path --value=$assets_path
# Configure nginx
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
ynh_add_nginx_config
# Make app public if necessary (yunohost setting boolean is 1 when true)
ynh_script_progression --message="Configuring permissions..." --weight=2
if [ $is_public -eq 1 ]; then
ynh_permission_update --permission="main" --add="visitors"
fi
ynh_add_nginx_config
#=================================================
# END OF SCRIPT

View file

@ -9,15 +9,6 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
#=================================================
# REVERSEPROXY_YNH
#=================================================
@ -25,10 +16,6 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
# Remove configuration files
ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf
# Reload nginx
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================

View file

@ -9,24 +9,6 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
proxy_path=$(ynh_app_setting_get --app=$app --key=proxy_path)
assets_path=$(ynh_app_setting_get --app=$app --key=assets_path)
#=================================================
# REVERSEPROXY_YNH
#=================================================

View file

@ -10,30 +10,6 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
proxy_path=$(ynh_app_setting_get --app=$app --key=proxy_path)
assets_path=$(ynh_app_setting_get --app=$app --key=assets_path)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# REVERSEPROXY_YNH
#=================================================
@ -44,12 +20,12 @@ rp_validate_proxy_path
# Validate assets_path
rp_validate_assets_path
# Special case for "/" path_url
# Special case for "/" path
rp_handle_webroot
# Configure nginx
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
ynh_add_nginx_config
#=================================================

7
tests.toml Normal file
View file

@ -0,0 +1,7 @@
test_format = 1.0
[default]
args.proxy_path="http://127.0.0.1:6787"
args.assets_path="/usr/share/yunohost/admin"