mirror of
https://github.com/YunoHost-Apps/reverseproxy_ynh.git
synced 2024-09-03 20:16:23 +02:00
commit
e1bf0b59bd
16 changed files with 90 additions and 260 deletions
16
README.md
16
README.md
|
@ -27,21 +27,7 @@ The supported backends are:
|
|||
Please be aware that SSOWat sends user credentials in plaintext to the backend, so do not use this application to reverse-proxy a service you don't trust (for example to mirror a site hosted by someone else).
|
||||
|
||||
|
||||
**Shipped version:** 0.2~ynh2
|
||||
## Disclaimers / important information
|
||||
|
||||
### Backend web path
|
||||
|
||||
The request is transmitted as-is to the backend server. This usually means that the backend service shoudl be aware of the web path used to access the service. For example, if using the application is installed to `example.com/proxy`, your backend application should produce absolute links starting with `example.com/proxy/` too.
|
||||
|
||||
To support relative URLs from the backend, accessing the application via `http(s)://example.com/proxy` will permanent redirect (302) to `http(s)://example.com/proxy/` (trailing slash). Otherwise, a relative link like `<link rel="stylesheet" href="style.css">` would try to load `http(s)://example.com/style.css` which would fail.
|
||||
|
||||
It is possible that your backend service does not support setting up a "base URL" (custom web path). In that case, you will have to install the application on a dedicated (sub)domain.
|
||||
|
||||
### Plaintext localhost backend
|
||||
|
||||
Plaintext HTTP backend is only allowed on localhost. For now, only 127.X.X.X is allowed. 10.X.X.X should also be supported.
|
||||
|
||||
**Shipped version:** 0.2~ynh1
|
||||
## Documentation and resources
|
||||
|
||||
* Official app website: <https://en.wikipedia.org/wiki/Reverse_proxy>
|
||||
|
|
16
README_fr.md
16
README_fr.md
|
@ -27,21 +27,7 @@ Les backends supportés sont:
|
|||
Attention, SSOWat envoie les identifiants des utilisateurices en clair jusqu'au backend, donc n'utilisez pas cette application pour reverse-proxy un service dans lequel vous n'avez pas confiance (par exemple pour mirrorer un site hébergé par une autre personne).
|
||||
|
||||
|
||||
**Version incluse :** 0.2~ynh2
|
||||
## Avertissements / informations importantes
|
||||
|
||||
### Chemin web du backend
|
||||
|
||||
La requête est transmise telle-quelle au serveur backend. Cela veut usuellement dire que le service backend doit avoir connaissance du chemin web utilisé pour accéder au service. Par exemple, si l'application est installée sur `example.com/proxy`, votre application backend devrait produire des liens absolus commençant par `example.com/proxy/`.
|
||||
|
||||
Pour supporter les URLs relatives depuis le backend, accéder à l'application via `http(s)://example.com/proxy` produit une redirection permanente (302) vers `http(s)://example.com/proxy/` (avec le slash de fin). Sinon, un lien relatif comme `<link rel="stylesheet" href="style.css">` essayerait de charger `http(s)://example.com/style.css`, ce qui échouerait.
|
||||
|
||||
Il est possible que votre service backend ne supporte pas de configurer une "base URL" (chemin web personnalisé). Dans ce cas, il faudra installer l'application sur un (sous-)domaine dédié.
|
||||
|
||||
### Backend localhost en clair (plaintext)
|
||||
|
||||
Les connexions en clair en HTTP au backend ne sont autorisées qu'en localhost sur les adresses 127.X.X.X. Il faudrait aussi supporter 10.X.X.X.
|
||||
|
||||
**Version incluse :** 0.2~ynh1
|
||||
## Documentations et ressources
|
||||
|
||||
* Site officiel de l’app : <https://en.wikipedia.org/wiki/Reverse_proxy>
|
||||
|
|
|
@ -1,20 +0,0 @@
|
|||
;; Test complet
|
||||
; Manifest
|
||||
domain="domain.tld"
|
||||
path="/path"
|
||||
proxy_path="http://127.0.0.1:6787"
|
||||
assets_path="/usr/share/yunohost/admin"
|
||||
; Checks
|
||||
pkg_linter=1
|
||||
setup_sub_dir=1
|
||||
setup_root=1
|
||||
setup_nourl=0
|
||||
setup_private=1
|
||||
setup_public=1
|
||||
upgrade=1
|
||||
backup_restore=1
|
||||
multi_instance=1
|
||||
change_url=1
|
||||
;;; Options
|
||||
Email=
|
||||
Notification=none
|
|
@ -18,7 +18,7 @@ location @__NAME__--proxy {
|
|||
# Support relative URLs
|
||||
__REDIRECT_BLOCK__
|
||||
|
||||
location __PATH_URL_SLASH__ {
|
||||
location __PATH_SLASH__ {
|
||||
# Include SSOWAT user panel.
|
||||
include conf.d/yunohost_panel.conf.inc;
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
### Backend web path
|
||||
|
||||
The request is transmitted as-is to the backend server. This usually means that the backend service shoudl be aware of the web path used to access the service. For example, if using the application is installed to `example.com/proxy`, your backend application should produce absolute links starting with `example.com/proxy/` too.
|
||||
The request is transmitted as-is to the backend server. This usually means that the backend service shoudl be aware of the web path used to access the service. For example, if using the application is installed to `__DOMAIN__/proxy`, your backend application should produce absolute links starting with `__DOMAIN__/proxy/` too.
|
||||
|
||||
To support relative URLs from the backend, accessing the application via `http(s)://example.com/proxy` will permanent redirect (302) to `http(s)://example.com/proxy/` (trailing slash). Otherwise, a relative link like `<link rel="stylesheet" href="style.css">` would try to load `http(s)://example.com/style.css` which would fail.
|
||||
To support relative URLs from the backend, accessing the application via `http(s)://__DOMAIN__/proxy` will permanent redirect (302) to `http(s)://__DOMAIN__/proxy/` (trailing slash). Otherwise, a relative link like `<link rel="stylesheet" href="style.css">` would try to load `http(s)://__DOMAIN__/style.css` which would fail.
|
||||
|
||||
It is possible that your backend service does not support setting up a "base URL" (custom web path). In that case, you will have to install the application on a dedicated (sub)domain.
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
### Chemin web du backend
|
||||
|
||||
La requête est transmise telle-quelle au serveur backend. Cela veut usuellement dire que le service backend doit avoir connaissance du chemin web utilisé pour accéder au service. Par exemple, si l'application est installée sur `example.com/proxy`, votre application backend devrait produire des liens absolus commençant par `example.com/proxy/`.
|
||||
La requête est transmise telle-quelle au serveur backend. Cela veut usuellement dire que le service backend doit avoir connaissance du chemin web utilisé pour accéder au service. Par exemple, si l'application est installée sur `__DOMAIN__/proxy`, votre application backend devrait produire des liens absolus commençant par `__DOMAIN__/proxy/`.
|
||||
|
||||
Pour supporter les URLs relatives depuis le backend, accéder à l'application via `http(s)://example.com/proxy` produit une redirection permanente (302) vers `http(s)://example.com/proxy/` (avec le slash de fin). Sinon, un lien relatif comme `<link rel="stylesheet" href="style.css">` essayerait de charger `http(s)://example.com/style.css`, ce qui échouerait.
|
||||
Pour supporter les URLs relatives depuis le backend, accéder à l'application via `http(s)://__DOMAIN__/proxy` produit une redirection permanente (302) vers `http(s)://__DOMAIN__/proxy/` (avec le slash de fin). Sinon, un lien relatif comme `<link rel="stylesheet" href="style.css">` essayerait de charger `http(s)://__DOMAIN__/style.css`, ce qui échouerait.
|
||||
|
||||
Il est possible que votre service backend ne supporte pas de configurer une "base URL" (chemin web personnalisé). Dans ce cas, il faudra installer l'application sur un (sous-)domaine dédié.
|
||||
|
|
@ -1,63 +0,0 @@
|
|||
{
|
||||
"name": "Reverse Proxy",
|
||||
"id": "reverseproxy",
|
||||
"packaging_format": 1,
|
||||
"description": {
|
||||
"en": "Create a reverse proxy to a socket/port, optionally serve static files from folder",
|
||||
"fr": "Créer un reverse proxy vers un socket/port, optionnellement servir des fichiers statiques depuis un dossier"
|
||||
},
|
||||
"version": "0.2~ynh2",
|
||||
"license": "AGPL-3.0-or-later",
|
||||
"url": "https://en.wikipedia.org/wiki/Reverse_proxy",
|
||||
"upstream": {
|
||||
"website": "https://en.wikipedia.org/wiki/Reverse_proxy"
|
||||
},
|
||||
"maintainer": {
|
||||
"name": "selfhoster1312",
|
||||
"email": "selfhoster1312@kl.netlib.re"
|
||||
},
|
||||
"requirements": {
|
||||
"yunohost": ">= 11.2"
|
||||
},
|
||||
"multi_instance": true,
|
||||
"services": [
|
||||
"nginx"
|
||||
],
|
||||
"arguments": {
|
||||
"install" : [
|
||||
{
|
||||
"name": "domain",
|
||||
"type": "domain"
|
||||
},
|
||||
{
|
||||
"name": "path",
|
||||
"type": "path",
|
||||
"example": "/proxy"
|
||||
},
|
||||
{
|
||||
"name": "proxy_path",
|
||||
"type": "string",
|
||||
"ask": {
|
||||
"en": "Redirect destination path (unix:/file for socket)",
|
||||
"fr": "Emplacement de destination (unix:/fichier pour socket)"
|
||||
},
|
||||
"example": "http://127.0.0.1:8080"
|
||||
},
|
||||
{
|
||||
"name": "is_public",
|
||||
"type": "boolean",
|
||||
"default": false
|
||||
},
|
||||
{
|
||||
"name": "assets_path",
|
||||
"type": "string",
|
||||
"ask": {
|
||||
"en": "Static assets folder",
|
||||
"fr": "Dossier pour les fichiers statiques"
|
||||
},
|
||||
"optional": true,
|
||||
"example": "/opt/foo/www/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
59
manifest.toml
Normal file
59
manifest.toml
Normal file
|
@ -0,0 +1,59 @@
|
|||
packaging_format = 2
|
||||
|
||||
id = "reverseproxy"
|
||||
name = "Reverse Proxy"
|
||||
description.en = "Create a reverse proxy to a socket/port, optionally serve static files from folder"
|
||||
description.fr = "Créer un reverse proxy vers un socket/port, optionnellement servir des fichiers statiques depuis un dossier"
|
||||
|
||||
version = "0.2~ynh1"
|
||||
|
||||
maintainers = ["selfhoster1312"]
|
||||
|
||||
[upstream]
|
||||
license = "AGPL-3.0-or-later"
|
||||
website = "https://en.wikipedia.org/wiki/Reverse_proxy"
|
||||
|
||||
[integration]
|
||||
yunohost = ">= 11.2"
|
||||
architectures = "all"
|
||||
multi_instance = true
|
||||
|
||||
ldap = "not_relevant"
|
||||
|
||||
sso = "not_relevant"
|
||||
|
||||
disk = "50M"
|
||||
ram.build = "90M"
|
||||
ram.runtime = "50M"
|
||||
|
||||
[install]
|
||||
[install.domain]
|
||||
type = "domain"
|
||||
|
||||
[install.path]
|
||||
type = "path"
|
||||
|
||||
[install.proxy_path]
|
||||
ask.en = "Redirect destination path (unix:/file for socket)"
|
||||
ask.fr = "Emplacement de destination (unix:/fichier pour socket)"
|
||||
type = "string"
|
||||
example = "http://127.0.0.1:8080"
|
||||
|
||||
[install.init_main_permission]
|
||||
type = "group"
|
||||
default = false
|
||||
|
||||
[install.assets_path]
|
||||
ask.en = "Static assets folder"
|
||||
ask.fr = "Dossier pour les fichiers statiques"
|
||||
type = "string"
|
||||
optional = true
|
||||
example = "/opt/foo/www/"
|
||||
|
||||
[resources]
|
||||
[resources.system_user]
|
||||
|
||||
[resources.install_dir]
|
||||
|
||||
[resources.permissions]
|
||||
main.url = "/"
|
|
@ -47,14 +47,14 @@ rp_validate_assets_path() {
|
|||
fi
|
||||
}
|
||||
|
||||
# When the app is not in the webroot (path_url = /), need to add a redirect block
|
||||
# When the app is not in the webroot (path = /), need to add a redirect block
|
||||
# to app/ so relative URLs work
|
||||
rp_handle_webroot() {
|
||||
if [[ "$path_url" = "/" ]]; then
|
||||
path_url_slash="/"
|
||||
if [[ "$path" = "/" ]]; then
|
||||
path_slash="/"
|
||||
redirect_block="# Not needed for webroot"
|
||||
else
|
||||
path_url_slash=""$path_url"/"
|
||||
redirect_block="location = "$path_url" { return 302 "$path_url_slash"; }"
|
||||
path_slash=""$path"/"
|
||||
redirect_block="location = "$path" { return 302 "$path_slash"; }"
|
||||
fi
|
||||
}
|
||||
|
|
|
@ -9,28 +9,12 @@
|
|||
source ../settings/scripts/_common.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
#=================================================
|
||||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_print_info --message="Loading installation settings..."
|
||||
|
||||
# Retrieve arguments
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
|
||||
#=================================================
|
||||
# BACKUP THE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
# Copy the conf files
|
||||
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf"
|
||||
ynh_backup --src_path="/etc/nginx/conf.d/${domain}.d/${app}.conf"
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
|
|
|
@ -8,37 +8,15 @@
|
|||
|
||||
source /usr/share/yunohost/helpers
|
||||
source _common.sh
|
||||
|
||||
#=================================================
|
||||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
||||
#=================================================
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
old_domain=$YNH_APP_OLD_DOMAIN
|
||||
new_domain=$YNH_APP_NEW_DOMAIN
|
||||
old_path=$YNH_APP_OLD_PATH
|
||||
new_path=$YNH_APP_NEW_PATH
|
||||
|
||||
# Path availability is already checked for
|
||||
|
||||
#=================================================
|
||||
# REVERSEPROXY_YNH
|
||||
#=================================================
|
||||
|
||||
# Nginx configuration
|
||||
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
path_url="$new_path"
|
||||
|
||||
path="$new_path"
|
||||
domain="$old_domain"
|
||||
proxy_path="$(ynh_app_setting_get --app=$app --key=proxy_path)"
|
||||
assets_path="$(ynh_app_setting_get --app=$app --key=assets_path)"
|
||||
|
||||
# Validate reverse proxy destination
|
||||
rp_validate_proxy_path
|
||||
|
@ -46,7 +24,7 @@ rp_validate_proxy_path
|
|||
# Validate assets_path
|
||||
rp_validate_assets_path
|
||||
|
||||
# Special case for "/" path_url
|
||||
# Special case for "/" path
|
||||
rp_handle_webroot
|
||||
|
||||
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
|
||||
|
@ -56,10 +34,10 @@ ynh_add_nginx_config
|
|||
|
||||
# Move file to new domain if domain has changed
|
||||
if [[ "$old_domain" != "$new_domain" ]]; then
|
||||
new_nginx_conf_path=/etc/nginx/conf.d/$new_domain.d/$app.conf
|
||||
ynh_delete_file_checksum --file="$nginx_conf_path"
|
||||
mv $nginx_conf_path $new_nginx_conf_path
|
||||
ynh_store_file_checksum --file="$new_nginx_conf_path"
|
||||
new_nginx_conf_path=/etc/nginx/conf.d/$new_domain.d/$app.conf
|
||||
ynh_delete_file_checksum --file="$nginx_conf_path"
|
||||
mv $nginx_conf_path $new_nginx_conf_path
|
||||
ynh_store_file_checksum --file="$new_nginx_conf_path"
|
||||
fi
|
||||
|
||||
|
||||
|
|
|
@ -9,55 +9,23 @@
|
|||
source _common.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
#=================================================
|
||||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
||||
#=================================================
|
||||
|
||||
# Retrieve arguments
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
domain=$YNH_APP_ARG_DOMAIN
|
||||
path_url=$YNH_APP_ARG_PATH
|
||||
proxy_path=$YNH_APP_ARG_PROXY_PATH
|
||||
assets_path=$YNH_APP_ARG_ASSETS_PATH
|
||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
||||
|
||||
#=================================================
|
||||
# REVERSEPROXY_YNH
|
||||
#=================================================
|
||||
|
||||
# Check domain/path availability
|
||||
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
|
||||
|
||||
# Validate reverse proxy destination
|
||||
rp_validate_proxy_path
|
||||
|
||||
# Validate assets_path
|
||||
rp_validate_assets_path
|
||||
|
||||
# Special case for "/" path_url
|
||||
# Special case for "/" path
|
||||
rp_handle_webroot
|
||||
|
||||
# Save extra settings
|
||||
ynh_app_setting_set --app=$app --key=proxy_path --value=$proxy_path
|
||||
ynh_app_setting_set --app=$app --key=assets_path --value=$assets_path
|
||||
|
||||
# Configure nginx
|
||||
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
ynh_add_nginx_config
|
||||
|
||||
# Make app public if necessary (yunohost setting boolean is 1 when true)
|
||||
ynh_script_progression --message="Configuring permissions..." --weight=2
|
||||
if [ $is_public -eq 1 ]; then
|
||||
ynh_permission_update --permission="main" --add="visitors"
|
||||
fi
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
|
|
|
@ -9,15 +9,6 @@
|
|||
source _common.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Loading installation settings..." --weight=1
|
||||
|
||||
# Retrieve arguments
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
|
||||
#=================================================
|
||||
# REVERSEPROXY_YNH
|
||||
#=================================================
|
||||
|
@ -25,10 +16,6 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|||
# Remove configuration files
|
||||
ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf
|
||||
|
||||
# Reload nginx
|
||||
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
|
|
@ -9,24 +9,6 @@
|
|||
source ../settings/scripts/_common.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
#=================================================
|
||||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
|
||||
# Retrieve arguments
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||
proxy_path=$(ynh_app_setting_get --app=$app --key=proxy_path)
|
||||
assets_path=$(ynh_app_setting_get --app=$app --key=assets_path)
|
||||
|
||||
#=================================================
|
||||
# REVERSEPROXY_YNH
|
||||
#=================================================
|
||||
|
|
|
@ -10,30 +10,6 @@
|
|||
source _common.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
|
||||
# Retrieve arguments
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||
proxy_path=$(ynh_app_setting_get --app=$app --key=proxy_path)
|
||||
assets_path=$(ynh_app_setting_get --app=$app --key=assets_path)
|
||||
|
||||
#=================================================
|
||||
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
||||
#=================================================
|
||||
|
||||
# Backup the current version of the app
|
||||
ynh_backup_before_upgrade
|
||||
ynh_clean_setup () {
|
||||
# restore it if the upgrade fails
|
||||
ynh_restore_upgradebackup
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# REVERSEPROXY_YNH
|
||||
#=================================================
|
||||
|
@ -44,12 +20,12 @@ rp_validate_proxy_path
|
|||
# Validate assets_path
|
||||
rp_validate_assets_path
|
||||
|
||||
# Special case for "/" path_url
|
||||
# Special case for "/" path
|
||||
rp_handle_webroot
|
||||
|
||||
# Configure nginx
|
||||
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
|
|
7
tests.toml
Normal file
7
tests.toml
Normal file
|
@ -0,0 +1,7 @@
|
|||
test_format = 1.0
|
||||
|
||||
[default]
|
||||
|
||||
|
||||
args.proxy_path="http://127.0.0.1:6787"
|
||||
args.assets_path="/usr/share/yunohost/admin"
|
Loading…
Reference in a new issue