mirror of
https://github.com/YunoHost-Apps/reverseproxy_ynh.git
synced 2024-09-03 20:16:23 +02:00
93 lines
3.5 KiB
Bash
93 lines
3.5 KiB
Bash
#!/bin/bash
|
||
|
||
#=================================================
|
||
# GENERIC START
|
||
#=================================================
|
||
# IMPORT GENERIC HELPERS
|
||
#=================================================
|
||
|
||
source /usr/share/yunohost/helpers
|
||
|
||
#=================================================
|
||
# MANAGE SCRIPT FAILURE
|
||
#=================================================
|
||
|
||
# Exit if an error occurs during the execution of the script
|
||
ynh_abort_if_errors
|
||
|
||
#=================================================
|
||
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
||
#=================================================
|
||
|
||
# Retrieve arguments
|
||
app=$YNH_APP_INSTANCE_NAME
|
||
domain=$YNH_APP_ARG_DOMAIN
|
||
path_url=$YNH_APP_ARG_PATH
|
||
redirect_type=$YNH_APP_ARG_REDIRECT_TYPE
|
||
redirect_path=$YNH_APP_ARG_REDIRECT_PATH
|
||
|
||
# Check domain/path availability
|
||
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
|
||
|
||
# Validate redirect path
|
||
url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
|
||
[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1
|
||
|
||
# Avoid uncrypted remote destination with reverse proxy mode
|
||
# Indeed the SSO send the password in all requests in HTTP headers
|
||
url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$'
|
||
[[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]] && ynh_die \
|
||
"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path" 1
|
||
|
||
# Save extra settings
|
||
ynh_app_setting_set --app=$app --key=redirect_type --value=$redirect_type
|
||
ynh_app_setting_set --app=$app --key=redirect_path --value=$redirect_path
|
||
|
||
#=================================================
|
||
# CONFIGURE NGINX
|
||
#=================================================
|
||
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
|
||
|
||
# Nginx configuration
|
||
for FILE in $(ls ../conf/nginx-*.conf)
|
||
do
|
||
ynh_replace_string "YNH_LOCATION" "$path_url" $FILE
|
||
done
|
||
if [ "$redirect_type" = "public_302" ];
|
||
then
|
||
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf
|
||
cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf
|
||
elif [ "$redirect_type" = "public_301" ];
|
||
then
|
||
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf
|
||
cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf
|
||
elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ];
|
||
then
|
||
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf
|
||
cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf
|
||
fi
|
||
|
||
#=================================================
|
||
# CONFIGURE SSOWAT
|
||
#=================================================
|
||
ynh_script_progression --message="Configuring permissions..." --weight=2
|
||
|
||
# Make app public if necessary
|
||
if [ "$redirect_type" != "private_proxy" ]
|
||
then
|
||
# unprotected_uris allows SSO credentials to be passed anyway.
|
||
ynh_permission_update --permission="main" --add="visitors"
|
||
fi
|
||
|
||
#=================================================
|
||
# RELOAD NGINX
|
||
#=================================================
|
||
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
|
||
|
||
ynh_systemd_action --service_name=nginx --action=reload
|
||
|
||
#=================================================
|
||
# END OF SCRIPT
|
||
#=================================================
|
||
|
||
ynh_script_progression --message="Installation of $app completed" --last
|