#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # CHECK VERSION #================================================= upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." # If final_path doesn't exist, create it if [ -z "$final_path" ]; then final_path=/var/www/$app ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi if [ -n "$is_public" ]; then # Delete is_public key. It is now handled by the permissions system ynh_app_setting_delete --app=$app --key=is_public # Delete legacy permission settings ynh_app_setting_delete --app=$app --key=unprotected_uris ynh_app_setting_delete --app=$app --key=protected_uris ynh_app_setting_delete --app=$app --key=skipped_uris fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { # restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." # Create a temporary directory tmpdir="$(mktemp -d)" # Backup the config file in the temp dir cp -a "$final_path/data" "$tmpdir/data" cp -a "$final_path/tpl" "$tmpdir/tpl" # Remove the app directory securely ynh_secure_remove "$final_path" # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" cp -a "$tmpdir/data" "$final_path/" cp -a "$tmpdir/tpl" "$final_path/" # Remove the tmp directory securely ynh_secure_remove --file="$tmpdir" fi #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Upgrading PHP-FPM configuration..." # Create a dedicated php-fpm config ynh_add_fpm_config --usage=low --footprint=low --package="$extra_php_dependencies" #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Upgrading logrotate configuration..." # Use logrotate to manage app-specific logfile(s) # Temporary fix for .txt log file and ynh_use_logrotate if [ -d "$final_path/data/log.txt" ] then ynh_secure_remove "$final_path/data/log.txt" touch "$final_path/data/log.txt" fi ynh_use_logrotate --non-append #================================================= # SECURE FILES AND DIRECTORIES #================================================= ynh_script_progression --message="Securing files and directories..." chown -R $app: $final_path chmod -R g+rX $final_path chmod -R g+rwX $final_path/{cache/,data/,pagecache/,tmp/} #================================================= # UPGRADE FAIL2BAN #================================================= ynh_script_progression --message="Reconfiguring Fail2Ban..." # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="$final_path/data/log.txt" --failregex="\s-\s\s-\sLogin failed for user.*$" #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Upgrade of $app completed"