#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_print_info "Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=is_public --value=$is_public #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." ynh_install_app_dependencies $pkg_dependencies #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." # Bug in Nginx with locations and aliases (see http://stackoverflow.com/a/35102259 ) if [ $path_url = "/" ]; then ynh_replace_string "__PATH_HACK__" "" "../conf/nginx.conf" else ynh_replace_string "__PATH_HACK__" "$path_url/$path_url" "../conf/nginx.conf" fi # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." # Create a system user ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_print_info "Configuring PHP-FPM..." # Create a dedicated PHP-FPM config ynh_add_fpm_config --usage=low --footprint=low --package="$extra_php_dependencies" #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." # Use logrotate to manage application logfile(s) touch "$final_path/data/log.txt" ynh_use_logrotate "$final_path/data/log.txt" #================================================= # SECURE FILES AND DIRECTORIES #================================================= # set proper permissions ynh_script_progression --message="Set permissions..." find $final_path -type f | xargs chmod 644 find $final_path -type d | xargs chmod 755 # Set right permissions for curl install ynh_script_progression --message="Set rights..." chown -R $app: $final_path #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="$final_path/data/log.txt" --failregex="\s-\s\s-\sLogin failed for user.*$" #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring SSOwat..." # Make app public if necessary if [ $is_public -eq 1 ] then # unprotected_uris allows SSO credentials to be passed anyway. ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" fi #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed"