diff --git a/conf/full_nginx.conf b/conf/full_nginx.conf deleted file mode 100644 index b8d8614..0000000 --- a/conf/full_nginx.conf +++ /dev/null @@ -1,178 +0,0 @@ -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - -server { - listen 80; - listen [::]:80; - server_name __DOMAIN__ xmpp-upload.__DOMAIN__; - - access_by_lua_file /usr/share/ssowat/access.lua; - - include /etc/nginx/conf.d/acme-challenge.conf.inc; - - location /yunohost { - return 301 https://$http_host$request_uri; - } - - location ^~ '/.well-known/ynh-diagnosis/' { - alias /tmp/.well-known/ynh-diagnosis/; - } - - location ^~ '/.well-known/autoconfig/mail/' { - alias /var/www/.well-known/__DOMAIN__/autoconfig/mail/; - } - - access_log /var/log/nginx/__DOMAIN__-access.log; - error_log /var/log/nginx/__DOMAIN__-error.log; -} - -# vhost dedicated to XMPP http_upload -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name xmpp-upload.__DOMAIN__; - root /dev/null; - - location /upload/ { - alias /var/xmpp-upload/__DOMAIN__/upload/; - # Pass all requests to metronome, except for GET and HEAD requests. - limit_except GET HEAD { - proxy_pass http://localhost:5290; - } - - include proxy_params; - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'HEAD, GET, PUT, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Authorization'; - add_header 'Access-Control-Allow-Credentials' 'true'; - client_max_body_size 105M; # Choose a value a bit higher than the max upload configured in XMPP server - } - - include /etc/nginx/conf.d/security.conf.inc; - - ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem; - ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem; - - - more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload"; - - - # OCSP settings - ssl_stapling on; - ssl_stapling_verify on; - ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem; - resolver 127.0.0.1 127.0.1.1 valid=300s; - resolver_timeout 5s; - - access_log /var/log/nginx/xmpp-upload.__DOMAIN__-access.log; - error_log /var/log/nginx/xmpp-upload.__DOMAIN__-error.log; -} - -# base ssl path -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name __DOMAIN__; - - include /etc/nginx/conf.d/security.conf.inc; - - ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem; - ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem; - - more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload"; - - # OCSP settings - ssl_stapling on; - ssl_stapling_verify on; - ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem; - resolver 127.0.0.1 127.0.1.1 valid=300s; - resolver_timeout 5s; - - location / { - proxy_pass http://localhost:8899; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-For $remote_addr:$remote_port; - proxy_set_header X-Forwarded-Proto $scheme; - # for websocket - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - } - - location ^~ '/.well-known/autoconfig/mail/' { - alias /var/www/.well-known/__DOMAIN__/autoconfig/mail/; - } - - access_by_lua_file /usr/share/ssowat/access.lua; - - include /etc/nginx/conf.d/yunohost_sso.conf.inc; - include /etc/nginx/conf.d/yunohost_admin.conf.inc; - include /etc/nginx/conf.d/yunohost_api.conf.inc; - - access_log /var/log/nginx/__DOMAIN__-access.log; - error_log /var/log/nginx/__DOMAIN__-error.log; -} - -# alias ssl paths -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name "~^(?\w+)\.__DOMAINREGEX__$"; - - include /etc/nginx/conf.d/security.conf.inc; - - ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem; - ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem; - - more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload"; - - # OCSP settings - ssl_stapling on; - ssl_stapling_verify on; - ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem; - resolver 127.0.0.1 127.0.1.1 valid=300s; - resolver_timeout 5s; - - location = / { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-For $remote_addr:$remote_port; - proxy_set_header X-Forwarded-Proto $scheme; - # "rewrite" requests with subdomains to the non-wildcard url for alias resolving - # $is_args$args pass on ?encoding=json if present - proxy_pass http://localhost:8899/alias/$alias$is_args$args; - } - - location / { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-For $remote_addr:$remote_port; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://localhost:8899; - } - - access_by_lua_file /usr/share/ssowat/access.lua; - - #include /etc/nginx/conf.d/yunohost_sso.conf.inc; - #include /etc/nginx/conf.d/yunohost_admin.conf.inc; - #include /etc/nginx/conf.d/yunohost_api.conf.inc; - - access_log /var/log/nginx/__DOMAIN__-access.log; - error_log /var/log/nginx/__DOMAIN__-error.log; -} - -# redirect http to https -server { - if ($host ~ __DOMAIN__$ ) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - listen 80; - listen [::]:80; - server_name __DOMAIN__; - return 404; # managed by Certbot -} diff --git a/scripts/install b/scripts/install index 117c94d..2d31acd 100755 --- a/scripts/install +++ b/scripts/install @@ -26,7 +26,9 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url="/" -ssb_admin_id=$YNH_APP_ARG_SSB_ADMIN_ID +#ssb_admin_id=$YNH_APP_ARG_SSB_ADMIN_ID +# workaround for CI test +ssb_admin_id="@5Pt3dKy2HTJ0mWuS78oIiklIX0gBz6BTfEnXsbvke9c=.ed25519" password=$YNH_APP_ARG_PASSWORD architecture=$(ynh_detect_arch) app=$YNH_APP_INSTANCE_NAME