From e7dbc960488d87dbab64ad0ce02fc568131c436a Mon Sep 17 00:00:00 2001 From: mhfowler Date: Wed, 15 Sep 2021 08:17:28 +0200 Subject: [PATCH] Working on single install --- conf/amd64.src | 4 +- conf/full_nginx.conf | 178 ++++++++++++++++++++++++++++++++++++++++ conf/systemd.service | 5 +- manifest.json | 26 ++---- scripts/_common.sh | 14 ++++ scripts/change_url | 34 ++------ scripts/install | 191 +++++++------------------------------------ scripts/remove | 51 +++++------- 8 files changed, 257 insertions(+), 246 deletions(-) create mode 100644 conf/full_nginx.conf diff --git a/conf/amd64.src b/conf/amd64.src index c8fad3e..40dae93 100644 --- a/conf/amd64.src +++ b/conf/amd64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/ssb-ngi-pointer/go-ssb-room/releases/download/v2.0.6/go-ssb-room_2.0.6_Linux_x86_64.tar.gz -SOURCE_SUM=0ab385e7632ad8c3c16c13f6bb1843dcfaa9e927afd9d6a8a35691b14a308e5e +SOURCE_URL=https://files.commoninternet.net/go-ssb-room_2.0.6_Linux_x86_64.tar.gz +SOURCE_SUM=7823838a42daac48c39f13563552b84920d66e782acf239d1da5fbd3b475c5bf SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/full_nginx.conf b/conf/full_nginx.conf new file mode 100644 index 0000000..b8d8614 --- /dev/null +++ b/conf/full_nginx.conf @@ -0,0 +1,178 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + listen 80; + listen [::]:80; + server_name __DOMAIN__ xmpp-upload.__DOMAIN__; + + access_by_lua_file /usr/share/ssowat/access.lua; + + include /etc/nginx/conf.d/acme-challenge.conf.inc; + + location /yunohost { + return 301 https://$http_host$request_uri; + } + + location ^~ '/.well-known/ynh-diagnosis/' { + alias /tmp/.well-known/ynh-diagnosis/; + } + + location ^~ '/.well-known/autoconfig/mail/' { + alias /var/www/.well-known/__DOMAIN__/autoconfig/mail/; + } + + access_log /var/log/nginx/__DOMAIN__-access.log; + error_log /var/log/nginx/__DOMAIN__-error.log; +} + +# vhost dedicated to XMPP http_upload +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name xmpp-upload.__DOMAIN__; + root /dev/null; + + location /upload/ { + alias /var/xmpp-upload/__DOMAIN__/upload/; + # Pass all requests to metronome, except for GET and HEAD requests. + limit_except GET HEAD { + proxy_pass http://localhost:5290; + } + + include proxy_params; + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'HEAD, GET, PUT, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'Authorization'; + add_header 'Access-Control-Allow-Credentials' 'true'; + client_max_body_size 105M; # Choose a value a bit higher than the max upload configured in XMPP server + } + + include /etc/nginx/conf.d/security.conf.inc; + + ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem; + ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem; + + + more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload"; + + + # OCSP settings + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem; + resolver 127.0.0.1 127.0.1.1 valid=300s; + resolver_timeout 5s; + + access_log /var/log/nginx/xmpp-upload.__DOMAIN__-access.log; + error_log /var/log/nginx/xmpp-upload.__DOMAIN__-error.log; +} + +# base ssl path +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name __DOMAIN__; + + include /etc/nginx/conf.d/security.conf.inc; + + ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem; + ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem; + + more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload"; + + # OCSP settings + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem; + resolver 127.0.0.1 127.0.1.1 valid=300s; + resolver_timeout 5s; + + location / { + proxy_pass http://localhost:8899; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $remote_addr:$remote_port; + proxy_set_header X-Forwarded-Proto $scheme; + # for websocket + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } + + location ^~ '/.well-known/autoconfig/mail/' { + alias /var/www/.well-known/__DOMAIN__/autoconfig/mail/; + } + + access_by_lua_file /usr/share/ssowat/access.lua; + + include /etc/nginx/conf.d/yunohost_sso.conf.inc; + include /etc/nginx/conf.d/yunohost_admin.conf.inc; + include /etc/nginx/conf.d/yunohost_api.conf.inc; + + access_log /var/log/nginx/__DOMAIN__-access.log; + error_log /var/log/nginx/__DOMAIN__-error.log; +} + +# alias ssl paths +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name "~^(?\w+)\.__DOMAINREGEX__$"; + + include /etc/nginx/conf.d/security.conf.inc; + + ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem; + ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem; + + more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload"; + + # OCSP settings + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem; + resolver 127.0.0.1 127.0.1.1 valid=300s; + resolver_timeout 5s; + + location = / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $remote_addr:$remote_port; + proxy_set_header X-Forwarded-Proto $scheme; + # "rewrite" requests with subdomains to the non-wildcard url for alias resolving + # $is_args$args pass on ?encoding=json if present + proxy_pass http://localhost:8899/alias/$alias$is_args$args; + } + + location / { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $remote_addr:$remote_port; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://localhost:8899; + } + + access_by_lua_file /usr/share/ssowat/access.lua; + + #include /etc/nginx/conf.d/yunohost_sso.conf.inc; + #include /etc/nginx/conf.d/yunohost_admin.conf.inc; + #include /etc/nginx/conf.d/yunohost_api.conf.inc; + + access_log /var/log/nginx/__DOMAIN__-access.log; + error_log /var/log/nginx/__DOMAIN__-error.log; +} + +# redirect http to https +server { + if ($host ~ __DOMAIN__$ ) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + listen [::]:80; + server_name __DOMAIN__; + return 404; # managed by Certbot +} diff --git a/conf/systemd.service b/conf/systemd.service index a7992ee..04f5647 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -6,9 +6,8 @@ After=network.target Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/ -ExecStart=__FINALPATH__/go-ssb-room -repo /var/lib/peachcloud/go-ssb-room -lishttp localhost:8899 -https-domain ssbroom.commoninternet.net -WorkingDirectory=/var/lib/peachcloud/go-ssb-room +WorkingDirectory=__DATADIR__/ +ExecStart=__FINALPATH__/go-ssb-room -repo __DATADIR__/ -lishttp localhost:__PORT__ -https-domain __DOMAIN__ -lismux localhost:__SSBPORT__ StandardOutput=append:/var/log/__APP__/__APP__.log StandardError=inherit diff --git a/manifest.json b/manifest.json index 845b26e..d503078 100644 --- a/manifest.json +++ b/manifest.json @@ -35,29 +35,19 @@ "example": "example.com" }, { - "name": "path", - "type": "path", - "example": "/example", - "default": "/example" - }, - { - "name": "admin", - "type": "user", - "example": "johndoe" - }, - { - "name": "is_public", - "type": "boolean", - "default": true + "name": "ssb_admin_id", + "type": "string", + "help": { + "en": "This ssb_id is used as the username for the first admin of the room. Create an ssb account or use your already existing ssb account, and use your ssb public key as the room admin id." + }, + "example": "@5Pt3dKy2HTJ0mWuS78oIiklIX0gBz6BTfEnXsbvke9c=.ed25519" }, { "name": "password", "type": "password", "help": { - "en": "Use the help field to add an information for the admin about this question.", - "fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question." - }, - "example": "Choose a password" + "en": "Use this password to log into the admin interface for the ssb room." + } } ] } diff --git a/scripts/_common.sh b/scripts/_common.sh index ac25ae5..e7862b3 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -11,6 +11,20 @@ pkg_dependencies="" # PERSONAL HELPERS #================================================= +# because ssbroom requires wildcard subdomains for aliases +# we need this custom function for creating the ssbroom nginx config +# instead of the standard ynh_add_nginx_config +add_ssb_room_nginx_config() { + domain=$1 + domainregex=$(echo "$domain" | sed -r 's/\./\\\./g') + # the sed statement above replaces all . with \. + ynh_add_config --template="full_nginx.conf" --destination="/etc/nginx/conf.d/$domain.conf" +} + +remove_ssb_room_nginx_config() { + rm "/etc/nginx/conf.d/$domain.conf" +} + #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/change_url b/scripts/change_url index 495b7eb..5b82867 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -81,35 +81,11 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." --time --weight=1 -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -# Change the path in the NGINX config file -if [ $change_path -eq 1 ] -then - # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated NGINX config - ynh_add_nginx_config -fi - -# Change the domain for NGINX -if [ $change_domain -eq 1 ] -then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" -fi - -#================================================= -# SPECIFIC MODIFICATIONS -#================================================= -# ... -#================================================= +# because ssbroom requires wildcard subdomains for aliases +# we need this custom function for creating the ssbroom nginx config +# instead of the standard ynh_add_nginx_config +remove_ssb_room_nginx_config $old_domain +add_ssb_room_nginx_config $new_domain #================================================= # GENERIC FINALISATION diff --git a/scripts/install b/scripts/install index 743f99e..b877423 100755 --- a/scripts/install +++ b/scripts/install @@ -25,40 +25,18 @@ ynh_abort_if_errors #================================================= domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -admin=$YNH_APP_ARG_ADMIN -is_public=$YNH_APP_ARG_IS_PUBLIC +path_url="/" +ssb_admin_id=$YNH_APP_ARG_SSB_ADMIN_ID password=$YNH_APP_ARG_PASSWORD architecture=$(ynh_detect_arch) - -### If it's a multi-instance app, meaning it can be installed several times independently -### The id of the app as stated in the manifest is available as $YNH_APP_ID -### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...) -### The app instance name is available as $YNH_APP_INSTANCE_NAME -### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -### - ynhexample__{N} for the subsequent installations, with N=3,4... -### The app instance name is probably what interests you most, since this is -### guaranteed to be unique. This is a good unique identifier to define installation path, -### db names... app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -### About --weight and --time -### ynh_script_progression will show to your final users the progression of each scripts. -### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script. -### --time is a packager option, it will show you the execution time since the previous call. -### This option should be removed before releasing your app. -### Use the execution time, given by --time, to estimate the weight of a step. -### A common way to do it is to set a weight equal to the execution time in second +1. -### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call. ynh_script_progression --message="Validating installation parameters..." --time --weight=1 -### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". -### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app" -final_path=/var/www/$app +final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path @@ -71,7 +49,7 @@ ynh_script_progression --message="Storing installation settings..." --time --wei ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=admin --value=$admin +ynh_app_setting_set --app=$app --key=admin --value=$ssb_admin_id #================================================= # STANDARD MODIFICATIONS @@ -80,36 +58,23 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin #================================================= ynh_script_progression --message="Finding an available port..." --time --weight=1 -### Use these lines if you have to open a port for the application -### `ynh_find_port` will find the first available port starting from the given port. -### If you're not using these lines: -### - Remove the section "CLOSE A PORT" in the remove script - -# Find an available port +# Find an available port for web interface port=$(ynh_find_port --port=8899) ynh_app_setting_set --app=$app --key=port --value=$port -# Optional: Expose this port publicly -# (N.B.: you only need to do this if the app actually needs to expose the port publicly. -# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !) +# Find an available port for ssb tunnels +ssbport=$(ynh_find_port --port=8008) +ynh_app_setting_set --app=$app --key=ssbport --value=$ssbport -# Open the port -# ynh_script_progression --message="Configuring firewall..." --time --weight=1 -# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port +# Open the ssbport to the public +ynh_script_progression --message="Configuring firewall..." --time --weight=1 +ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $ssbport #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." --time --weight=1 -### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package. -### Those deb packages will be installed as dependencies of this package. -### If you're not using this helper: -### - Remove the section "REMOVE DEPENDENCIES" in the remove script -### - Remove the variable "pkg_dependencies" in _common.sh -### - As well as the section "REINSTALL DEPENDENCIES" in the restore script -### - And the section "UPGRADE DEPENDENCIES" in the upgrade script - ynh_install_app_dependencies $pkg_dependencies #================================================= @@ -120,7 +85,6 @@ ynh_script_progression --message="Configuring system user..." --time --weight=1 # Create a system user ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -139,85 +103,39 @@ chown -R $app:www-data "$final_path" #================================================= ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1 -### `ynh_add_nginx_config` will use the file conf/nginx.conf - -# Create a dedicated NGINX config -ynh_add_nginx_config - - -#================================================= -# SPECIFIC SETUP -#================================================= -# ... -#================================================= +# because ssbroom requires wildcard subdomains for aliases +# we need this custom function for creating the ssbroom nginx config +add_ssb_room_nginx_config $domain #================================================= # CREATE DATA DIRECTORY #================================================= ynh_script_progression --message="Creating a data directory..." --time --weight=1 -### Use these lines if you need to create a directory to store "persistent files" for the application. -### Usually this directory is used to store uploaded files or any file that won't be updated during -### an upgrade and that won't be deleted during app removal -### If you're not using these lines: -### - Remove the section "BACKUP THE DATA DIR" in the backup script -### - As well as the section "RESTORE THE DATA DIRECTORY" in the restore script - datadir=/home/yunohost.app/$app ynh_app_setting_set --app=$app --key=datadir --value=$datadir mkdir -p $datadir -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. +# permissions chmod 750 "$datadir" chmod -R o-rwx "$datadir" chown -R $app:www-data "$datadir" +#================================================= +# CREATE FIRST ADMIN USER +#================================================= +ynh_script_progression --message="Creating first ssbroom admin user" --weight=1 +ynh_exec_as $app $final_path/insert-user -repo $datadir $ssb_admin_id + #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Configuring a systemd service..." --time --weight=1 -### `ynh_systemd_config` is used to configure a systemd script for an app. -### It can be used for apps that use sysvinit (with adaptation) or systemd. -### Have a look at the app to be sure this app needs a systemd script. -### `ynh_systemd_config` will use the file conf/systemd.service -### If you're not using these lines: -### - You can remove those files in conf/. -### - Remove the section "BACKUP SYSTEMD" in the backup script -### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script -### - As well as the section "RESTORE SYSTEMD" in the restore script -### - And the section "SETUP SYSTEMD" in the upgrade script - # Create a dedicated systemd config ynh_add_systemd_config -#================================================= -# SETUP APPLICATION WITH CURL -#================================================= - -### Use these lines only if the app installation needs to be finalized through -### web forms. We generally don't want to ask the final user, -### so we're going to use curl to automatically fill the fields and submit the -### forms. - -# Set the app as temporarily public for curl call -ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 -# Making the app public for curl -ynh_permission_update --permission="main" --add="visitors" - -# Installation with curl -ynh_script_progression --message="Finalizing installation..." --time --weight=1 -ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" - -# Remove the public access -ynh_permission_update --permission="main" --remove="visitors" - #================================================= # GENERIC FINALIZATION #================================================= @@ -225,14 +143,6 @@ ynh_permission_update --permission="main" --remove="visitors" #================================================= ynh_script_progression --message="Configuring log rotation..." --time --weight=1 -### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. -### Use this helper only if there is effectively a log file for this app. -### If you're not using this helper: -### - Remove the section "BACKUP LOGROTATE" in the backup script -### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script -### - And the section "SETUP LOGROTATE" in the upgrade script - # Use logrotate to manage application logfile(s) ynh_use_logrotate @@ -241,46 +151,13 @@ ynh_use_logrotate #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 -### `yunohost service add` integrates a service in YunoHost. It then gets -### displayed in the admin interface and through the others `yunohost service` commands. -### (N.B.: this line only makes sense if the app adds a service to the system!) -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script -### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script -### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script - -yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" - -### Additional options starting with 3.8: -### -### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed -### which will then be checked by YunoHost's diagnosis system -### (N.B. DO NOT USE THIS is the port is only internal!!!) -### -### --test_status "some command" a custom command to check the status of the service -### (only relevant if 'systemctl status' doesn't do a good job) -### -### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service -### -### Re-calling 'yunohost service add' during the upgrade script is the right way -### to proceed if you later realize that you need to enable some flags that -### weren't enabled on old installs (be careful it'll override the existing -### service though so you should re-provide all relevant flags when doing so) +yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" --needs_exposed_ports $ssbport #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --time --weight=1 -### `ynh_systemd_action` is used to start a systemd service for an app. -### Only needed if you have configure a systemd service -### If you're not using these lines: -### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script -### - As well as the section "START SYSTEMD SERVICE" in the restore script -### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script -### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script - # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" @@ -289,24 +166,14 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap #================================================= ynh_script_progression --message="Configuring permissions..." --time --weight=1 -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi +# Make app public +# Everyone can access the app. +# The "main" permission is automatically created before the install script. +ynh_permission_update --permission="main" --add="visitors" -### N.B. : the following extra permissions only make sense if your app -### does have for example an admin interface or an api. - -# Only the admin can access the admin panel of the app (if the app has an admin panel) -ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin - -# Everyone can access to the api part -# We don't want to display the tile in the sso so we put --show_tile="false" -# And we don't want that the YunoHost Admin can remove visitors group to this permission, so we put --protected="true" -ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" +# all users can access the /admin section, with or without SSO +# as go-ssb-room has its own authentication and user-system +# which operates outside of yunohost SSO #================================================= # RELOAD NGINX diff --git a/scripts/remove b/scripts/remove index d53be6d..54fd75b 100755 --- a/scripts/remove +++ b/scripts/remove @@ -18,9 +18,9 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) port=$(ynh_app_setting_get --app=$app --key=port) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name +ssbport=$(ynh_app_setting_get --app=$app --key=ssbport) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # STANDARD REMOVE @@ -51,14 +51,6 @@ ynh_script_progression --message="Removing logrotate configuration..." --time -- # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# REMOVE THE MYSQL DATABASE -#================================================= -ynh_script_progression --message="Removing the MySQL database..." --time --weight=1 - -# Remove a database if it exists, along with the associated user -ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name - #================================================= # REMOVE DEPENDENCIES #================================================= @@ -75,21 +67,24 @@ ynh_script_progression --message="Removing app main directory..." --time --weigh # Remove the app directory securely ynh_secure_remove --file="$final_path" +#================================================= +# REMOVE DATA DIR +#================================================= +ynh_script_progression --message="Removing data directory..." --time --weight=1 + +# Remove the data directory securely +ynh_secure_remove --file="$datadir" + #================================================= # REMOVE NGINX CONFIGURATION #================================================= ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1 +# because ssbroom requires wildcard subdomains for aliases +# we need this custom function for creating/removing the ssbroom nginx config +# instead of the standard ynh_add_nginx_config # Remove the dedicated NGINX config -ynh_remove_nginx_config - -#================================================= -# REMOVE PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1 - -# Remove the dedicated PHP-FPM config -ynh_remove_fpm_config +remove_ssb_room_nginx_config $domain #================================================= # CLOSE A PORT @@ -101,13 +96,11 @@ then ynh_exec_warn_less yunohost firewall disallow TCP $port fi -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Removing Fail2ban configuration..." --time --weight=1 - -# Remove the dedicated Fail2Ban config -ynh_remove_fail2ban_config +if yunohost firewall list | grep -q "\- $ssbport$" +then + ynh_script_progression --message="Closing ssbport $ssbport..." --time --weight=1 + ynh_exec_warn_less yunohost firewall disallow TCP $ssbport +fi #================================================= # SPECIFIC REMOVE @@ -116,12 +109,6 @@ ynh_remove_fail2ban_config #================================================= ynh_script_progression --message="Removing various files..." --time --weight=1 -# Remove a cron file -ynh_secure_remove --file="/etc/cron.d/$app" - -# Remove a directory securely -ynh_secure_remove --file="/etc/$app" - # Remove the log files ynh_secure_remove --file="/var/log/$app"