Working on single install

2024-09-03 20:26:29 +02:00 · 2021-09-15 08:17:28 +02:00 · 2021-09-15 08:17:28 +02:00 · e7dbc96048
commit e7dbc96048
parent 2bce3a74d1
8 changed files with 257 additions and 246 deletions
--- a/conf/amd64.src
+++ b/conf/amd64.src
@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/ssb-ngi-pointer/go-ssb-room/releases/download/v2.0.6/go-ssb-room_2.0.6_Linux_x86_64.tar.gz
+SOURCE_URL=https://files.commoninternet.net/go-ssb-room_2.0.6_Linux_x86_64.tar.gz
-SOURCE_SUM=0ab385e7632ad8c3c16c13f6bb1843dcfaa9e927afd9d6a8a35691b14a308e5e
+SOURCE_SUM=7823838a42daac48c39f13563552b84920d66e782acf239d1da5fbd3b475c5bf
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true
--- a/conf/full_nginx.conf
+++ b/conf/full_nginx.conf
@ -0,0 +1,178 @@
 map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
 }
 server {
    listen 80;
    listen [::]:80;
    server_name __DOMAIN__ xmpp-upload.__DOMAIN__;
    access_by_lua_file /usr/share/ssowat/access.lua;
    include /etc/nginx/conf.d/acme-challenge.conf.inc;
    location /yunohost {
        return 301 https://$http_host$request_uri;
    }
    location ^~ '/.well-known/ynh-diagnosis/' {
        alias /tmp/.well-known/ynh-diagnosis/;
    }
    location ^~ '/.well-known/autoconfig/mail/' {
        alias /var/www/.well-known/__DOMAIN__/autoconfig/mail/;
    }
    access_log /var/log/nginx/__DOMAIN__-access.log;
    error_log /var/log/nginx/__DOMAIN__-error.log;
 }
 # vhost dedicated to XMPP http_upload
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name xmpp-upload.__DOMAIN__;
    root /dev/null;
    location /upload/ {
        alias /var/xmpp-upload/__DOMAIN__/upload/;
        # Pass all requests to metronome, except for GET and HEAD requests.
        limit_except GET HEAD {
          proxy_pass http://localhost:5290;
        }
        include proxy_params;
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'HEAD, GET, PUT, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'Authorization';
        add_header 'Access-Control-Allow-Credentials' 'true';
        client_max_body_size 105M; # Choose a value a bit higher than the max upload configured in XMPP server
    }
    include /etc/nginx/conf.d/security.conf.inc;
    ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
    ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem;
    more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
    # OCSP settings
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
    resolver 127.0.0.1 127.0.1.1 valid=300s;
    resolver_timeout 5s;
    access_log /var/log/nginx/xmpp-upload.__DOMAIN__-access.log;
    error_log /var/log/nginx/xmpp-upload.__DOMAIN__-error.log;
 }
 # base ssl path
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name __DOMAIN__;
    include /etc/nginx/conf.d/security.conf.inc;
    ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
    ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem;
    more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
    # OCSP settings
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
    resolver 127.0.0.1 127.0.1.1 valid=300s;
    resolver_timeout 5s;
    location / {
        proxy_pass http://localhost:8899;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        # for websocket
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
    location ^~ '/.well-known/autoconfig/mail/' {
        alias /var/www/.well-known/__DOMAIN__/autoconfig/mail/;
    }
    access_by_lua_file /usr/share/ssowat/access.lua;
    include /etc/nginx/conf.d/yunohost_sso.conf.inc;
    include /etc/nginx/conf.d/yunohost_admin.conf.inc;
    include /etc/nginx/conf.d/yunohost_api.conf.inc;
    access_log /var/log/nginx/__DOMAIN__-access.log;
    error_log /var/log/nginx/__DOMAIN__-error.log;
 }
 # alias ssl paths
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name "~^(?<alias>\w+)\.__DOMAINREGEX__$";
    include /etc/nginx/conf.d/security.conf.inc;
    ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
    ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem;
    more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
    # OCSP settings
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
    resolver 127.0.0.1 127.0.1.1 valid=300s;
    resolver_timeout 5s;
    location = / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        # "rewrite" requests with subdomains to the non-wildcard url for alias resolving
        # $is_args$args pass on ?encoding=json if present
        proxy_pass http://localhost:8899/alias/$alias$is_args$args;
    }
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://localhost:8899;
    }
    access_by_lua_file /usr/share/ssowat/access.lua;
    #include /etc/nginx/conf.d/yunohost_sso.conf.inc;
    #include /etc/nginx/conf.d/yunohost_admin.conf.inc;
    #include /etc/nginx/conf.d/yunohost_api.conf.inc;
    access_log /var/log/nginx/__DOMAIN__-access.log;
    error_log /var/log/nginx/__DOMAIN__-error.log;
 }
 # redirect http to https
 server {
    if ($host ~ __DOMAIN__$ ) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    listen 80;
    listen [::]:80;
    server_name __DOMAIN__;
    return 404; # managed by Certbot
 }
--- a/conf/systemd.service
+++ b/conf/systemd.service
@ -6,9 +6,8 @@ After=network.target
 Type=simple
 User=__APP__
 Group=__APP__
-WorkingDirectory=__FINALPATH__/
+WorkingDirectory=__DATADIR__/
-ExecStart=__FINALPATH__/go-ssb-room -repo /var/lib/peachcloud/go-ssb-room -lishttp localhost:8899 -https-domain ssbroom.commoninternet.net
+ExecStart=__FINALPATH__/go-ssb-room -repo __DATADIR__/ -lishttp localhost:__PORT__ -https-domain __DOMAIN__ -lismux localhost:__SSBPORT__
 WorkingDirectory=/var/lib/peachcloud/go-ssb-room
 StandardOutput=append:/var/log/__APP__/__APP__.log
 StandardError=inherit
--- a/manifest.json
+++ b/manifest.json
@ -35,29 +35,19 @@
                "example": "example.com"
            },
            {
-                "name": "path",
+                "name": "ssb_admin_id",
-                "type": "path",
+                "type": "string",
-                "example": "/example",
+                "help": {
-                "default": "/example"
+                    "en": "This ssb_id is used as the username for the first admin of the room. Create an ssb account or use your already existing ssb account, and use your ssb public key as the room admin id."
-            },
+                },
-            {
+                "example": "@5Pt3dKy2HTJ0mWuS78oIiklIX0gBz6BTfEnXsbvke9c=.ed25519"
                "name": "admin",
                "type": "user",
                "example": "johndoe"
            },
            {
                "name": "is_public",
                "type": "boolean",
                "default": true
            },
            {
                "name": "password",
                "type": "password",
                "help": {
-                    "en": "Use the help field to add an information for the admin about this question.",
+                    "en": "Use this password to log into the admin interface for the ssb room."
-                    "fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question."
+                }
                },
                "example": "Choose a password"
            }
        ]
    }
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -11,6 +11,20 @@ pkg_dependencies=""
 # PERSONAL HELPERS
 #=================================================
 # because ssbroom requires wildcard subdomains for aliases
 # we need this custom function for creating the ssbroom nginx config
 # instead of the standard ynh_add_nginx_config
 add_ssb_room_nginx_config() {
    domain=$1
    domainregex=$(echo "$domain" | sed -r 's/\./\\\./g')
    # the sed statement above replaces all . with \.
    ynh_add_config --template="full_nginx.conf" --destination="/etc/nginx/conf.d/$domain.conf"
 }
 remove_ssb_room_nginx_config() {
    rm "/etc/nginx/conf.d/$domain.conf"
 }
 #=================================================
 # EXPERIMENTAL HELPERS
 #=================================================
--- a/scripts/change_url
+++ b/scripts/change_url
@ -81,35 +81,11 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app
 #=================================================
 ynh_script_progression --message="Updating NGINX web server configuration..." --time --weight=1
-nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
+# because ssbroom requires wildcard subdomains for aliases
-
+# we need this custom function for creating the ssbroom nginx config
-# Change the path in the NGINX config file
+# instead of the standard ynh_add_nginx_config
-if [ $change_path -eq 1 ]
+remove_ssb_room_nginx_config $old_domain
-then
+add_ssb_room_nginx_config $new_domain
 	# Make a backup of the original NGINX config file if modified
 	ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
 	# Set global variables for NGINX helper
 	domain="$old_domain"
 	path_url="$new_path"
 	# Create a dedicated NGINX config
 	ynh_add_nginx_config
 fi
 # Change the domain for NGINX
 if [ $change_domain -eq 1 ]
 then
 	# Delete file checksum for the old conf file location
 	ynh_delete_file_checksum --file="$nginx_conf_path"
 	mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
 	# Store file checksum for the new config file location
 	ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
 fi
 #=================================================
 # SPECIFIC MODIFICATIONS
 #=================================================
 # ...
 #=================================================
 #=================================================
 # GENERIC FINALISATION
--- a/scripts/install
+++ b/scripts/install
@ -25,40 +25,18 @@ ynh_abort_if_errors
 #=================================================
 domain=$YNH_APP_ARG_DOMAIN
-path_url=$YNH_APP_ARG_PATH
+path_url="/"
-admin=$YNH_APP_ARG_ADMIN
+ssb_admin_id=$YNH_APP_ARG_SSB_ADMIN_ID
 is_public=$YNH_APP_ARG_IS_PUBLIC
 password=$YNH_APP_ARG_PASSWORD
 architecture=$(ynh_detect_arch)
 ### If it's a multi-instance app, meaning it can be installed several times independently
 ### The id of the app as stated in the manifest is available as $YNH_APP_ID
 ### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...)
 ### The app instance name is available as $YNH_APP_INSTANCE_NAME
 ###    - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
 ###    - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
 ###    - ynhexample__{N} for the subsequent installations, with N=3,4...
 ### The app instance name is probably what interests you most, since this is
 ### guaranteed to be unique. This is a good unique identifier to define installation path,
 ### db names...
 app=$YNH_APP_INSTANCE_NAME
 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
 #=================================================
 ### About --weight and --time
 ### ynh_script_progression will show to your final users the progression of each scripts.
 ### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script.
 ### --time is a packager option, it will show you the execution time since the previous call.
 ### This option should be removed before releasing your app.
 ### Use the execution time, given by --time, to estimate the weight of a step.
 ### A common way to do it is to set a weight equal to the execution time in second +1.
 ### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
 ynh_script_progression --message="Validating installation parameters..." --time --weight=1
-### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
+final_path=/opt/yunohost/$app
 ### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app"
 final_path=/var/www/$app
 test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
 # Register (book) web path
@ -71,7 +49,7 @@ ynh_script_progression --message="Storing installation settings..." --time --wei
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
-ynh_app_setting_set --app=$app --key=admin --value=$admin
+ynh_app_setting_set --app=$app --key=admin --value=$ssb_admin_id
 #=================================================
 # STANDARD MODIFICATIONS
@ -80,36 +58,23 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
 #=================================================
 ynh_script_progression --message="Finding an available port..." --time --weight=1
-### Use these lines if you have to open a port for the application
+# Find an available port for web interface
 ### `ynh_find_port` will find the first available port starting from the given port.
 ### If you're not using these lines:
 ###		- Remove the section "CLOSE A PORT" in the remove script
 # Find an available port
 port=$(ynh_find_port --port=8899)
 ynh_app_setting_set --app=$app --key=port --value=$port
-# Optional: Expose this port publicly
+# Find an available port for ssb tunnels
-# (N.B.: you only need to do this if the app actually needs to expose the port publicly.
+ssbport=$(ynh_find_port --port=8008)
-# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
+ynh_app_setting_set --app=$app --key=ssbport --value=$ssbport
-# Open the port
+# Open the ssbport to the public
-# ynh_script_progression --message="Configuring firewall..." --time --weight=1
+ynh_script_progression --message="Configuring firewall..." --time --weight=1
-# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
+ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $ssbport
 #=================================================
 # INSTALL DEPENDENCIES
 #=================================================
 ynh_script_progression --message="Installing dependencies..." --time --weight=1
 ### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package.
 ### Those deb packages will be installed as dependencies of this package.
 ### If you're not using this helper:
 ###		- Remove the section "REMOVE DEPENDENCIES" in the remove script
 ###		- Remove the variable "pkg_dependencies" in _common.sh
 ###		- As well as the section "REINSTALL DEPENDENCIES" in the restore script
 ###		- And the section "UPGRADE DEPENDENCIES" in the upgrade script
 ynh_install_app_dependencies $pkg_dependencies
 #=================================================
@ -120,7 +85,6 @@ ynh_script_progression --message="Configuring system user..." --time --weight=1
 # Create a system user
 ynh_system_user_create --username=$app --home_dir="$final_path"
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
@ -139,85 +103,39 @@ chown -R $app:www-data "$final_path"
 #=================================================
 ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1
-### `ynh_add_nginx_config` will use the file conf/nginx.conf
+# because ssbroom requires wildcard subdomains for aliases
-
+# we need this custom function for creating the ssbroom nginx config
-# Create a dedicated NGINX config
+add_ssb_room_nginx_config $domain
 ynh_add_nginx_config
 #=================================================
 # SPECIFIC SETUP
 #=================================================
 # ...
 #=================================================
 #=================================================
 # CREATE DATA DIRECTORY
 #=================================================
 ynh_script_progression --message="Creating a data directory..." --time --weight=1
 ### Use these lines if you need to create a directory to store "persistent files" for the application.
 ### Usually this directory is used to store uploaded files or any file that won't be updated during
 ### an upgrade and that won't be deleted during app removal
 ### If you're not using these lines:
 ###		- Remove the section "BACKUP THE DATA DIR" in the backup script
 ###		- As well as the section "RESTORE THE DATA DIRECTORY" in the restore script
 datadir=/home/yunohost.app/$app
 ynh_app_setting_set --app=$app --key=datadir --value=$datadir
 mkdir -p $datadir
-# FIXME: this should be managed by the core in the future
+# permissions
 # Here, as a packager, you may have to tweak the ownerhsip/permissions
 # such that the appropriate users (e.g. maybe www-data) can access
 # files in some cases.
 # But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
 # this will be treated as a security issue.
 chmod 750 "$datadir"
 chmod -R o-rwx "$datadir"
 chown -R $app:www-data "$datadir"
 #=================================================
 # CREATE FIRST ADMIN USER
 #=================================================
 ynh_script_progression --message="Creating first ssbroom admin user"  --weight=1
 ynh_exec_as $app $final_path/insert-user -repo $datadir $ssb_admin_id
 #=================================================
 # SETUP SYSTEMD
 #=================================================
 ynh_script_progression --message="Configuring a systemd service..." --time --weight=1
 ### `ynh_systemd_config` is used to configure a systemd script for an app.
 ### It can be used for apps that use sysvinit (with adaptation) or systemd.
 ### Have a look at the app to be sure this app needs a systemd script.
 ### `ynh_systemd_config` will use the file conf/systemd.service
 ### If you're not using these lines:
 ###		- You can remove those files in conf/.
 ###		- Remove the section "BACKUP SYSTEMD" in the backup script
 ###		- Remove also the section "STOP AND REMOVE SERVICE" in the remove script
 ###		- As well as the section "RESTORE SYSTEMD" in the restore script
 ###		- And the section "SETUP SYSTEMD" in the upgrade script
 # Create a dedicated systemd config
 ynh_add_systemd_config
 #=================================================
 # SETUP APPLICATION WITH CURL
 #=================================================
 ### Use these lines only if the app installation needs to be finalized through
 ### web forms. We generally don't want to ask the final user,
 ### so we're going to use curl to automatically fill the fields and submit the
 ### forms.
 # Set the app as temporarily public for curl call
 ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
 # Making the app public for curl
 ynh_permission_update --permission="main" --add="visitors"
 # Installation with curl
 ynh_script_progression --message="Finalizing installation..." --time --weight=1
 ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
 # Remove the public access
 ynh_permission_update --permission="main" --remove="visitors"
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@ -225,14 +143,6 @@ ynh_permission_update --permission="main" --remove="visitors"
 #=================================================
 ynh_script_progression --message="Configuring log rotation..." --time --weight=1
 ### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
 ### Use this helper only if there is effectively a log file for this app.
 ### If you're not using this helper:
 ###		- Remove the section "BACKUP LOGROTATE" in the backup script
 ###		- Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
 ###		- As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
 ###		- And the section "SETUP LOGROTATE" in the upgrade script
 # Use logrotate to manage application logfile(s)
 ynh_use_logrotate
@ -241,46 +151,13 @@ ynh_use_logrotate
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
-### `yunohost service add` integrates a service in YunoHost. It then gets
+yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" --needs_exposed_ports $ssbport
 ### displayed in the admin interface and through the others `yunohost service` commands.
 ### (N.B.: this line only makes sense if the app adds a service to the system!)
 ### If you're not using these lines:
 ###		- You can remove these files in conf/.
 ###		- Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script
 ###		- As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script
 ###		- And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script
 yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
 ### Additional options starting with 3.8:
 ###
 ### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed
 ###                               which will then be checked by YunoHost's diagnosis system
 ###                               (N.B. DO NOT USE THIS is the port is only internal!!!)
 ###
 ### --test_status "some command"  a custom command to check the status of the service
 ###                               (only relevant if 'systemctl status' doesn't do a good job)
 ###
 ### --test_conf "some command"    some command similar to "nginx -t" that validates the conf of the service
 ###
 ### Re-calling 'yunohost service add' during the upgrade script is the right way
 ### to proceed if you later realize that you need to enable some flags that
 ### weren't enabled on old installs (be careful it'll override the existing
 ### service though so you should re-provide all relevant flags when doing so)
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --time --weight=1
 ### `ynh_systemd_action` is used to start a systemd service for an app.
 ### Only needed if you have configure a systemd service
 ### If you're not using these lines:
 ###		- Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script
 ###		- As well as the section "START SYSTEMD SERVICE" in the restore script
 ###		- As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script
 ###		- And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script
 # Start a systemd service
 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
@ -289,24 +166,14 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap
 #=================================================
 ynh_script_progression --message="Configuring permissions..." --time --weight=1
-# Make app public if necessary
+# Make app public
-if [ $is_public -eq 1 ]
+# Everyone can access the app.
-then
+# The "main" permission is automatically created before the install script.
-	# Everyone can access the app.
+ynh_permission_update --permission="main" --add="visitors"
 	# The "main" permission is automatically created before the install script.
 	ynh_permission_update --permission="main" --add="visitors"
 fi
-### N.B. : the following extra permissions only make sense if your app
+# all users can access the /admin section, with or without SSO
-### does have for example an admin interface or an api.
+# as go-ssb-room has its own authentication and user-system
-
+# which operates outside of yunohost SSO
 # Only the admin can access the admin panel of the app (if the app has an admin panel)
 ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
 # Everyone can access to the api part
 # We don't want to display the tile in the sso so we put --show_tile="false"
 # And we don't want that the YunoHost Admin can remove visitors group to this permission, so we put --protected="true"
 ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
 #=================================================
 # RELOAD NGINX
--- a/scripts/remove
+++ b/scripts/remove
@ -18,9 +18,9 @@ app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 port=$(ynh_app_setting_get --app=$app --key=port)
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+ssbport=$(ynh_app_setting_get --app=$app --key=ssbport)
 db_user=$db_name
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 #=================================================
 # STANDARD REMOVE
@ -51,14 +51,6 @@ ynh_script_progression --message="Removing logrotate configuration..." --time --
 # Remove the app-specific logrotate config
 ynh_remove_logrotate
 #=================================================
 # REMOVE THE MYSQL DATABASE
 #=================================================
 ynh_script_progression --message="Removing the MySQL database..." --time --weight=1
 # Remove a database if it exists, along with the associated user
 ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
 #=================================================
 # REMOVE DEPENDENCIES
 #=================================================
@ -75,21 +67,24 @@ ynh_script_progression --message="Removing app main directory..." --time --weigh
 # Remove the app directory securely
 ynh_secure_remove --file="$final_path"
 #=================================================
 # REMOVE DATA DIR
 #=================================================
 ynh_script_progression --message="Removing data directory..." --time --weight=1
 # Remove the data directory securely
 ynh_secure_remove --file="$datadir"
 #=================================================
 # REMOVE NGINX CONFIGURATION
 #=================================================
 ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1
 # because ssbroom requires wildcard subdomains for aliases
 # we need this custom function for creating/removing the ssbroom nginx config
 # instead of the standard ynh_add_nginx_config
 # Remove the dedicated NGINX config
-ynh_remove_nginx_config
+remove_ssb_room_nginx_config $domain
 #=================================================
 # REMOVE PHP-FPM CONFIGURATION
 #=================================================
 ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1
 # Remove the dedicated PHP-FPM config
 ynh_remove_fpm_config
 #=================================================
 # CLOSE A PORT
@ -101,13 +96,11 @@ then
 	ynh_exec_warn_less yunohost firewall disallow TCP $port
 fi
-#=================================================
+if yunohost firewall list | grep -q "\- $ssbport$"
-# REMOVE FAIL2BAN CONFIGURATION
+then
-#=================================================
+	ynh_script_progression --message="Closing ssbport $ssbport..." --time --weight=1
-ynh_script_progression --message="Removing Fail2ban configuration..." --time --weight=1
+	ynh_exec_warn_less yunohost firewall disallow TCP $ssbport
-
+fi
 # Remove the dedicated Fail2Ban config
 ynh_remove_fail2ban_config
 #=================================================
 # SPECIFIC REMOVE
@ -116,12 +109,6 @@ ynh_remove_fail2ban_config
 #=================================================
 ynh_script_progression --message="Removing various files..." --time --weight=1
 # Remove a cron file
 ynh_secure_remove --file="/etc/cron.d/$app"
 # Remove a directory securely
 ynh_secure_remove --file="/etc/$app"
 # Remove the log files
 ynh_secure_remove --file="/var/log/$app"